Marcus Hutchins, the computer security researcher who helped stopped a cyberattack in 2017, has pleaded guilty to writing malware years before he became a hacking hero.
Hutchins, who is best known by his MalwareTech alias, held a pivotal role in stopping the global spread of the WannaCry ransomware, which rapidly spread and infected computers in May 2017.
Once the malicious worm infects a Windows computer, it encrypts files on the hard drive, making it impossible for uses to access. It then demands a ransom payment to be paid in bitcoin to decrypt the files.
The worm spread from computer to computer sans any interaction from users. As WannaCry shutdown computers worldwide, Hutchins found the domain that triggered a developed-created kill switch that prevented the worm from spreading. He ensured the kill switch remains activated to prevent the malware from spreading again.
Arrested For Creating And Selling Malwares
Hutchins' heroic acts were tarnished when he was arrested by FBI agents in August 2017 at the McCarran International Airport in Las Vegas. He was heading back home to the UK at the time after attending the Def Con, one of the world's biggest hacking and security gatherings.
He has been held in the United States since his arrest.
The 24-year-old was charged for creating Kronos, a banking trojan that stole online bank account passwords from computers. More charges were later filed over claims that Hutchins created another malware called UPAS Kit, and that he worked with a co-conspirator to advertise and sell the two malware strains online.
These activities happened years while Hutchins was still a minor and were not related to WannaCry.
Faces Up To 10 Years In Prison
In a plea agreement filed with the Eastern District of Wisconsin. Hutchins agreed to plead guilty to two of the 10 counts. The rest of the charges were dropped. The security researcher may face up to 10 years in prison for the two charges, and fined up $250,000.
In a statement posted on his website, Hutchins said he regrets his actions and takes full responsibility for his mistakes.
"I've pleaded guilty to two charges related to writing malware in the years prior to my career in security," Hutchins wrote. "Having grown up, I've since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks."