Feeds

Naive 'hacker' escapes punishment

Hanging on the telephone

5 things you didn’t know about cloud backup

Here's a cautionary tale for would-be penetration testers: get permission from a bank before you try to bill them for helping to identify and fix the security short-comings of their services. New Zealander Gerasimos Macridis, 39, learnt that lesson the hard way after his attempts to help the country's Reserve Bank in improving its telephone banking systems resulted in a court appearance.

Macridis told Wellington District Court that he was surprised that his attempts to bill the bank for unsolicited services ended up with the police, and not a cheque, arriving on his doorstep. Macridis was more guilty of naivety then mendacity, the court heard.

Macridis phoned the Reserve Bank in late May. Identifying himself as a security consultant, he explained how calls and fax messages might be intercepted overseas before requesting payment.

He also contacted Telecom New Zealand and gave a full run-down of the testing he'd done and how to fix the vulnerabilities he'd identified before again asking for a fee for his unsolicited services. Bank officials complained to the police, who raided Macridis's house on late September and seized his computer.

Questioned by police, he admitted he had no authorisation to conduct his tests but said he didn't realise he'd done anything wrong, a belief that investigators were quick to dispel. Appearing before Judge Ian Mill, Macridis pleaded guilty to intentionally accessing the Reserve Bank's telephone system without authorisation.

Prior to 1994, Macridis had racked up a number of fraud convictions making it appear to investigators that he might have been using his technical knowledge to extort money from the bank and Telecom New Zealand. But Macridis, appearing in his own defence, persuaded the judge he turned over a new leaf since then, working on a casual basis as a security consultant for Telecom New Zealand and the police, among others, over the last 11 years. He did not use the security shortcomings he discovered for personal gain or pass on the information to other, potentially less scrupulous, individuals.

Judge Mill accepted these arguments and discharged Macridis without conviction despite his earlier guilty plea. "In my view his intentions were honourable," he said. ®

Next gen security for virtualised datacentres

More from The Register

next story
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.