The British surfer who saved the world from a devastating cyberattack in 2017 was sentenced to time served after pleading guilty to building and selling malware to hackers in the years before his self-taught computer-security skills gained him fame worldwide.
Marcus Hutchins was sentenced Friday by U.S. District Judge Nancy Joseph in Milwaukee, Wisconsin. He pleaded guilty in April to two counts related to his marketing and distribution of malware called Kronos and UPAS, which his customers used to steal the bank details of unsuspecting victims around the world. Hutchins was arrested in July 2017 after he traveled to the U.S.
Prosecutors acknowledged in a July sentencing document that the case involved a “unique mix of aggravating and mitigating circumstances,” given that Hutchins, in May 2017, stopped the WannaCry attack that crippled organizations from Britain’s National Health Service to Deutsche Bahn in Germany and Renault SA factories across Europe. Even so, the U.S. said, Hutchins committed serious crimes of his own that can’t be ignored.
“He did so because, put simply, he wanted to make money,” the government said in the July filing. “It is this darker side of Hutchins’s life that brings him before the court for sentencing in this case.”
Hutchins also filed a sentencing memorandum in the case, but it was sealed by the court at his request.
He thanked the judge in a post on Twitter following the sentencing.
Sentenced to time served! Incredibly thankful for the understanding and leniency of the judge, the wonderful character letter you all sent, and everyone who helped me through the past two years, both financially and emotionally.
“Without precedent, but more than appropriately, the judge suggested Marcus seek a pardon,” Hutchins’s lawyer Brian Klein said in a statement. “We plan to explore those opportunities.”