Student Exposes Bad Police Encryption, Gets Suspended Sentence (podcrto.si) 172
An anonymous reader shares a story about Dejan Ornig, a security analyst in Slovenia who warned the Slovenian police department about vulnerabilities in their supposedly secure communication system TETRA in 2013. (Here's Google's English translation of the article, and the Slovenian original.)
He discovered that the system, which was supposed to provide encrypted communication, was incorrectly configured. As a result lots of communication could be intercepted with a $25 piece of equipment and some software. To make matters worse, the system is not used just by the police, but also by the military, military police, IRS, Department of Corrections and a few other governmental institutions which rely on secure communications.
After waiting for more than two years for a reaction, from police or Ministry of Interior and getting in touch with security researchers at the prestigious institute Jozef Stefan, he eventually decided to go public with his story... The police and Ministry of interior then launched an internal investigation, which then confirmed Ornig's findings and revealed internal communications problems between the departments... Ornig has been subject to a house search by the police, during which his computers and equipment that he used to listen in on the system were seized. Police also found a "counterfeit police badge" during the investigation. All along Ornig was offering his help with securing the system.
On May 11th Ornig received a prison sentence of 15 months suspended for duration of three years, provided that he doesn't repeat any of the offenses for which he was found guilty (illegal access of the communications system). He can appeal this judgment.
After waiting for more than two years for a reaction, from police or Ministry of Interior and getting in touch with security researchers at the prestigious institute Jozef Stefan, he eventually decided to go public with his story... The police and Ministry of interior then launched an internal investigation, which then confirmed Ornig's findings and revealed internal communications problems between the departments... Ornig has been subject to a house search by the police, during which his computers and equipment that he used to listen in on the system were seized. Police also found a "counterfeit police badge" during the investigation. All along Ornig was offering his help with securing the system.
On May 11th Ornig received a prison sentence of 15 months suspended for duration of three years, provided that he doesn't repeat any of the offenses for which he was found guilty (illegal access of the communications system). He can appeal this judgment.
Hm... (Score:5, Insightful)
Is it my imagination or is this student's real crime making public figures look bad?
Re: (Score:3)
Re: (Score:3, Insightful)
Do we know this isn't one of those plastic badges that come with various Halloween outfits and it may have belonged to his kid brother or something like that?
Re: (Score:3)
Do we know this isn't one of those plastic badges that come with various Halloween outfits and it may have belonged to his kid brother or something like that?
According to the article, possession of a imitation police badge was the basis for the criminal charge. A badge from a Halloween costume or cereal box wouldn't warrant a charge by itself unless the person used it while pretending to be a cop, which would be a charge of "under color of authority" in the US.
Re: (Score:2)
According to the article, possession of a imitation police badge was the basis for the criminal charge.
No idea about the translated article, but the Slovenian says the following:
1) IT system breach
2) Forgery (fake badge), pretending to be policeman multiple times in 2010 and 2014 (not between, in)
3) Unlawful audio recording
All those are criminal charges.
Re: (Score:2)
#1 can be argued under the guise of penetration testing / security research, #3 is a side effect of that (I don't know how much he recorded but he would have needed some proof that he managed to tap into the system).
#2 makes me cautious about this person's character and I agree is a prosecutable offence but if 1 & 3 are charges he got hit with and they stuck the message that got sent is don't alert the authorities sell the hack as a zero day.
Re: (Score:2)
Yeah, I'm not arguing any of that, just saying that there's 3 criminal charges against him, and I wouldn't be so quick to say that it's The Man stepping on a poor white hacker.
Re: (Score:2)
What land of Reality do you live in?
Certainly, not the one where the news story took place.
Certainly, not the one that I live in.
America, early 21st century. You should try reading the news more often. Reality in America might shock you.
http://listverse.com/2013/08/30/10-disturbing-cases-of-police-impersonation/ [listverse.com]
The wonderful thing about American Liberals is that think that everywhere is just like America! How provincial. How bourgeois.
If you bothered to read my comment, I pointed out what would happen in the US. Short history lesson: most legal systems around the world are based on Roman law. Whatever can happen legally in the US, can also happen elsewhere in the world.
https://en.wikipedia.org/wiki/Roman_law [wikipedia.org]
You suck Lefty.
I'm a moderate conservative.
