Feeds

Naive 'hacker' escapes punishment

Hanging on the telephone

Protecting against web application threats using SSL

Here's a cautionary tale for would-be penetration testers: get permission from a bank before you try to bill them for helping to identify and fix the security short-comings of their services. New Zealander Gerasimos Macridis, 39, learnt that lesson the hard way after his attempts to help the country's Reserve Bank in improving its telephone banking systems resulted in a court appearance.

Macridis told Wellington District Court that he was surprised that his attempts to bill the bank for unsolicited services ended up with the police, and not a cheque, arriving on his doorstep. Macridis was more guilty of naivety then mendacity, the court heard.

Macridis phoned the Reserve Bank in late May. Identifying himself as a security consultant, he explained how calls and fax messages might be intercepted overseas before requesting payment.

He also contacted Telecom New Zealand and gave a full run-down of the testing he'd done and how to fix the vulnerabilities he'd identified before again asking for a fee for his unsolicited services. Bank officials complained to the police, who raided Macridis's house on late September and seized his computer.

Questioned by police, he admitted he had no authorisation to conduct his tests but said he didn't realise he'd done anything wrong, a belief that investigators were quick to dispel. Appearing before Judge Ian Mill, Macridis pleaded guilty to intentionally accessing the Reserve Bank's telephone system without authorisation.

Prior to 1994, Macridis had racked up a number of fraud convictions making it appear to investigators that he might have been using his technical knowledge to extort money from the bank and Telecom New Zealand. But Macridis, appearing in his own defence, persuaded the judge he turned over a new leaf since then, working on a casual basis as a security consultant for Telecom New Zealand and the police, among others, over the last 11 years. He did not use the security shortcomings he discovered for personal gain or pass on the information to other, potentially less scrupulous, individuals.

Judge Mill accepted these arguments and discharged Macridis without conviction despite his earlier guilty plea. "In my view his intentions were honourable," he said. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.