British cyber expert pleads guilty to creating malware | TribLIVE.com
U.S./World

British cyber expert pleads guilty to creating malware

1053780_web1_1053780-965bcead01a9470da6772ce7c1ebd602

MILWAUKEE — A British cybersecurity researcher credited with stopping a worldwide computer virus has pleaded guilty to developing malware to steal banking information.

Federal prosecutors in Wisconsin and Marcus Hutchins’ attorneys said in a joint court filing Friday that the 24-year-old agreed to plead guilty to developing malware called Kronos and conspiring to distribute it from 2012 to 2015. In exchange for his plea to those charges, prosecutors dismissed eight more.

“As you may be aware, I’ve pleaded guilty to two charges related to writing malware in the years prior to my career in security,” Hutchins said in a statement on his website . “I regret these actions and accept full responsibility for my mistakes. Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.”

Hutchins faces up 10 years in prison but could receive a more lenient sentence for accepting responsibility, the court filing said. Attorneys said Hutchins understands he could be deported.

Sentencing has not been scheduled.

Hutchins’ arrest in Las Vegas in August 2017, as he was about to board a flight to England, came as a shock; just months earlier he was hailed a hero for finding a “kill switch” to the WannaCry virus that crippled computers worldwide. At the time, he told The Associated Press in an interview that he didn’t consider himself a hero but that he was combating malware because “it’s the right thing to do.”

Prosecutors said Hutchins made incriminating statements during a two-hour interrogation, and later during a jailhouse phone call that Hutchins was told was being recorded, he told an unidentified person that he “used to write malware” years before.

“I knew it was always going to come back,” Hutchins said on the call, but that he didn’t “think it would be so soon.”

Prosecutors said in court filings that Hutchins sold the Kronos software to someone in Wisconsin and that he “personally delivered” the software to someone in California. The malware was designed “to intercept communications and collect personal information, including usernames, passwords, email addresses, and financial data” from computers, prosecutors said.

Kronos was “used to infect numerous computers around the world and steal banking information,” prosecutors said, without providing an exact number. It’s unclear how much Hutchins’ profited from creating the malware, but in online chats the FBI intercepted on November 2014, Hutchins’ lamented he had only made $8,000 from five sales. Hutchins said he thought he would be making around $100,000 annually by selling Kronos with one of his conspirators, who is not named in the indictment.

Hutchins initially pleaded not guilty to all the charges and was scheduled to go on trial in July. While his case has been pending, prosecutors barred Hutchins from returning home. He has been living in California, working as a cybersecurity consultant.

Categories: News | World
TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.