The British security researcher who helped stop the NHS-crippling malware attack has been urged to take a plea bargain when he appears in a US court on hacking charges.
Marcus Hutchins was arrested in Las Vegas last week and charged with developing Kronos – malware allegedly designed to steal banking logins and other financial information.
The case is unrelated to the WannaCry attack that struck the NHS in May, for which Mr Hutchins gained worldwide attention after he detected a kill switch that effectively disabled the virus.
Karen Todner, the lawyer who helped fellow alleged hacker Gary McKinnon beat extradition to the US, advised Mr Hutchins to do a deal with American officials – whether or not he’s guilty.
She told Sky News: My view would be to get him back here as quickly as possible, and if that involves taking a plea agreement, he should take it.
The lawyer was speaking at a meeting of hackers and technologists in east London, who are planning how to support Mr Hutchins.
Ms Todner added: Marcus was the hero that saved (us from) the WannaCry virus that affected the NHS a few months ago – he literally did save the NHS.
If people feel passionately about the work he did, what they can do is write letters of support.
Lauri Love, a security researcher who is currently fighting extradition to America for allegedly hacking the US department of defence and other organisations, told of his shock, alarm and immediate concern and worry for Mr Hutchins.
Mr Love, whose extradition appeal will be heard at the High Court later this year, said: Being in the US federal justice system is the thing that I’ve been trying to avoid for the last two years and (will) continue fighting to avoid in my High Court appeal, simply because it’s not a place you want to be.
In Marcus’s case, he’s facing charges for which there’s been no evidence shown yet, but he could face sentences of up to 40 years.
Whereas in the UK he would have a much more proportionate treatment – it’s unlikely the charges would ever be brought, it’s unlikely he’d be convicted.
We’ve had this meeting to come up with ideas of how to support him and hopefully get him back to the UK as soon as possible, so that he can continue his invaluable work in security.
The east London meeting highlighted the ambiguities raised by the case of a respected security researcher being accused of creating malicious software.
One attendee, who asked to remain anonymous, said: You have to understand there’s going to be a number of people who are going to be quite torn.
A number of people who day in, day out try to battle these threats.
They’re going to be saying ‘I don’t know whether he’s guilty or not guilty, whether they do have a case’.
Mr Hutchins will appear in court in the US on Monday, where he is set to plead not guilty to six charges relating to the development and sale of banking malware.