Lauri Love and Gary McKinnon's lawyer, UK supporters rally around Marcus Hutchins

Take a plea deal and come home quick, opines East London meeting

Got Tips? 81 Reg comments
Marcus Hutchins, aka MalwareTechBlog. From his Twitter account

Marcus Hutchins’ British supporters believe his best chance of getting home within the next few years is to accept a plea deal with US prosecutors, some of them opined last night.

Nobody present appeared to seriously believe that Hutchins is guilty, but knowledge of the US legal system's slant against defendants did not appear to inspire confidence.

At a meeting in east London’s Newspeak House – an activist hub for “political technologists” – a small gathering discussed Hutchins’ plight after the 23-year-old was arrested by the FBI a week ago as he returned home from Las Vegas’ DEF CON hacking conference.

Hutchins was released on a $30,000 bail bond on Monday and is currently thought to be making his way to Milwaukee to answer charges of selling malware online. As we reported earlier this week, Hutchins’ bail conditions include a total ban on using the internet.

Naomi Colvin, of activist support organisation the Courage Foundation, described Hutchins’ bail conditions as “really debilitating … a lot of his friends and colleagues will be people he mainly communicates with online.”

Colvin also mentioned fundraising efforts for Hutchins to cover both legal fees and his living expenses. As he entered the US on a tourist visa, Hutchins is unable to work. Tarah Wheeler, a US infosec activist who is co-ordinating the fundraising efforts, said on Twitter a few days ago that so far the public had raised $12,000 for Hutchins.

Karen Todner, the solicitor instructed by various Britons charged by American authorities with cyber-crimes, said at the meeting: “There’s nothing any of us can do to get him back here. 98 per cent of people charged in America take a plea deal. The sentence can be six or seven times longer if [the defendant pleads not guilty but is] found guilty.”

Todner has not been instructed by Hutchins and was giving her personal view of his situation.

Some of Hutchins’ other friends and supporters objected to the pessimistic view of the room as a whole. They were supported by alleged hacker Lauri Love, who said: “We all have an interest in this being done correctly. The UK does have a responsibility to its citizens when they’re abroad.”

One who spoke to El Reg and asked not to be named speculated that US authorities may be trying to “flip” Hutchins into becoming an informant: “They’ll pressure him. Young lad, security researcher with contacts...”

Another friend of Hutchins told us: “I’d be surprised if the US didn’t know who Marcus is. I don’t know how that would work but there he was on the BBC, etc, [at the time of the WannaCry outbreak], it seems shady. Do we stop trusting our side? Take one step wrong and...” He shrugged.

Hutchins’ first friend chipped in again: “Criticising the system is not helpful. If you don’t want to live under that system, don’t go there.”

In a statement made shortly after his arrest, Hutchins’ MP, Peter Heaton Jones (Conservative, North Devon), said: “I accept the UK cannot interfere in the judicial process of another country, and I make no judgement about the case against Marcus one way or another. However, people who know him in Ilfracombe, and in the wider cyber-community, are astounded at the allegations against him. This is particularly so given his role in helping to protect the NHS and many other institutions from what could have been a devastating cyber-attack just a few months ago.”

As reported everywhere, Hutchins was the man who stopped the NHS-slaying WannaCry/WnnaCrypt malware outbreak of May this year. While reverse-engineering the ransomware’s binary, he noticed that it “phoned home” to a particular web domain which nobody else had registered. Upon registering it himself, with the intention of analysing what the malware did when it connected to the site, he found that the domain’s simple existence acted as a kill-switch once WannaCry detected its existence.

He also provided GCHQ with data about WannaCry via its public-facing offshoot, the National Cyber Security Centre. We have asked the NCSC for comment and will update this article if we hear back from them.

A Foreign Office spokesman said: "We are in contact with the local authorities in Las Vegas following the arrest of a British man, and are providing support to his family.”

The next hearing in the Hutchins case will take place on Monday 14 August in Milwaukee, at 10am local time. ®

Sponsored: How to simplify data protection on Amazon Web Services


Biting the hand that feeds IT © 1998–2020