Slashdot Mirror
Judge Refuses To Convict Hacker
Jake96 writes "A judge in Wellington, New Zealand, declined to convict a man who ran an unrequested security audit on a bank's phone systems and was charged with 'intentionally accessing a computer system knowing he was not authorized to,' according to an article in the New Zealand Herald."
Stupid court results?? I thought that was the norm in the US so why would it set a precedence?
Maybe you should read what this guy actually did. he intruded into a banks phone system (without permission), performed a security audit (again without permission), and then tried to get the bank to pay for his work. If I was the bank I would be taking this bastard to court too. how would you feel if someone turned up at your house did some work then sent you a bill all without you requesting anythign be done. The fact that the bank has a security issue is a side note here, they should be hiring a "reputable" security firm to look at there systems.
At least it shows efficient legal process.
Macridis had telephoned the Reserve Bank on May 30, introducing himself as a security consultant.
The Reserve Bank made a complaint to police, who searched Macridis' house on September 21 and seized his computer.
Ok, a bit slow there - four months - but maybe the bank did some research on the flaws first. And the wheels of Big Business turn pretty slow....
Gerasimos Macridis, 39, appeared in the Wellington District Court on Wednesday - the 27th - on one charge of intentionally accessing a computer system without authorisation.
A little over a week from when the police took his computer, to when he appeared in court.
They presumably searched it, did all the legal paperwork, had the weekend off, etc.
Not much crime in Wellington lately? Or are they normally this speedy?
You are in a twisty maze of processor lines, all alike.
There is a lot of hype here.
It doesn't matter that he didn't threaten to make the vulnerabilities public, he disclosed that he knew of the vulnerabilities to the bank, which instantly creates the knowledge that there _ARE_ vulnerabilities that somebody else might potentially try to uncover and exploit. The bank's only recourse is to fix those vulnerabilities, and the only way they will discover what vulnerabilities were uncovered is if they pay the guy.
Whether or not it was his intention, this soooo looks like extortion.
File under 'M' for 'Manic ranting'
Actually, it's a bit more serious than that. The bank http://www.rbnz.govt.nz/ who's phone system he compromised is an approximate functional equivilant of the US Federal Reserve http://www.federalreserve.gov/ (but quite a bit smaller).
He's very lucky he did it in NZ where it appears that the courts consider him stupid rather than malicious. In other countries he might get charged with terrorism related offenses or worse.
Fast, cheap & reliable. Pick two.
Imagine this: A man walks up to your house while you're gone and tests each lock on every door and window. He finds a way to break in -- but claims that he hasn't. Then he sends you a letter saying he knows your security vulnerabilities and requests payment for that knowledge.
Is it better or worse that he actually walked around inside your house?
Breaking and entering != robbery. Still illegal, of course, but generally you have to actually steal something to have stolen something (probably not always the case with some of the idiots we have in black robes, but that's another matter). As simple as it would make things, crimes aren't generic and thus you must be charged with the correct one in order to be convicted of it (I would hope). The poster I originally replied to just used the wrong one in his example. Or translated it poorly or something. Dunno, but looking around without permission certainly isn't theft.
How are sites slashdotted when nobody reads TFAs?
Except that instead of giving you a rectal exam, he molested your daughter, exploded your favourite hockey team's home town with NUCLEAR WEAPONS, and stole your glasses.
Care to provide any justification for why your analogy isn't just an arbitrary construction designed to suit your position?
These are information systems. Not cars, not windshields, and not the doctor's office. Discuss the actual question, not stupid analogies.
http://outcampaign.org/
And there's still another difference --
You either charge for the information, or you give the information and then request to be paid.
FTFA, it appears that he told them what the problems were before asking for money. More honerable, even.
That case is so much BS. I know the UK law can be pretty fascist, but that judgement makes no sense at all. Im so tempted to start doing the same hack on my own sites until I get "caught".
..is telephone system considered an information system? I think I missed something.
I actually applaud the NZ courts. The man could have used the information to commit fraud, steal sensitive/valuable information and sell it to the highest bidder and make a whole lot of money but instead he chose to go directly to the bank and ASK for payment.
So he had a sure way to make money, but instead he ASKS for money AFTER revealing the security flaw. If you ask me, the bank suffered from bruised ego syndrome and wanted some sort of revenge. It's nice to see that the bank didn't get what it wanted.
It's not the destination that matters, but rather the journey.