Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tencent Security Researcher Fined For Hacking Hotel WiFi and Publishing Internal Network Credentials Online (zdnet.com)

Posted by msmash on from the "not-cool,-bro"-hotel-guys dept.

Catalin Cimpanu, writing for ZDNet: Singapore authorities have fined a Chinese security researcher with SGD$5,000 (USD$3,600) for hacking into a local hotel's WiFi system without authorization and then publishing a blog post about it, revealing passwords for the hotel's internal network. The incident took place at the end of August, this year, when Zheng Dutao, 23, of China, visited Singapore to attend the Hack In The Box conference that took place in the city. Zheng took it upon himself, without asking for permission first, to hack into the WiFi network of a Fragrance Hotel branch, where he checked in for the conference's duration. The researcher, who works for Chinese internet giant Tencent, hacked into the hotel's internet gateway system, an AntLabs IG3100 device that controls access to the WiFi network for staff and guests alike. He discovered that the device was using a factory default Telnet password, which he used to gain access to a limited shell on the device. [...] The researcher didn't report the security issues to the hotel but instead wrote a blog post about his findings, which he later shared online.

5 of 60 comments (clear)

  1. Hacked? by Nkwe · · Score: 5, Insightful

    So trying a default password on a device is "hacking" now? That makes me sad.

    1. Re:Hacked? by Anonymous Coward · · Score: 4, Insightful

      This may come as a surprise, but in a real world analogy, if a business says to you "you aren't allowed on premise" and you choose to enter any way, you can be arrested even though the doors were unlocked and open to the public. It's called trespassing. So to map real world laws to computers, even if there was no security of any kind, accessing the computer without permission would be digital trespassing and would be illegal. Even if the general public is allowed but only you were specifically forbidden.

    2. Re:Hacked? by sarren1901 · · Score: 3, Insightful

      Try going around an apartment complex "testing" doornobs and see how long before someone confronts you or just outright calls the cops. You aren't allowed to do penetration test of other peoples' property without their permission.

      Just because "its with a computer" doesn't really change anything. Someone leaving their front door unlocked doesn't mean you can come in and wander around. It's still trespassing.

      So really, the article should of said, stupid person that thinks "on a computer" doesn't count.

  2. He did publish passwords by gnasher719 · · Score: 4, Insightful

    There was no good reason for that. That's the point where it turned criminal for me. For others the point might have come earlier (I assume that he didn't cause any damage before that).

    Bad passwords are no excuse for hacking. It may be a reason to put blame on the hacked organisation as well, especially if they are supposed to keep stuff safe. But primarily it's the hacker's fault, no matter how easy it was.

    1. Re:He did publish passwords by gweihir · · Score: 3, Insightful

      I agree. And the term "security researcher" seems to be used quite inflationary these days. An actual researcher would have understood professional ethics.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.