Re: (Score:2)
That link says quite clearly that English common law system (which formed the basis of US laws upon independence) evolved out of the old Anglo-Saxon laws, which had evolved from the German tradition, which was influenced (but not based on) Roman law. So yes, while most of the world's legal systems are based on Roman law, the one you picked was only very tenuously so, and well over a thousand years ago.
Re: (Score:2)
So yes, while most of the world's legal systems are based on Roman law, the one you picked was only very tenuously so, and well over a thousand years ago.
It's even more tenuous that our calendar system is based upon a hippie carpenter getting hammered on a telephone pole 2,000+ years ago.
Re: Hm... (Score:3, Insightful)
So why wasn't he told not to possess a police badge as part of his sentence? Why mention his study if it had nothing to do with it?
Really, it's laughable to suggest it's anything other than that.
Re: Hm... (Score:4, Interesting)
Really, it's laughable to suggest it's anything other than that.
Try reading the article. (Yes, the Google translation is worse than most Slashdot summaries). Not only did he have an imitation badge, he also used the badge to pretend to be a police officer in 2010 and 2014. If he was a hacker without a "wannabe cop" mentality, things would have turned out differently.
Re: (Score:2)
It sounds like he became a masked vigilante...I am Batman!
Re: (Score:2)
Especially when it's "found" using advanced searching techniques.
A search warrant is an "advanced searching technique" these days?
Re: (Score:2)
Assuming he possessed a fake badge, and one wasn't planted by the police, the same force who also goes taking bribe money from hookers on the streets in plain view without giving a fuck.
According to the article, he got in trouble for impersonating a police officer in 2010 and 2014. Let me guess... the police planted the badge on him in both incidents?
Re: (Score:2)
Moral of the story (Score:5, Insightful)
Don't report the vulnerability to the authority; they'll just punish you for it.
Quietly pass the vulnerability to local crime syndicate to carry favor instead.
Re: (Score:2)
One problem with that theory, they know who he is now anyway.
In this scenario said syndicate might actually be pissed that the flaw is now fixed. He isn't in the police's good books so what do you expect will be the police reaction if he gets approached from such a syndicate now and tries to report it. Sadly my money is on "Oh he was in with the criminals all along".
Re: Hm... (Score:2)
Slovenia, not America. I know nobody reads the articles,butat least read the summary.
Re: (Score:2)
"Murica"? Is that code for "Slovenia"?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Here's how! (Score:2)
Sounds like this is what he did: http://www.rtl-sdr.com/rtl-sdr... [rtl-sdr.com]
Keep in mind there is no Tetra in the US, but there is plenty of DMR & P25, which is significantly easier to listen in on.
Re: (Score:2)
Keep in mind there is no Tetra in the US, but there is plenty of DMR & P25, which is significantly easier to listen in on.
I am not sure you can even buy a switch which will send it unencrypted anymore. Which makes ROIP as secure as any https communication.
Let this be a lesson to you do-gooders! (Score:1)
He tried to help them and got a suspended sentence of 15 months in prison (won't that be fun). He was subject to a house search and all of his computers and equipment were seized. He tried to help them all along, and they punished him for it. Now it would have been much more profitable (and no police raid, no prison and no threats and intimidation) if only he had simply sold the information and equipment (for a profit) on the black market to an organized crime ring. He could have made $100,000 or more,
Perhaps he should have tried... (Score:2)
Hey, I heard some guys talking in a bar and they said......................so maybe someone should look into this.
Do not admit that you did something illegal! (Score:5, Insightful)
If you did something illegal in the process of uncovering a vulnerability, do not put your name to the information. Publish anonymously. Not just nation states, but also corporations of any size are known to show no leniency. You will not receive thanks for being a pain in the ass. Your sins will not be forgiven. Even if you did not do anything illegal, be prepared to be hassled relentlessly. Publish, but publish anonymously.
Lesson: (Score:5, Insightful)
Do not inform police about their crappy encryption, that's illegal.
Sell that information to some criminals. That is only potentially illegal, but at least profitable.
Re: Lesson: (Score:2)
...and after criminals use the exploit and show off the police, there will be an investigation and configuration fixed. So, the same outcome except the researcher got some money instead of a sentence. And worst case is he gets money AND a sentence, but that's still better than just a sentence.
