New Zealand judge gives cracker community service
How not to do disclosure
A Brazilian ski-fields worker has been sentenced to community service in New Zealand for breaking into the network of a Queenstown backpacker lodge, the Otago Daily Times reports.
The newspaper says the judge wasn’t impressed either by Daniel Cabral Schiavini’s guilty plea, nor that he notified the Pinewood Lodge that its systems were vulnerable.
For accessing the lodge’s network between June 20 and 25, and again on June 30, Schiavini has been fined $1,670 and ordered to perform 100 hours’ of community service.
On the surface of it, Schiavini’s actions appear benign. The Otago Daily Times reports that he accessed the lodge’s systems via its WiFi network and, having accessed his own reservation, left a message for the managers that he had gained access to their system. He then told management how to fix the vulnerability, and later tested the system again on management’s request.
This would make it seem that Schiavini is an unfortunate white-hat being unfairly penalised. However, New Zealand lawyer and software developer Guy Burgess has blogged that Schiavini went beyond what’s wise.
Pinewood claims that Schiavini “broke into our encrypted wireless network, downloaded 80Gb of ‘data’, and a copy of the our database for further study. He then decided to tell us assuming that by telling us that all would be made good.”
It is, perhaps, this aspect that resulted in the Queenstown District Court judge Dominic Flatley describing the breach as “a serious crime”. ®