The particulars of Marcus Hutchins’ indictment last week on charges the WannaCry hero three years ago wrote a banking Trojan have created another divisive information security storyline.

While experts in the community rallied over the weekend to raise funds for his bond and wrote letters of support to the judge on his behalf, others pumped the brakes and cautioned that MalwareTech may have indeed crossed an ethical and legal line.

Former DoJ prosecutor Ed McAndrew of Ballard Spahr of Washington, D.C., said he agreed that writing malware in and of itself is not a crime but that the intent for which it’s created and what is done after it’s created—such as advertising it on criminal forums or distributing it to others who may use it for criminal gain—could make it a crime.

“When you create malware knowing and intending to use it to harvest credentials and commit acts of fraud, then you crossed a line,” McAndrew said.

Read the full article here. Subscription may be required.

Related Practice