# Security researcher MalwareTech pleads guilty **zdnet.com/article/security-researcher-malwaretech-pleads-guilty/** [Home Innovation Security](https://www.zdnet.com/) WannaCry hero faces up to ten years in a US prison. Written by Catalin Cimpanu, Contributor on April 19, 2019 ----- 170516 marcus hutchins 053757c5d7b478ad58c9943067fc7e5247ce nbcnews ux 2880 1000.jpg [Marcus Hutchins, also known as @MalwareTechBlog. (Image: file photo)](https://twitter.com/MalwareTechBlog) ## Security [My Instagram account was hacked, and two-factor authentication didn't help](https://www.zdnet.com/article/my-instagram-account-was-hacked-and-two-factor-authentication-didnt-help/) [The 5 best browsers for privacy: Secure web browsing](https://www.zdnet.com/article/best-browser-for-privacy/) [Stop doing these 10 things that let hackers in, says FBI and NSA](https://www.zdnet.com/article/fbi-and-nsa-say-stop-doing-these-10-things-that-let-the-hackers-in/) [What is a cybersecurity degree?](https://www.zdnet.com/education/computers-tech/cybersecurity-degree/) [How to delete yourself from search results and hide your identity online](https://www.zdnet.com/article/how-to-delete-yourself-from-internet-search-results-and-hide-your-identity-online/) Marcus "MalwareTech" Hutchins, the British security researcher known for stopping the WannaCry ransomware outbreak, has pleaded guilty today to writing malware in the years prior to his prodigious career as a malware researcher. ----- eg et t ese act o s a d accept u espo s b ty o y sta es, utc s ote a state e t posted o s ebs te a g g o up, I've since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks." ### Up to ten years in prison According to [court documents obtained by ZDNet, Hutchins pleaded guilty to two counts, and the government agreed to drop the other eight.](https://www.scribd.com/document/406846769/MalwareTech-Guilty-Plea) He pleaded guilty to entering a conspiracy to create and distribute malware, and in aiding and abetting its distribution. For each count, Hutchins faces up to five years in prison, up to $250,000 in fines, and up to one year of supervised release. [US authorities arrested Hutchins at the Las Vegas international airport in August 2017, when the researcher was trying to return home to the](https://www.zdnet.com/article/researcher-who-stopped-wannacry-outbreak-arrested-in-us/) UK after participating at the Black Hat and DEF CON security conferences. Hutchins was charged with developing the Kronos and UPAS-Kit malware strains --two banking trojans. He was also charged with working with a co-conspirator --identified only as "Vinny," "VinnyK," and "Aurora123"-- to advertise and sell the two malware strains online. This happened between July 2012 and September 2015, before Hutchins built a career as a talented security researcher. ### Controversial case [Hutchins' arrest was controversial, and for many reasons. He argued that he was detained and interrogated while sleep-deprived and](https://news.sky.com/story/nhs-hero-marcus-hutchinss-team-to-suppress-transcript-evidence-11374936) intoxicated, and that FBI agents misled him about the true intentions of the interrogation. Further, his lawyers also argued that Hutchins' actions happened while he was still a minor, and outside the standard five-year statute of limitations. [The prosecution responded by piling new charges --such as developing the UPAS-Kit trojan (he was initially only charged with developing the](https://www.bleepingcomputer.com/news/legal/us-piles-new-charges-on-marcus-hutchins-aka-malwaretech/) [Kronos malware) and with lying to the FBI during his interrogation. These later charges were deemed ludicrous by some US legal experts.](https://www.emptywheel.net/2018/06/06/to-pre-empt-an-ass-handing-the-government-lards-on-problematic-new-charges-against-malwaretech/) Ultimately, [Hutchins' team failed in their attempt to suppress statements made during the FBI's interrogation following his arrest, and his case](https://arstechnica.com/tech-policy/2019/02/malwaretech-loses-bid-to-suppress-damning-statements-made-after-days-of-partying/) was locked for a jury trial in Madison, Wisconsin. Hutchins' sentencing hearing has not been set. ## See als [10 dangerous app vulnerabilities to watch out for (free PDF)](https://www.techrepublic.com/resource-library/whitepapers/10-dangerous-app-vulnerabilities-to-watch-out-for-free-pdf/?ftag=CMG-01-10aaa1b) ### Helping the infosec community After his arrest, Hutchins has been released on bail and has been living in Los Angeles while awaiting trial. He was prohibited from working for his employer, US-based cyber-security firm Kryptos Logic, but Hutchins has turned his focus on sharing his malware analysis skills with the rest of the information security (infosec) community. Over the course of the past one and a half year, Hutchins has been publishing written and video malware analysis tutorials. He is considered one of today's most talented security researchers. **Data leaks: The most common sources** ### Related malware and cybercrime coverage: -----