A British cybersecurity researcher who was arrested in the US for historic hacking offenses has been spared jail time.
Marcus Hutchins, 25, sprang to fame in 2017 when he discovered a “kill switch” which helped to mitigate the impact of the infamous WannaCry worm.
However, a few months later things turned sour after he was arrested by police whilst attending Black Hat/Def Con in Las Vegas.
On bail since that time, Hutchins pleaded guilty back in April to two counts of creating and spreading malware. According to that plea, between July 2012 and September 2016, he helped create and, in partnership with another, sell malware known as UPAS-Kit and Kronos.
This malware was subsequently used in attacks to steal consumer banking log-ins and other details.
Hutchins’ lawyers had argued that he was still technically a child when he committed those felonies, and that he was now using those same skills “for constructive purposes.” They also claimed that some of the evidence against Hutchins should be inadmissible as he wasn’t fully aware of his rights at the time of interview.
Judge JP Stadtmueller appears to have agreed that Hutchins has "turned a corner." The Devon man will now be allowed to return to the UK, and is not liable for any fines. He was facing a 10-year stretch if found guilty but will now be required only to complete a year of supervised release.
The judge has gone even farther, and recommended that his lawyers look into securing a pardon from the US state, as he does not have the power to grant one.
“@marciahofmann and I are thrilled that the judge recognized the important contributions @MalwareTechBlog has made to keeping the world secure and let him go home a free man. It’s been a true honor to represent him,” wrote Brian Klein of Baker Marquart LLP.
“Without precedent and more than appropriately, the judge even suggested @MalwareTechBlog explore a pardon. @marciahofmann and I plan to do so.”