Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Marcus Hutchins: British computer expert who helped shut down NHS cyberattack admits criminal charges in US

Hacker, known as Malwaretech, says he regrets actions and will continue ‘keeping people safe from malware attacks’

Emma Snaith
Tuesday 23 April 2019 09:57 BST
Comments
Marcus Hutchins was once hailed a hero for helping to shut down the WannaCry cyberattack that crippled the NHS
Marcus Hutchins was once hailed a hero for helping to shut down the WannaCry cyberattack that crippled the NHS

A British computer expert once hailed as a “hero” for helping shut down the WannaCry cyberattack that crippled the NHS has pleaded guilty to criminal charges in the US.

Marcus Hutchins, who is also known as Malwaretech, has admitted two charges related to writing malware, court documents show.

Writing on his website, Mr Hutchins said he regretted his actions and “accepted full responsibility for my mistakes”.

“Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes,” he wrote.

“I will continue to devote my time to keeping people safe from malware attacks.”

Mr Hutchins achieved global fame in May 2017 after working from a room in his family home in Devon to defeat the WannaCry ransomware attack, which crippled the NHS and spread to computers in 150 countries.

But months later he was arrested by FBI agents in a first-class lounge at McCarran International Airport in Las Vegas as he waited to board a flight back to the UK.

He had been attending the Def Con conference – one of the world’s biggest hacking and security gatherings.

A federal indictment unsealed in Wisconsin accused Hutchins of creating a form of malware called Kronos, and then conspiring between July 2014 and July 2015 to advertise and sell it on internet forums.

Documents from the court in Wisconsin read: “The malware was designed to target banking information and to work on many types of web browsers, including Internet Explorer, Firefox and Chrome.

Cyber attack hit 200,000 victims across 150 countries, says Europol chief

“Since 2014, Kronos has been used to infect numerous computers around the world and steal banking information.”

Both counts carry maximum punishments of five years in prison and fines of up to $250,000 (£190,000).

The case has been condemned by critics who argue that researchers often work with computer code that can be deployed for malicious purposes.

Hutchins told the Press Association that sentencing is “yet to be scheduled”.

Additional reporting by PA

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in