Re: (Score:2)
So the lesson is... (Score:5, Insightful)
Kids, the lesson is simple : never ever under any circumstance "help" authority figures. You'll end up getting fucked.
You try to help and you end up getting fucked. You steal by the millions/billions and you're heralded as a saint.
Re: (Score:2)
To put it another way, law enforcement and the courts are not paid to not fuck you.
Re:So the lesson is... (Score:4, Insightful)
Dear kiddies... (Score:5, Insightful)
DONT FUCKING TRUST THE POLICE. If you go public with something that shows they are idiots they will absolutely punish you.
The police are nothing more than a very well financed street gang.
That's government for you... (Score:2, Insightful)
This is another illustration of how clumsy, inefficient, and occasionally evil the government is — even in otherwise decent countries. At least, the guy's sentence is "suspended"...
And everyone seems to agree with the Libertarians in these cases, but, when the topic is something else, a solid chunk of the audience suddenly switches into believing, that the government is not only an acceptable, but the best solution available.
Why, for example, would the same people be outraged at the government's goo
Re: (Score:2)
The government sucks at everything... A few things — such as law-enforcement — can not be done by competing enterprises and must be a monopoly. But everything else can — and therefore should — be done by competing establishments.
They may (or may not) be necessary, but the government is not the only p
Re: (Score:2)
Re: (Score:2)
Other than law-enforcement (including military), I can not think of any examples... Incidentally, military and police are the government's explicit prerogatives by the US Constitution — nothing else...
Ever heard of Consumer Reports? "Good Housekeeping" approval label? UL certifications? All of these exist already — they are voluntary and comp
Re: (Score:2)
That's entirely up to them. If they are providing something people want, they will get paid — by manufacturers eager to have their wares certified, and/or by consumers wanting to read up on the stuff they are choosing.
A completely different model may be product reviews — such as offered by Amazon, which has a deeply vested interest in the reviews' helpfulness and objectivity.
Yes, the
Such Brilliance (Score:2)
Worked the other way for me (Score:3)
Some years ago while on the job I got so caught up on my projects I found myself with an hour or two to kill everyday for a couple weeks. (Disclaimer: I hid the fact I was caught up early.) Now I am the curious type, especially when it comes to networks and security. Needless to say, I started poking around. Poking around quickly led to hacking around. It was an internal LAN, but still. I followed the bread crumbs and uncovered, lets just say "stuff that was not intended to be uncovered. Much more followed from that. It reached a point where it was down right concerning. So finally I crossed my fingers and called my boss over, who of course was not a tech. He was concerned bordering on unhappy about what I was doing. The next day I got a call from the CIO, which is highly unusual. We had a very long talk about what I had been up to. The talk extended into a discussion of my knowledge and abilities which up till then no one in the company knew I had. I don't remember which hacker topic it was, but at one point the CIO said "fuck me" he did not mean it literally. The result? The CIO gave me permission to keep on hacking our systems as long as I documented everything and reported directly to him. Up to that point, my initial finding resulted in ten or so pages of documentation. It was pretty cool.
A bit off topic. Although I liked my job I found myself in a situation where I had to pick up and move. The details of that are unimportant, but I made sure I had a job waiting for me. Before I left the company, the CIO installed a keystroke logger on my computer. Since I was the only one running Linux, it was my personal computer. The CIO, was one of the single best hackers I have had the pleasure of meeting. Next thing I know I was signed up for a bazillion newsletters and I noticed a Sony Erickson had accessed my Google account. It took me all of one second to figure out what had happened. Fortunately it was all fun and games, nothing malicious. Although I did proceed to reformat the drives in all of my computers and proceeded to change every password I used (a lot) to random alphanumerics every week for a couple of months. Fun stuff.
Similar problem, better outcome. (Score:4, Insightful)
On of our university's IT group noticed that the university's police were using a packaged IT police support solution that had no security. An attacker could change arrest reports, access and change all the secret log entries, and track the real-time deployment and activity of the police. We verified that the problem existed across hundreds of police departments all over the country. The university police were horrified, when we presented the problem to them.
I think the main thing that led to a better outcome was the university IT team worked closely with the university police team to present the problem to the external vendor. During the presentation, the external vendor went through all the stages of grief: denial, anger, bargaining, depression and acceptance. When the vendor got to the anger stage, they threatened to have us arrested. We just kept asking how arresting somebody would fix the code, until they got on to the next stage.
