The British computer hacker who helped stop a major cyber-attack affecting the NHS in 2017 has avoided a jail sentence in the US over malicious hacking charges. In April, 25-year-old Marcus Hutchins pleaded guilty to two charges of making malicious software, or malware. Prosecutors alleged that the malware let cyber-criminals steal online banking details from internet users.
Hutchins admitted to creating two programs known as Kronos and UPAS Kit. Since Hutchins’ arrest in 2017, he has remained in the US on bail. The judge presiding at Hutchins’ hearing, JP Stadtmueller, said that the 25-year-old would face one year of supervised release.
However, he would be allowed to return to the UK and would not have to pay any fines. Hutchins had faced a maximum sentence of 10 years in prison. In court documents filed earlier this year, investigators acknowledged that Hutchins, known online as MalwareTech, was no longer involved in creating malware.
He created Kronos and UPAS Kit between 2012 and 2015 but later switched towards ethical hacking and cyber-security research. US prosecutors argued Hutchins still bore responsibility for his actions. This did not seem to sway the judge who praised Hutchins for “turning a corner” during sentencing at the court in Milwaukee, Wisconsin.
Hutchins, from Ilfracombe in Devon, was credited with discovering a “kill switch” for the WannaCry ransomware, which hit the NHS and many other organisations around the world in May 2017. Three months later, he was arrested by the FBI before boarding a flight from Las Vegas to the UK.
He had been attending the Def Con cyber-security conference in the city. On the day before his sentencing, Hutchins tweeted a message of thanks to supporters who had sent character reference letters to the court on his behalf. “It means so much!” he wrote. Previously, in a statement published on his website in April, Hutchins said he wrote the malware before he began his career in cyber-security. “I regret these actions and accept full responsibility for my mistakes,” he said.
“Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.”