Judge Refuses To Convict Hacker

Jake96 writes "A judge in Wellington, New Zealand, declined to convict a man who ran an unrequested security audit on a bank's phone systems and was charged with 'intentionally accessing a computer system knowing he was not authorized to,' according to an article in the New Zealand Herald."

Can this set a precedent here in the States?

[defile]

I hope so.

Re:Can this set a precedent here in the States?

[Typhon100]

Except that instead of washing your windshield, he got into your car, pulled down your pants and gave you a rectal exam.

You don't "unintentionally" hack into a bank's phone system.

Re:Can this set a precedent here in the States?

[Fordiman]

You don't 'unintentionally' wash someone's windshield, either. But guess what: indications of a vulnerable system are about as easy to see as a dirty windscreen, if you're looking. No invasion necessary.

Now, quick question, when did I use the word 'unintentionally' in my post, as you seem to be implying?

Re:Can this set a precedent here in the States?

[Zooka]

''He committed no intentional crime. He was identified a security flaw, and provided this info to the bank before asking for money. Sure, it's a little like the guy who washes your windshield at a sopt light asking for money, but it's far from dishonest.

If the bank were a computer company with the present mindset, the bank would get to work on fixing the problem, and he'd have been ignored when he asked for cash, rather than prosecuted.''

I don't want someone evaluating my security unless I ask them to, just as I don't want anyone ''washing'' my windshield unless I ask them to. Both are trespasses. That being said, I suppose that if there was a strong case that the hacker's intentions were purely honorable (if he was unlikely to be attempting extortion), then perhaps I wouldn't want to render punishment that could have a devastating impact on their life. But given this man's past criminal record, (even if his record has been clean for the past 10 years), I would not have been so lenient. The severity of the punishment I'd render would depend upon factors such as how aggressively he demanded payment. Anyhow, I don't think it's safe to say his intentions were ''far from dishonest'' after only reading the article (which is clearly light on details).

Re:Can this set a precedent here in the States?

[russ1337]

What is funny is the court and judge didnt share your point of view.

"Researcher" was stupid

[Gemini_25_RB]

I see absolutely no problem with someone analyzing the security of a network and relaying the results to the owners of the network. According to the article, the "researcher", Macridis, checked the network and then tried to sell the results to the owners, _after_ already accessing the network. Seems a little bass ackward.

Re:"Researcher" was stupid

[StrongAxe]

I spent an hour walking around your house and found that you had some unlocked doors. Please pay me $5000 and I will tell you where they are, rather than your enemies.

is blackmail.

I spent an hour walking around your house and found that you had the following unlocked doors... Please pay me $50 for one hour's work.

is a bill for professional services rendered.

Not a good way to do business

[BadAnalogyGuy]

More than anything, this guy is a business dumbass for doing the work and providing the results before even a contract was drawn up. Because of this strange sequence of events (providing vulnerability information before being requested), all of a sudden his generous offer looks more like extortion than altruism.

His background with fraud (though 10 years prior) sullies his reputation even further.

It's not a crime to be a dumbass. At least not in NZ, apparently.

Re:Not a good way to do business

[BadAnalogyGuy]

It still sounds dangerously close to extortion. What happens to the data if the bank decides not to hire him? The bank was right to have him arrested, IMO. The judge was right to acquit him.

Stupid.

[Kid+Zero]

In other words, I can break into your house and wander around, take notes then leave. When I come to the door later, I can bill you for the "Security Consultation" and not be charged for robbery.

Great! ...and they call Americans silly? This one's off the chart.

Borderline scam?

[Louis+A.+J.]

While he didn't do anything illegal, I would be very surprised to receive a bill for a service I didn't request. His actions weren't illegal but his method of doing business definitely leaves something to be desired. Although his decision to not broadcast the bank's weaknesses to the public could be viewed as integrity, it could also be calculated business sense. It doesn't sound like someone I would choose to do business with.

Would you honestly pay for a service you weren't told you were receiving and didn't ask for if you were billed for it?

Re: Why does this supprise people?

[revolu7ion]

You can't expect to get paid for work you weren't asked to do. Sure he incurred expenses, that he wasn't asked to incur by anyone but himself. If he truly had integrity, he would tell the bank and leave it at that. Not try to get money from it. That doesn't help his case of having a pure motive.

