Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dutch MP Fined For Ethical Hacking

Posted by Soulskill on from the dutch-politicians-apparently-have-skills dept.

An anonymous reader writes "Dutch Member of Parliament (MP) Henk Krol was fined 750 (US$1,000) by the district court of Oost-Brabant on Friday for breaking and entering the system of the Dutch medical laboratory Diagnostics for You. Krol said he entered the system as an ethical hacker to show that it was easy to access and download confidential medical information. Krol, leader of the Dutch 50plus party, accessed the systems of the laboratory with a login and password he had obtained from a patient of the clinic, who in turn had overheard the information at the laboratory from a psychiatrist that worked there ... In April last year, Krol used the login information to enter the company's Web server and subsequently viewed and downloaded medical files of several patients. He did this to prove how easy it was to get access to the systems, according to the ruling (PDF in Dutch).'"

7 of 122 comments (clear)

  1. Re:Showoff Gets Off Easy by sabri · · Score: 4, Informative

    That is an excellent summary of the judge's decision. The judge argues that by not contacting the systems administrator upon logging in, but instead making copies of confidential data, they went from white hat to black hat.

    At the same time, the judge argues, the defendant may not have had criminal intentions. So while the "hackers" crossed the line in their efforts to "expose" the bad security, they were not sent to prison as they are not criminals.

    --
    I'm not a complete idiot... Some parts are missing.
  2. Re:Head in sand by Solandri · · Score: 4, Informative
    If you read TFA, the judge's decision is quite a bit more nuanced than the summary makes it out to be:

    The court, however, agreed with Krol that the detection of defects in the protection of confidential, medical data can serve a substantial public interest. Krol said he acted as a journalist and ethical hacker at the time of the breach.

    The fact that he logged into the website and consulted some files was not unlawful, the court said. Similarly, downloading and printing the files to demonstrate the failures and scale of the security risk are defensible, it added. Krol also handled the information carefully because he redacted the printed files, the court noted.

    It was however disproportional that Krol proceeded to view and print more files than necessary to prove his point, the court said. In addition, he should have given the laboratory more time to fix the problem and should have tried to contact them more than once before he informed the media, the court said.

    Krol only knew of one employee that acted carelessly with login information. "Therefore, the problem was not so acute that immediate use of media was necessary," the court said.

    Sounds like the Dutch have some good judges exercising common sense on this issue.

  3. Re:Civil Disobedience by tompaulco · · Score: 3, Informative

    So Rosa Parks deserved to be punished?
    Breaking an unjust law to call attention to it doesn't alleviate the consequences of it. Despite what the history textbooks say, Ms. Parks was not just a random black woman who decided to make a stand. She was carefully groomed, the act was carefully planned and timed, and she was more than aware of what the consequences could be. She was likely prepared to end up a martyr. As luck would have it, she didn't have to.

    --
    If you are not allowed to question your government then the government has answered your question.
  4. Get the details!! by Aethedor · · Score: 4, Informative

    Many of you are probably missing interesting details. The login consisted of a 5 number digit with a password that was exactly the same! Another fact is that Henk Krol DID try to warn 'Diagnostiek voor U', twice! But they sent him away because 'that was not the way to report it'. He had to do it in writing. He also contacted two other governmental organisations responsible for organisations like 'Diagnostiek voor U', but they also sent him away saying it was not their problem. Henk Krol was not fined for the actual hacking, but for going to the press too soon. Come again...?

    --
    It doesn't have to be like this. All we need to do is make sure we keep talking.
  5. Re:Showoff Gets Off Easy by tsa · · Score: 4, Informative

    We don't have juries in the Netherlands.

    --

    -- Cheers!

  6. Re:Thats how civilized countries do it! by tsa · · Score: 3, Informative

    No and no. All people are equal for the law here, and the guy is quite popular so this will not cost him many votes.

    --

    -- Cheers!

  7. Re:Showoff Gets Off Easy by menno_h · · Score: 3, Informative

    For the non-Dutch: the 50plus party defends the interests of people above 50 years of age. I was quite surprised when I saw him on the Dutch news last year, showing off his "1337 h4x0r sk1llz".

    --
    AccountKiller