This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.nytimes.com/2019/04/25/opinion/marcus-hutchins-wannacry.html
The article has changed 3 times. There is an RSS feed of changes available.
| Version 1 | Version 2 |
|---|---|
| The WannaCry Hero Deserves a Pardon, Not a Conviction | |
| (about 8 hours later) | |
| In May 2017, a cyberattack called WannaCry infected hundreds of thousands of computers across 150 countries. Among the victims: FedEx, the French carmaker Renault, the Russian Interior Ministry and Britain’s National Health Service. The effect on the health service was particularly devastating: ambulances were diverted, patient records were inaccessible, surgical procedures were canceled, telephone calls could not be received. | In May 2017, a cyberattack called WannaCry infected hundreds of thousands of computers across 150 countries. Among the victims: FedEx, the French carmaker Renault, the Russian Interior Ministry and Britain’s National Health Service. The effect on the health service was particularly devastating: ambulances were diverted, patient records were inaccessible, surgical procedures were canceled, telephone calls could not be received. |
| In the midst of all of this, Marcus Hutchins, then a 22-year-old British security researcher, stumbled upon a “kill switch” in the WannaCry code — and slammed the brakes on a global crisis. “The kill switch is why the U.S. hasn’t been touched so far,” one expert told The Times then. | In the midst of all of this, Marcus Hutchins, then a 22-year-old British security researcher, stumbled upon a “kill switch” in the WannaCry code — and slammed the brakes on a global crisis. “The kill switch is why the U.S. hasn’t been touched so far,” one expert told The Times then. |
| WannaCry is a variant of ransomware, a type of malware that locks down a computer and forcibly encrypts its data until a ransom is paid. The 2017 outbreak highlighted two things: first, the dismal state of computer security in I.T. systems around the world, and second, the acceleration of cyberwarfare. According to American authorities, North Korea was behind the WannaCry attack; the motive was to throw its enemies’ economies into disarray. Those behind WannaCry itself used an exploit — a weakness in software wielded as a cyberweapon — developed by and stolen from the United States’ National Security Agency by a Russia-linked group called the Shadow Brokers. | WannaCry is a variant of ransomware, a type of malware that locks down a computer and forcibly encrypts its data until a ransom is paid. The 2017 outbreak highlighted two things: first, the dismal state of computer security in I.T. systems around the world, and second, the acceleration of cyberwarfare. According to American authorities, North Korea was behind the WannaCry attack; the motive was to throw its enemies’ economies into disarray. Those behind WannaCry itself used an exploit — a weakness in software wielded as a cyberweapon — developed by and stolen from the United States’ National Security Agency by a Russia-linked group called the Shadow Brokers. |
| It’s against this dizzying backdrop that a young man from rural England halted a worldwide disaster. Although he took great pains to stay anonymous, he did not succeed once the British tabloids took an interest in the person who stopped WannaCry. After his unmasking, Mr. Hutchins was hailed as a “hero” and became the toast of the cybersecurity industry. He was on his way back home from Defcon, one of the oldest and biggest hacking conferences in the world, when he was arrested at the Las Vegas airport on Aug. 2, 2017. | It’s against this dizzying backdrop that a young man from rural England halted a worldwide disaster. Although he took great pains to stay anonymous, he did not succeed once the British tabloids took an interest in the person who stopped WannaCry. After his unmasking, Mr. Hutchins was hailed as a “hero” and became the toast of the cybersecurity industry. He was on his way back home from Defcon, one of the oldest and biggest hacking conferences in the world, when he was arrested at the Las Vegas airport on Aug. 2, 2017. |