MAYDAY MAYDAY

[copponex]

Lawyer 131236716723: Shit. This is not good.

Lawyer 216421934614: What?

Lawyer 131236716723: They didn't throw this guy in jail who broke some technicality against a major corporation.

Lawyer 216421934614: WHAT?

Lawyer 131236716723: I'm serious! New Zealand! That fucking judge forgot how hard it is to pay off an SL500 and those student loans on a measly $70,000 starting salary!

Lawyer 216421934614: Look, I know you're new here, but this is America. We've got the RIAA, MPAA, not to mention all the lobbying to be done in DC. I mean, those Native Americans don't rip themselves off, eh? Plus, we've got so many laws on the book that someone, somewhere isn't doing something right, and who gets to prosecute?

Lawyer 131236716723: Lawyers?

Lawyer 216421934614: And who gets to defend?

Lawyer 131236716723: Lawyers!

Lawyer 216421934614: And who gets to judge?

Lawyer 131236716723: Former lawyers elected by other lawyers!

Lawyer 216421934614: And who makes the law?

Lawyer 131236716723: Former lawyers who have even less ethical concerns than other lawyers, lobbied by lawyers! Thanks, Bill... I was starting to worry!

He was asking for it....

[Bitsy+Boffin]

sorry, but this guy was asking for trouble. Firstly, it wasn't just any old bank, it was the Reserve Bank (http://en.wikipedia.org/wiki/Reserve_Bank_of_New_ Zealand), secondly, when he discovered this flaw he didn't just tell them about it, he said basically "I found a flaw, now pay me money".

You don't mess with the systems controlling an entire countries economy, and then demand money for it, if you do, well, Darwin would like a word with you.

Re:Um, Exposing a problem is not CREATING a proble

[tomhudson]

The judge was an idiot - what this guy did was just a new twist on the old "send them a bill and hope they pay at" scam.

A man who accessed the Reserve Bank's telephone systems to find security weak spots then billed the bank for his unsolicited services told the Wellington District Court he was surprised when police questioned him about his actions.

Gerasimos Macridis, 39, a researcher, represented himself in court before Judge Ian Mill.

Macridis pleaded guilty to one charge of intentionally accessing a computer system knowing he was not authorised to do so.

Police prosecutor Colin McGilivray told the court Macridis had telephoned the Reserve Bank on May 30, introducing himself as a security consultant.

He outlined problems with the bank's telephone system, then requested payment for providing the information. He also contacted Telecom and asked for payment, outlining testing he had conducted, vulnerabilities he had found and ways these could be fixed.

This is the same sort of scam that boiler-room ops do all the time - sending bills for unsolicited ad space in non-existent magazines, etc.

The guy is scum. The judge was out to lunch on this one.

Lets put it in terms slashdotters can understand ... someone does a pen test of your web site, and sends you a description of what they found, plus a bill for their unsolicited :advice" ... even though you didn't ask them to try to do any penetration testing and you never heard of them before ...

Or someone tries to break into your house, then sends you a description of all the "security weaknesses" they found, plus a bill for their time.

Just because its a phone system doesn't make it any less an attempted con job.

Re:Um, Exposing a problem is not CREATING a proble

[lubricated]

Yeah I get something similar from charities sending me mailing labels every Christmass and then charging me for them. I also get mail in the form of a check only when you look at the small print it's a loan. Yeah it's all bullshit. Usually legal though.

Re:Um, Exposing a problem is not CREATING a proble

[sjames]

Lets put it in terms slashdotters can understand ... someone does a pen test of your web site, and sends you a description of what they found, plus a bill for their unsolicited :advice" ... even though you didn't ask them to try to do any penetration testing and you never heard of them before ...

Tell him you aren't going to give him a penny, but thanks for the free security audit!

The judge's decision came from a correctional view of the justice system there rather than the punitive model used in the U.S. (despite the U.S. tendancy to falsely call prisons correctional facillities). That is, the judge believed that the process of justice up to that point had already convinced the defendant not to do it again and the free security audit was adequate restitution.