Skip to Content

Is the Hacker Hutchins a Good Guy or Bad Guy?

A version of this post originally appeared in the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter.

Here we go again. The FBI arrested a prominent hacker in Las Vegas this week, and the Internet is in an uproar. There’s talk of malicious prosecution and fear the arrest will chill security research.

Well maybe. But first we should figure out what happened.

If you missed it, the hacker in question is a young Brit named Marcus Hutchins. He became famous this year after stopping a wave of ransomware, known as WannaCry, that was spreading across the globe. His action helped halt attacks that froze millions of computers, including those at schools and hospitals.

Hutchins is considered a hero for that. But here’s the thing: In 2014 and 2015, prior to his WannaCry heroics, the FBI says Hutchins created and sold a notorious piece of malware, known as Kronos, designed to steal people’s banking information. If the accusations are true, Hutchins engaged in some serious criminal behavior.

Nonetheless, many on Twitter and in the media see the arrest as a case of injustice. Some have pounced on a legal analysis of the indictment to say the charges are unfair or overreaching. Others allege this wouldn’t have happened if he was back in Britain. And so on.

All of this has a familiar ring to it, and stems in part from past injustice against hackers: Who can forget the Justice Department’s cruel prosecution of Aaron Swartz, which drove the young genius to suicide in 2013? Critics also rightfully worry about the feds’ use of vague and outdated hacking laws.

Unfortunately, the tech and hacker community is also quick to cry injustice every time a popular Internet figure is arrested—even if they’ve done very bad things. Examples include ongoing sympathy for Silk Road founder Ross Ulbricht (aka the Dread Pirate Roberts) and Kim Dotcom, a gangster-like figure who engaged in massive copyright theft and is attempting to use a cult-of-personality to avoid extradition.

In the case of Marcus Hutchins, it’s too soon to pass judgment. We don’t know all the facts yet. But just because he stopped WannaCry doesn’t give him a free pass to commit bank fraud (if that’s what he did) any more than a heroic deed will excuse a gunman from robbing a convenience store.

The hacker community needs to take a breath. Some prosecutions may be unjustified but that doesn’t mean hackers should never go to jail.