
Marcus Hutchins Stopped WannaCry – He Deserves a Pardon - js2
https://www.nytimes.com/2019/04/25/opinion/marcus-hutchins-wannacry.html
======
armitron
Keep in mind that Hutchins had no idea what registering the domain would do at
the time of registration. It was pure dumb luck that it turned out for the
best, it could very well have been a disaster. In fact he even admits that he
went through a panic phase after domain registration where he thought he'd
triggered the malware [1]. Which makes all the "He's a hero" articles bogus if
not amusing to say the least.

"After about 5 minutes the employee came back with the news that the
registration of the domain had triggered the ransomware meaning we’d encrypted
everyone’s files (don’t worry, this was later proven to not be the case), but
it still caused quite a bit of panic."

This nytimes article is just terrible. Absolutely terrible. Sarah Jeong should
be ashamed. After this and the way she treated Naomi Wu [2], I don't think I'm
going to be giving her any journalistic credence.

[1] [https://www.malwaretech.com/2017/05/how-to-accidentally-
stop...](https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-
global-cyber-attacks.html)

[2] [https://medium.com/@therealsexycyborg/shenzhen-tech-girl-
nao...](https://medium.com/@therealsexycyborg/shenzhen-tech-girl-naomi-wu-my-
experience-with-sarah-jeong-jason-koebler-and-vice-magazine-3f4a32fda9b5)

~~~
cjbprime
> Hutchins had no idea what registering the domain would do

This doesn't seem like a good faith reading of the situation. The blog post
you link to as a source for this claim describes how he was doing something
he'd done thousands of times before in the service of tracking and disabling
botnets, and that he considered it to be his job. But you make it sound like
he was a total amateur who saw a domain name string and registered it on a
whim with no intuition as to whether it would be more likely to do something
helpful or harmful.

It sounds like he did in fact know a lot about what he was doing, such that he
could make sensible inferences under uncertainty in the middle of a time-
sensitive crisis. That's the best we ever get to expect from someone.

~~~
armitron
That's exactly what he did, registered the domain on a whim with no actual
facts to back his decision. I think that much is obvious.

My reading of the situation is also based on additional data that's public if
you care to look. His skill level and intuition can be extrapolated if you
watch a few of his youtube videos. Or if you happened to talk with him on IRC.
You'd realize he's little more than a script kiddie.

Hutchins is not what he has been portrayed as by the media.

~~~
cjbprime
It seems weird to simultaneously argue that he shouldn't get a pardon because
he's a dangerous hacker, and also that when he was being a dangerous hacker he
was just a skill-less script kiddie kid.

~~~
armitron
There are lot of script kiddies in the malware-for-profit business, it doesn't
take a lot of skill really. He's not at the bottom of the barrel but he's
definitely not very far from it.

------
lowpro
As much as I like Malwaretech, and followed him long before WannaCry was
around, stopping malware isn't a reason for a pardon.

Arresting him by waiting until he came to the US rather than issuing when they
knew they wanted him should be a reason, or the fact that when the crimes were
commited he was a minor. But being famous for stopping malware is no reason to
pardon someone.

All the best to him though, I still can't believe it's legal to detain people
for so long without a trial.

~~~
nradov
Pardons can be issued for any reason, or no reason. They are entirely at the
discretion of the executive

~~~
reitzensteinm
Parent was arguing whether or not a pardon _should_ be made, not whether it
_could_ be made, which or more or less orthogonal.

------
goatsi
I see many infosec individuals supporting Marcus out of the idea that many
have dabble in black hat activities in the past, and that exploration and
"playful" hacking shouldn't result in years of prison time. However I feel
that carding and fraud should not be seen in the same light. Marcus has
admitted to creating malware with the sole goal of immiserating many to enrich
himself and his co-conspirators. You don't code webinjects for the thrill of
surpassing security.

------
asdfasgasdgasdg
I normally really like what Sarah Jeong has to say but . . . I don't think
typically criminals get pardons just because they do something nice later on
in life? And I mean not that later on either? Would he deserve a pardon if he
had gone and worked all day in a soup kitchen for two years? On some level,
that would actually demonstrate a higher level of altruism, because stopping
Wanna Cry was definitely in his own personal best interest -- his fame as a
result has surely been good for business.

