Unauthorised Access Is Offense, No Defense?

Source Title:
Hacker found guilty of probing tsunami website
Story Text:

I'm not a lawyer so I might have this wrong, but doesn't this kind of look like any unauthorised access of a system is an offence, whether malevolent or not and therefore there is no defence. Bit harsh? Especially as on the face of it this guy is clearly a security professioal not a nasty evil hacker?

But Judge Purdy said that, under the CMA, Cuthbert's ultimate aims, whether "malevolent or benevolent" did not bear upon the fact that "unauthorized access, however praiseworthy the motives, is an offense."

Cuthbert, 28, was sentenced at Horseferry Road Magistrates' Court in London to pay £400 ($700) in fines and to cover £600 ($1050) costs for tripping the intrusion detection system of the Disaster Emergency Committee (DEC). There were gasps in the public gallery as the verdict was handed down.

"I have no career left," he said.

In sentencing, District Judge Mr Q Purdy said that it was "with some considerable regret" that he passed down a guilty verdict, but the Act made it quite clear that Cuthbert had knowingly performed unauthorized actions against DEC's systems. Judge Purdy acknowledged that, though Cuthbert had avoided a custodial sentence, the potentially dire impact on his career may be "a heavy price to pay."

Although it did say he lied to the police..


*is* that harsh?

the majority of hackers claim to be benevolent (hah!) and if you wanted people to access your systems then you'd leave them unprotected wouldn't you?

If he contacted them first and got permission to try then that would be different but if some git sneaks into my server without my permission I don't actually care if they're a qualified security professional or the Queen I'd still like them to get slapped :)

Ok fair enough

But dont a lot of security folk do this as a kind of "mystery shopper" type exercise?

I think the problem is that

I think the problem is that next time the police go asking for help, the genuine security pros are going to be a bit lukewarm.... If they get a little overenthusiastic, and enter a system without prior, written permission they run the risk of conviction. I don't see that encouraging creative, proactive thinking in the field.

Since malicious hackers have *always* run this risk, it is of no consequence to them. Overall result, life just got easier for the bad guys. Well done the Compurt Crime Unit, top work

stupid move

it was a stupid move on his part and he got busted for it.

Concerning the guys career: In the US, people get busted for this kind of thing and they spin it to increase their marketability in infosec, is that not the case over there ?

he needed a better lawyer?

Yeah, in the US he could have done better with a better lawyer. I haven't dscovered the actual details of his attempt. What tripped the IDS or what was criminal?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.