Still, it took months before the vendor deployed fixed code.
Re: (Score:3)
Be lucky if you don't get shot "resisting"....
No good deed... (Score:2)
ANd (Score:2)
The lesson learned from this?
Fuck the pigs, sell the vulnerability to the bad guys....?
Great lesson to teach the young hackers...
Standard Thank You (Score:2)
A pretty standard sort of thank you from people who run a government. He is lucky, a lot of them end up in body bags or crippled and homeless for helping politicians and their machinations.
You know the real truth is, they are more afraid he will expose corru
Stupid, backward, insular laws... (Score:2)
Quite clearly he should have sold the information, even though it's merely Slovenian police and security services, I'm sure a few grand would have been preferable to a (suspended) prison sentence.
Modern Commercial Security: HACK US AND WIN PRIZES.
Modern Government Security: If you just look at us and try to help, we'll put you down. We'd rather have holes being actively exploited by enemies of the state than have the shock horror of a public servant being made to look slightly inept, even if the hole isn't
Two mistakes (Score:3)
First mistake: telling the authorities about their problem.
Second mistake: making the problem public.
Do be a good citizen and notify the relevant authorities of computer security problems. But be a SMART citizen, and do it anonymously.
Do not be a jerk and make the security problems public. But if you absolutely feel you must do so, do it anonymously.
In a more ideal world that this, anonymity would not be needed. However there are far too many authorities who prefer to blame the messenger than to fix things properly. Your idealism is NOT shared universally.
Re: (Score:2, Insightful)
computers and equipment that he used to listen in on the system were seized. Police also found a "counterfeit police badge" during the investigation.
There are the key details of the story.
Yes, I understand that he offered to help. Yes, I understand that he had the noblest intentions. Regardless, he still intentionally broke the law by accessing a system without authorization. That it was easy to do doesn't make it any less of a crime.
Re: (Score:3)
The same kind of police badge I have? That came in the cereal box?
Re: Only programmers (Score:3)
I'm not condoning his actions, but I do believe as a computer scientist I have some authority to call someone out on their actions. I have a duty to inform people that you can formally prove that a system is secure. For some reason most people don't even consider that a thing.
The house analogy breaks down because it would be impractical to build a house that no one can break into, but many systems have been designed with formal proofs of security and are secure given certain constraints.
The sad thing is tha
Re: (Score:3)
But what if you can't know it's insecure unless you break into it first? If you're not a security expert and you have not been called in to assist, then don't go breaking into anything. If it's for something important and not just for police (like say voting machines) then do it secretly.
Anyone smart enough to understand security (ie, not a script kiddie) should also presumably be smart enough to understand personal security.
Re: (Score:2)
That depends... was yours used repeatedly in the past to claim to be an officer?
Re: (Score:2)
Sure! I have to admit though that was a long time ago, when I was younger. It did impress the other kids, though.
Re: (Score:3)
I do have to admit, though, that it got me into trouble, too. My mom explained to me in no uncertain terms that it does not give me authority to do a strip search with Jessica...
Re: (Score:3)
You should have just called your mom a soft-on-crime bleeding heart liberal SJW.
Re:Only programmers (Score:5, Insightful)
computers and equipment that he used to listen in on the system were seized. Police also found a "counterfeit police badge" during the investigation.
There are the key details of the story.
Yes, I understand that he offered to help. Yes, I understand that he had the noblest intentions. Regardless, he still intentionally broke the law by accessing a system without authorization. That it was easy to do doesn't make it any less of a crime.
Spoken like a true apparatchik: Why, he should have known better than to try and contribute to the defence of his country by revealing security flaws in police/military communications systems and instead just kept his mouth shut and allowed these vulnerabilities to go unfixed thus ensuring that the fucking FSB and the Russian army could pwn his country's military in the event of a war. If the people in charge of the Slovenian police/military weren't the bunch of incompetent morons they apparently are, and it sounds like the problem lies with politicos in the defence ministry (DUH! incompetent political appointees screwing up, surprise, surprise...), they'd have hired this guy and others like him long ago and put them in charge of police/military signals security. Speaking for myself, my first reaction would have been consider recruiting this guy if only to ensure somebody else didn't snatch him up first. I'll also bet that this is what Slovenian military intelligence wanted to do (if they have a single spark of competence among them).