>But Mr. Hutchins, had no stomach for an interminable fight, and pleaded
guilty last week to two counts under the Computer Fraud and Abuse Act and the
Wiretap Act,

How do we know that it's not just because he thought he was most likely to be
convicted and didn't want to roll the dice?

Also, I apologize for derailing my own comment, but what is up with the
grammar in that paragraph and the one before. "amid complex legal questions
that could have gone been appealed"? I've never seen an NYT piece with this
many errors.

~~~
zamalek
> I don't think typically criminals get pardons just because they do something
> nice later on in life?

It is this very question that the article poses, and it goes so much deeper
than merely tech. "Do the sins of your past define you as a person today?"

Abraham Lincoln was likely raised as a racist and likely believed in racism
for at least the decade that his parents' beliefs dominated his. Clearly his
actions redeemed not only himself, but humanity; and I therefore believe that
the person _today_ is the more important person.

I've seen countless examples of people who have said stupid shit in the 90's
or the 00's, who have changed their ways, who have been slaughtered by the
larger internet. If you are to be ridiculed by Earth, why change your ways at
all? Lose if you do, lose if you don't. If change is the goal, why attack
people who actually change?

I struggle with my biases daily, I learned them from the South African
government, but by hell I will better them and forget them. I am not the same
person today as I was yesterday, nor are you and nor is Hutchins.

~~~
asdfasgasdgasdg
Reform is only one of the four major reasons for incarceration. You've
addressed that he's reformed, and I'll stipulate that he has for the purpose
of this discussion. I don't think that alone is enough that we should give him
a pass. Plenty of people reform before they are convicted of any crime. Most
murderers would never reoffend and sincerely regret their actions. But nobody
speaks of letting them skip jail solely on this basis.

------
caprese
People that hacked and released NSA exploit: still free

People that weaponized NSA exploit and released Wannacry bitcoin ransom: still
free (I think?)

People that weaponized NSA exploit for Monero mining: richer than Wannacry
creator and still free

People that made silly exploit at NSA: still free

Moral of the story is dont get caught.

------
clubm8
He's gotta get in line between Edward Snowden and Reality Winner

~~~
nikehat
Snowden can't be pardoned since he hadn't been convicted.

~~~
jlgaddis
I wasn't around then but, if I'm not mistaken, Nixon hadn't been convicted
when Ford pardoned him shortly after assuming the Presidency.

 _ETA:_ According to Wikipedia [0]:

> _The pardon may be granted before or after conviction for the crime,
> depending on the laws of the jurisdiction._

It seems that, in the U.S. at least, one _can_ be preemptively pardoned.

[0]:
[https://en.m.wikipedia.org/wiki/Pardon](https://en.m.wikipedia.org/wiki/Pardon)

------
HeWhoLurksLate
Here's a mirror, courtesy of me reading a lot:

[http://archive.is/HYwbc](http://archive.is/HYwbc)

------
lawnchair_larry
This is low quality writing. And the author seems ignorant of the subject
matter. I expect better from the New York Times.

~~~
spectramax
Please elaborate a little more as your criticism is unsubstantiated.

~~~
dx87
The article makes it seem like he's a hero who was intent on stopping
WannaCry, so should be pardoned for crimes he commited when he was younger.
The reality is that he had no idea what registering the hard coded domain name
would do, and got lucky that it was an ineffective method of VM detection that
was effectively a kill switch. For all he knew, registering the domain name
could have made the malware self-destruct and delete all the encrypted data.
People shouldn't be pardoned for accidentally doing something good.

~~~
pvaldes
> People shouldn't be pardoned for accidentally doing something good.

Following the same reasoning we should remove the nobel prize to Alexander
Fleeming because trying it was "just good luck". In the end we would all live
in a ungrateful and miserable society.

This sends a strong message that you must care just for your own problems and
let the other people fall, or you have a fair probability of be punished by
being a smartass

