Feeds

Tsunami hacker convicted

Fine + costs for Daniel Cuthbert

3 Big data security analytics techniques

Daniel James Cuthbert was convicted today of breaking Section 1 of the Computer Misuse Act of 1990 by hacking into a tsunami appeal website last New Year's Eve.

District Judge Mr Quentin Purdy said: "For whatever reason Mr Cuthbert intended to secure access, in an unauthorised way, to that computer...it is with some considerable regret...I find the case proved against Mr Cuthbert." He was fined £400 for the offence and must pay a further £600 in costs.

Cuthbert, 28, of Whitechapel, London, told Horseferry Road Magistrates Court yesterday that he had made a donation on the site, but when he received no final thank-you or confirmation page he became concerned it may have been a phishing site, so he carried out two tests to check its security. This action set off an Intruder Detection System in a BT server room and the telco contacted the police.

The prosecution made an application for costs but declined to seize Cuthbert's Apple notebook on which the offences were committed. They made no further claim for compensation.

The defence asked for some sort of discharge because the case came close to "strict liability" - it was his responsibility but not his "fault". Mr Harding, for the defence, said: "His reasoning was not reprehensible. He was convicted because of the widely-drafted legislation that could catch so many."

Mr Purdy, speaking to Cuthbert in the dock, said: "I appreciate the consequences of this conviction for you are considerably graver than any I can impose. But you crossed an inappropriate line, time and expense was expended and anxiety caused. That aside, the price may be a heavy one for you to pay." Cuthbert lost his job as security consultant at ABN Amro as a result of his arrest and has only recently been able to find work.

DC Robert Burls of the Met's Computer Crime Unit said afterwards: "We welcome today's verdict in a case which fully tested the computer crime legislation and hope it sends a reassuring message to the general public that in this particular case the appropriate security measures were in place thus enabling donations to be made securely to the Tsunami Appeal via the DEC website."

Peter Sommer, who was an expert witness for the defence, said he thought the judge had a good understanding of the issues involved but "took a very strict view of the wording of the legislation." Sommer added that he thought the policing of minor offences should "not involve taking people to court but rather talking, warning and slapping wrists."

Asked if he thought the verdict would make it harder for the police to get help and cooperation from security professionals Sommer said: "It will certainly make them more wary."

Speaking after the verdict an upset Daniel Cuthbert told the Reg: "They've now set the bar so high that there should be thousands of convictions for people doing things like these. There will be lot of anger from security professionals and the police will find it harder to get help in future."

Cuthbert is considering a career outside the IT industry.

For the full text of Section 1 of the Act click here.

®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.