Cover image for Marcus Hutchins and America's Plea Deal Problem

Marcus Hutchins and America's Plea Deal Problem

kuhnertdm profile image Derek Kuhnert ・5 min read

[Note: I am not a lawyer, and this is not legal advice. If you get legal advice from a blog post, there is no helping you.]

Yesterday, a court response document was filed in the state of Wisconsin, dismissing various motions by Marcus Hutchins to make evidence invalid in his ongoing trial in which he is charged with conspiracy to violate federal law, violating the Wiretap Act, violating the Computer Fraud and Abuse Act, and lying to the FBI.

In this document is an admission that the government is attempting to do something that shines a light on the currently degrading state of due process in the United States.


Marcus Hutchins (who typically communicates under the brand "Malware Tech") is a malware researcher, specializing in reverse engineering of malware. If you remember the WannaCry ransomware epidemic, Hutchins was the researcher who discovered that the malware was checking its environment by trying to ping an unregistered domain. He subsequently stopped that initial strain by registering the domain, tricking the malware worldwide into thinking it was being studied in a sandbox, and thus, shutting down.

Hutchins was arrested on August 27, 2017 in the United States, where he was visiting for DEF CON, a conference for security researchers. The charges against him were for creating software in 2014 that would later be adapted for use as Kronos (the famous banking trojan), after he sold the original software online in 2015. Whether or not the software at the time of purchase was actually "illegal" in its own right is in question outside of courts, but due to the circumstances of the case, that is no longer really relevant legally.

After Hutchins was arrested, he was questioned by FBI agents, at which time he made statements indicating that he wrote "a banking trojan", which the court took as an admission of guilt for writing Kronos.

The New Information

Hutchins' drama has been ongoing since his pretrial motions in March, in which he essentially attempted to say that his interview with the FBI should not be valid evidence. He continued for months to fight against the validity of that evidence, stating:

  • He was intoxicated and sleep-deprived when he signed the form acknowledging his knowledge of his Miranda rights and waiving his right for a lawyer to be present during the interview.

  • The waiver was later modified by the prosecution (by changing the date listed), so the waiver used as evidence was not agreed to by Hutchins as shown.

  • He was coerced into signing the waiver.

  • It was harder for him to understand his rights because he was not a US citizen (he lived in the UK), and was only visiting when he was arrested.

He later also fought the charges specifically, stating:

  • He did not intend for the software to be used in the way it was used.

  • The software is not a "device" as required to violate the Wiretap act.

  • Several of the charges are for the same crime.

The response linked at the top of this article goes through the court's reasoning for denying every one of these objections. The reasoning used is legally valid, unfortunately for Hutchins.

However, a particular paragraph in the "Background and Procedural History" section of the response admits something that people familiar with the US legal system have been suspecting for a while now: The government actively tries to force people into plea deals.

Throughout the course of this case, the parties discussed potential resolution short of trial. When those discussions proved unsuccessful, the government sought, and the grand jury returned, a ten-count superseding indictment on June 5, 2018. Doc. #86. The superseding indictment expanded the conspiracy count (Count One), asserted additional violations of the Wiretap Act and CFAA, added a count of conspiracy to commit wire fraud, and added a count of lying to the FBI. Doc. #86.

This paragraph makes it clear that the superseding indictment (which added more charges to the initial list) was filed because Hutchins wouldn't take the plea deal they wanted him to.

Plea Deals

For those not familiar, a plea deal is a legal technique that prosecutors will commonly use to settle a case with minimal court proceedings. Suppose you are being charged with "Charge A", which brings with it up to 10 years in prison. The prosecution will come to you out of court and offer you a deal, in which you plea guilty to "Charge B", which only brings 1 year in prison. The idea is that the prosecution technically wins, because you plead guilty, but the prosecution doesn't have to do any work in actually proving that you did anything wrong.

