Feeds

Tsunami hacker convicted

Fine + costs for Daniel Cuthbert

Top three mobile application threats

Daniel James Cuthbert was convicted today of breaking Section 1 of the Computer Misuse Act of 1990 by hacking into a tsunami appeal website last New Year's Eve.

District Judge Mr Quentin Purdy said: "For whatever reason Mr Cuthbert intended to secure access, in an unauthorised way, to that computer...it is with some considerable regret...I find the case proved against Mr Cuthbert." He was fined £400 for the offence and must pay a further £600 in costs.

Cuthbert, 28, of Whitechapel, London, told Horseferry Road Magistrates Court yesterday that he had made a donation on the site, but when he received no final thank-you or confirmation page he became concerned it may have been a phishing site, so he carried out two tests to check its security. This action set off an Intruder Detection System in a BT server room and the telco contacted the police.

The prosecution made an application for costs but declined to seize Cuthbert's Apple notebook on which the offences were committed. They made no further claim for compensation.

The defence asked for some sort of discharge because the case came close to "strict liability" - it was his responsibility but not his "fault". Mr Harding, for the defence, said: "His reasoning was not reprehensible. He was convicted because of the widely-drafted legislation that could catch so many."

Mr Purdy, speaking to Cuthbert in the dock, said: "I appreciate the consequences of this conviction for you are considerably graver than any I can impose. But you crossed an inappropriate line, time and expense was expended and anxiety caused. That aside, the price may be a heavy one for you to pay." Cuthbert lost his job as security consultant at ABN Amro as a result of his arrest and has only recently been able to find work.

DC Robert Burls of the Met's Computer Crime Unit said afterwards: "We welcome today's verdict in a case which fully tested the computer crime legislation and hope it sends a reassuring message to the general public that in this particular case the appropriate security measures were in place thus enabling donations to be made securely to the Tsunami Appeal via the DEC website."

Peter Sommer, who was an expert witness for the defence, said he thought the judge had a good understanding of the issues involved but "took a very strict view of the wording of the legislation." Sommer added that he thought the policing of minor offences should "not involve taking people to court but rather talking, warning and slapping wrists."

Asked if he thought the verdict would make it harder for the police to get help and cooperation from security professionals Sommer said: "It will certainly make them more wary."

Speaking after the verdict an upset Daniel Cuthbert told the Reg: "They've now set the bar so high that there should be thousands of convictions for people doing things like these. There will be lot of anger from security professionals and the police will find it harder to get help in future."

Cuthbert is considering a career outside the IT industry.

For the full text of Section 1 of the Act click here.

®

Combat fraud and increase customer satisfaction

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.