Marcus Hutchins, a security researcher known for helping stop the destructive WannaCry ransomware, plead guilty to hacking crimes on Friday.
Hutchins was accused of writing a banking malware called Kronos in 2014, after he finished high school. The researcher was arrested in Las Vegas after attending the hacker conference Def Con in 2017. Days later, he plead not guilty in a Milwaukee courtroom. He was scheduled to be tried this summer.
But on Friday, Hutchins plead guilty to two counts of hacking. According to the guilty plea, each of these counts carries a maximum sentence of 5 years, $250,000 in fines and up to 1 year of supervised release.
Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com
In a Twitter direct message, Hutchins declined to comment. The researcher posted a brief statement on his blog, where he announced the guilty plea.
“I regret these actions and accept full responsibility for my mistakes,” Hutchins wrote. “Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.”
His case had captivated the infosec community, which was shocked to see the feds go after Hutchins just weeks after he found a killswitch that stopped the worm’s spread.
When he was fighting the charges last year, Hutchins called them “bullshit” and asked his followers to donate to his legal defense, raising thousands of dollars to pay for lawyers.
Listen to CYBER, Motherboard’s new weekly podcast about hacking and cybersecurity.