19 comments

[ 4.4 ms ] story [ 56.0 ms ] thread
I have a feeling this guilty plea is not actually a "guilty" plea, and more of "let's get it over with."

The guy has always called the charges "bullshit" and was asking for donations to keep up with legal costs.

This isn't how a legal system is supposed to work. You don't take a guilty plea because you run out of money.

But money can certainly help with the negotiating.
All of this smells like a prosecutor wanting a big case hit so he can advance his career.

All cyber-security firms said they never got hits for Kronos or UPAS-Kit.

The first Kronos detections came after his arrest. Go figure that! How do you charge someone for developing malware that never infected anyone?

They had hits, but they said they never registered US victims. Kronos, in its early days, was apparently seen only in Europe.
Marcus Hutchins has an extensively documented history of developing and selling malware for over half a decade https://krebsonsecurity.com/2017/09/who-is-marcus-hutchins/

It really doesn't seem very likely that the FBI fucked up here.

Yeah. As a minor. Isn't everyone given a pass for crimes committed at that age? Why the indictment then?
He was 23 when he was arrested in 2017, he certainly wasn't a minor when the events described in the indictment took place in 2014-2015.
June 1994 (age 24 years)

According to his Wikipedia page.

> I have a feeling this guilty plea is not actually a "guilty" plea, and more of "let's get it over with."

On what basis did you form this opinion? Presumably more than just the say-so of the accused.

> This isn't how a legal system is supposed to work. You don't take a guilty plea because you run out of money.

But that's not how it works. You have a right to be represented by an attorney. That's why the state and federal governments maintain a system of talented-if-overworked public defenders.

> That's why the state and federal governments maintain a system of talented-if-overworked public defenders.

...whose advice is usually "take the deal," because they're incredibly overworked and would rather get things over with, and they've long been jaded by the system.

It smells a lot like the prosecutors did what they always do with trial penalties - dump a deluge of charges and say "look, we'll throw all of the rest of them away except one or two if you take the plea deal." Fighting the charges in these situations often requires a reckless disregard for money and time, even in the case when you're completely innocent, neither of which can be recouped even upon acquittal.

This is such a common tactic that even John Oliver had to call out the bullshit: https://www.youtube.com/watch?v=ET_b78GSBUs

Hutchins was represented by a whole team of lawyers including Marcia Hofmann, whose name is on the plea agreement. He did not rely on a public defender.
That seems like a loophole. You call the charges bullshit and ask for donations, and that proves you're innocent?
A few friends and myself chipped in some money for his legal defense, taking hin at his word when he said he was innocent.

Lesson learned, I suppose.

Prison is supposed to be a punishment for people to reform their lifes.

This guy was already on the good path already. I hope he gets a suspended sentence.

In any case, this sends a clear message that attending US cybersecurity conferences are now a huge risk for foreigners, which means there's a opportunity for either European or Canadian versions of these conferences or create a alternative to them. Been saying this for years and it's no different here.
You heard about when FBI tips various national EU police and together they go and arrest the hacker on EU territory, right?

One example:

> Five individuals have been arrested as part of an investigation into two major ransomware families - CTB-Locker and Cerber - that spread across Europe and the U.S. in recent years. All suspects were arrested in Romania, Europol announced Wednesday, as six properties were searched as part of a major global police operation involving the FBI and the UK National Crime Agency, as well as Romanian and Dutch investigators.

You can read Attachment A of the plea agreement to see an overview of the DOJ's case. It does not seem weak.

https://www.courtlistener.com/recap/gov.uscourts.wied.77855/...

In particular: they have multiple sources who communicated directly with Hutchins about selling Kronos, and selling Kronos through his co-conspirator Vinnie. Those sources provided online chat transcripts. They also have a partial confession from Hutchins on the day of his arrest.