The question is if the hacker has crossed an ethical line or not.
An ethical hacker who reported serious vulnerabilities in Magyar Telekom has been arrested and faces years behind bars for “disturbing a public service.
“Magyar Telekom, a Hungarian telecommunications company, has filed a complaint against the hacker now defended by the Hungarian Civil Liberties Union (HCLU / TASZ).
In April 2018, the local media reported that the man found a serious vulnerability in the systems of the telecom provider. The company has reported these findings and both parties have met.
The idea of working together was floated but never came to fruition and the researcher continued to study the networks of Magyar Telekom.
In May, the hacker identified another vulnerability that could have been used in the publication if exploited to “access all public and retail mobile and data traffic and monitor servers.”
According to Index.hu, the first vulnerability allowed the hacker to obtain an administrator password via a public service. The second bug allowed him to “create a test user with administrative privileges.”
On the same day, the company noticed strange network activity and reported a cyberintrusion to the police, which led to the arrest of the man.
The trial has already started. The prosecution in Hungary demands a prison term while the HCLU fought back, claiming that the indictment is “incomplete “because “it’s not clear what exactly he did. ”
Magyar Telekom told Napi.hu:
“The hacker, beyond the limits of ethical hacking, launched new attacks after the first attack, and began to crack additional systems with the data he had acquired so far.”
A plea agreement was on the table. If the man admitted his’ guilt,’ he would be sentenced to two years ‘ suspension. This was denied, however, and the researcher is now accused of an upgraded crime–the “disruption of the operation of a public utility “–and could end up behind bars for up to eight years.
There was a plea deal on the table. If the man admitted his’ guilt,’ he would be sentenced to two years ‘ suspension. This was denied, however, and the researcher is now accused of an upgraded crime–the “disruption of the operation of a public utility “–and could end up behind bars for up to eight years.
Ethical hacking is often regarded as outside criminal law, because intrusions can benefit companies and society as a whole, a concept of “good faith “that is argued in the defense strategy of HCLU. However, there are still rules to be observed, such as ensuring that no private data is collected and those day-to-day operations are not interrupted by testing and testing. This encapsulates the case of the prosecutor.
Law enforcement claims that the hacker has crossed an ethical line and that his actions can be a “danger to society “and can therefore be accused under the criminal laws of the country. However, there is no evidence that the man in question ignored these rules and the company itself stated in a separate statement that the customer data was “safe and secure.”
“If someone finds an error on a Magyar Telekom Group system and reports it to Telekom immediately, they do not use it in any way (e.g. do not modify, delete, save information, etc.), cooperate with Telekom ‘s own inventory.