This is also commonly used at times in which the prosecution doesn't have much of a case for themselves. If they can't prove you committed the crime of Charge A (either because you actually didn't do it, or because there just isn't enough evidence out there), they could just convince you to only take 1 year in prison, negating the risk that you could potentially be thrown in for 10 years. This is essentially a scare tactic used against those who don't understand how courts work.

How it Relates to Hutchins and the Software Dev Industry

This is a particularly interesting situation, because after Hutchins said "no" to the plea deal, the prosecution decided to charge him with more things. This is NOT typical of how plea deals work, and is effectively an even stronger scare tactic, and could even be seen as retaliation for the defendant not just giving up, or even trying to force the defendant to plea guilty against their own wishes, if they don't have the resources to defend against all the new charges.

When we're dealing with security and malware laws, it's actually kind of easy for a prosecutor to attempt this. Computer security and malware is just not understood by most of the world, and that's how we get laws that can be arbitrarily used for a broad spectrum of offenses. This makes it really easy for one action (e.g. making a piece of software) to break the law in 10 different ways. And that number could arbitrarily increase on the whims of the prosecution, because the laws are so broad.

Regardless of the validity of the original claims against Hutchins, the fact is that the government is trying to force him to just give up and quit using the court in the way it was intended to be used, to force the prosecution to prove that the defense committed a crime.


I think the immediate solution in all of this is to push to clarify malware and hacking laws. We're already making progress in trying to add reasonable exceptions to hacking laws for the use of aiding law enforcement and protecting your own data. There should be further effort taken to restrict the wording and interpretation of these laws, to make sure you can't just keep slapping charges on someone for the same thing.

Another important action would be trying to stop prosecutors from adding more charges in retaliation against exercising one's rights. Unfortunately, Hartman v. Moore set a precedent in the US supreme court in 2006, showing that you would have to prove the charges to be without probable cause in order to sue because of this. However, that was specifically regarding retaliation against exercising one's first amendment rights. Could it be possible to break the precedent when it comes to exercising one's fourth and fifth amendment rights, as they are more relevant to court proceedings in general? It probably wouldn't come of this case, but it's interesting to think about.

In short, the Marcus Hutchins case highlights a major issue in the court system right now, and hopefully something will come of the recent admission that the government was acting in retaliation to Hutchins's exercising of his rights.

Posted on by:

kuhnertdm profile

Derek Kuhnert


Infosec consultant, speedrunner, music producer, cool dude


markdown guide

Also, this is relevant (for US legal system). The advice in this video goes against my normal instincts -- to be open and cooperative -- but this video makes a lot of sense.


This is an excellent presentation and everyone should watch it on repeat.


This reminds me (loosely) of the story in Michael Lewis’ Flashboys in the lack of mutual agreement or understanding on how software is used and re-used.

Good read: amazon.com/Flash-Boys-Wall-Street-...


Nice article. Sad thing but looks like someone doing a career. Guy came to the summit and suddenly criminal case was appeared from nothing, how I understood he never has been warn by US authorities. So, attackers are still free, random guy goes in prison. FBI guys fit new ranks - good job.


Great concise article on what i am sure is vastly more complex topic in detail.
This is what infuriates me a lot about the current status of American politics. There are a great many actual important issues that need laws and legal concepts formed around, how responsible are the VW engineers who programmed the work around emissions testing what about their managers, what about hte guy who just did the code review; are the software engineers who work at Uber legally liable for that death, how responsible is a guy/gal who made code for the next person to use it in a bad way? Almost all tech laws are vastly out of date and weren't that well designed to begin with. Wiretap legislation to get people for Malware issues...really? Why not just throw in RICO violations too?
While I hate clicking that dang "accept" for cookies now bc of GDPR, is something like that an actual good thing. Cambridge Analytical....um yeah how do you think FB/Google make money on free services, they are selling your digital self, what property rights do I have to my digital self? Nope we will get endless Russian collusion or Build the Wall antics instead....its easier.


Well written and thoughtful, thank you!