| As it turned out, Mr. Hutchins had dabbled in the dark arts as a minor, continuing up until the age of 20, when he reversed course and dedicated himself to legitimate activities, like research. The United States attorney in the Eastern District of Wisconsin charged him with writing and conspiring to sell malware — specifically, the Kronos banking trojan, known to have attacked banks in France, Britain and India. The case has dragged out for two years, amid complex legal questions that could have been appealed. But Mr. Hutchins had no stomach for an interminable fight and pleaded guilty last week to two counts under the Computer Fraud and Abuse Act and the Wiretap Act, each carrying a maximum sentence of five years’ imprisonment. | As it turned out, Mr. Hutchins had dabbled in the dark arts as a minor, continuing up until the age of 20, when he reversed course and dedicated himself to legitimate activities, like research. The United States attorney in the Eastern District of Wisconsin charged him with writing and conspiring to sell malware — specifically, the Kronos banking trojan, known to have attacked banks in France, Britain and India. The case has dragged out for two years, amid complex legal questions that could have been appealed. But Mr. Hutchins had no stomach for an interminable fight and pleaded guilty last week to two counts under the Computer Fraud and Abuse Act and the Wiretap Act, each carrying a maximum sentence of five years’ imprisonment. |
| The acts that he has pleaded to are ignoble. Kronos did serious damage, and in his plea agreement, Mr. Hutchins acknowledges that he was a witting conspirator to sell the malware. Neither does he attempt to raise the defense that his “black hat” past was necessary to become a “white hat” hero, even if that line resonates with the hacker community and popular culture at large. According to his lawyers, he rejects that line of thinking, calling it “a misnomer.” | The acts that he has pleaded to are ignoble. Kronos did serious damage, and in his plea agreement, Mr. Hutchins acknowledges that he was a witting conspirator to sell the malware. Neither does he attempt to raise the defense that his “black hat” past was necessary to become a “white hat” hero, even if that line resonates with the hacker community and popular culture at large. According to his lawyers, he rejects that line of thinking, calling it “a misnomer.” |
| Mr. Hutchins is not likely to receive a heavy sentence, but even a sentence without any prison time will come with consequences. He has been released on bail since 2017, residing in the United States on an expired tourist visa while waiting for his case to be resolved. That in itself will likely make it difficult to return to the United States in the future, and the felony will hamper his movements further. | Mr. Hutchins is not likely to receive a heavy sentence, but even a sentence without any prison time will come with consequences. He has been released on bail since 2017, residing in the United States on an expired tourist visa while waiting for his case to be resolved. That in itself will likely make it difficult to return to the United States in the future, and the felony will hamper his movements further. |
| If he hadn’t risen to global prominence, Mr. Hutchins would most likely have never been charged with his crimes. His conviction sends the wrong message about whether or not it pays to mend your ways and, when the moment comes, to do the right thing. | If he hadn’t risen to global prominence, Mr. Hutchins would most likely have never been charged with his crimes. His conviction sends the wrong message about whether or not it pays to mend your ways and, when the moment comes, to do the right thing. |
| As the world comes to rely on computer systems more and more, cybersecurity is increasingly a matter of life and death. But we only rarely see expertise deployed in an indisputably heroic way, amid rerouted ambulances and disabled hospital telephone lines. WannaCry never struck the same kind of havoc in the United States that it did in Britain, and we have Mr. Hutchins to thank for it. | As the world comes to rely on computer systems more and more, cybersecurity is increasingly a matter of life and death. But we only rarely see expertise deployed in an indisputably heroic way, amid rerouted ambulances and disabled hospital telephone lines. WannaCry never struck the same kind of havoc in the United States that it did in Britain, and we have Mr. Hutchins to thank for it. |
| For that reason, the justice system should show him mercy. But for stopping a North Korean cyberattack in its tracks, mercy is not enough — Marcus Hutchins should be pardoned. | For that reason, the justice system should show him mercy. But for stopping a North Korean cyberattack in its tracks, mercy is not enough — Marcus Hutchins should be pardoned. |
| The Times is committed to publishing a diversity of letters to the editor. We’d like to hear what you think about this or any of our articles. Here are some tips. And here’s our email: letters@nytimes.com. | The Times is committed to publishing a diversity of letters to the editor. We’d like to hear what you think about this or any of our articles. Here are some tips. And here’s our email: letters@nytimes.com. |
| Follow The New York Times Opinion section on Facebook, Twitter (@NYTopinion) and Instagram. | Follow The New York Times Opinion section on Facebook, Twitter (@NYTopinion) and Instagram. |