Re: (Score:2)
Spoken like a true apparatchik
Ah, yes. I oppose your particular flavor of freedom, so I must be a Communist!
Why, he should have known better than...
First, he should have not been screwing around with anybody else's system without finding out exactly what the boundaries are. For instance, it might be perfectly legal to receive TETRA signals passively, but any transmission (even announcing that you're only listening) might be illegal. Seeking a lawyer's advice is recommended.
After determining exactly what is and is not legal, then he has to make a conscious choice as to whether
Re: (Score:2, Interesting)
Spoken like a true apparatchik
Ah, yes. I oppose your particular flavor of freedom, so I must be a Communist!
** snipped long winded speech **
Communist? I didn't mean tomac use you of being a communist by calling you an apparatchik, any number of other similarly themed descriptors would fit you as well. You seem like the kind of dusty stiff necked bueraucrat who would rather follow the letter of the law even if it resulted in your country's military get steamrolled by it's enemies than bend the rules a bit and reap the benefits of discovering a gaping security flaw in your country's most secret and sensetive communications system.
Re: (Score:2)
These scenarios seem like the perfect opportunity for guerilla groups everywhere to recruit valuable players. If your group has the kind of insight to take advantage of these weakness it'll give you more of a fighting chance against large oppressive adversaries.
Thing is that you don't have to be a major poser like the USA, China or Russia to achieve a monster intelligence coup like cracking your opponents signals traffic. Small countries have achieved major military victories by letting a small group of very talentet people loose on the encrypted signals traffic of a much bigger and better equipped opponent. Cracking your opponents cencrypted comms is probably the biggest force multiplier there is. Conversely small players cannot afford incompetent politicay appoi
Re: (Score:2)
Are you suggesting to replace cryptography with law?
Re: (Score:2)
I am suggesting that we be wary of replacing rule of law with rule of man, regardless of how noble that man claims to be.
Re: (Score:2)
Laws are written by mankind, there are no others.
Re: (Score:2)
Uh... there actually are.
We'll disregard the ancient rules supposedly written by deities, mostly because they're not sufficient to cover the needs of any society within the past two thousand years.
In more recent ancient history, there has been the divine right of kings. Under such a system, kings are exempt from laws because their authority is absolute, generally held to be originally granted by a deity and passed down through a bloodline (unless the ruling family fell out of favor and a new military victor
Re: (Score:1)
How would you propose to find leaks otherwise if the agencies trust the system and therefor never initiate a security audit?
The guy apparently was trying to get the attention to warn them, nobody reacted.
Re: (Score:3, Informative)
This is a terrible analogy. He didn't "break into" anything. They broadcasted poorly encrypted information to whoever was listening, and assumed that nobody listening could decrypt it. Now they're mad because they were proven wrong.
Re: (Score:3)
Next time he will hopefully not be so dumb and inform the cops but sell that info to some criminals. There's money to be made with a device that lets them know when the sting's gonna fall.
Re: (Score:2)
Indeed. If you really think there is a lot of sophisticated code going on, think again. I've heard more stringent radio discipline in milsim clans than on police radio. Might be different in the US, don't know, but police 'round here isn't shy to call shit shit.
Re:Only programmers (Score:5, Insightful)
See, in this house everyone assumes the lock on the front door works. No one ever tests if it does, they just trust it.
One day, this guy decides to try opening the door without turning the key in the lock first. Whaddya know, the door opens without a problem.
Realizing this he writes a note and drops it in their mailbox to warn them.
Then he gets arrested for breaking and entering.
Re: (Score:2)
See, in this house everyone assumes the lock on the front door works.
Finally, some common sense in this thread. All he did was jiggle some "locked" doors, and inform the residents of the doors that didn't lock. It's a community service, as long as he doesn't take anything.
Re: (Score:2)
Realizing this he writes a note and drops it in their mailbox to warn them
Actually no, he put a billboard on the front lawn which said "This house is unlocked! You can get into it like *blah blah*."
Re: (Score:2)
Re: (Score:2)
Yeah, and did he get in trouble those first 2 years?
Re: (Score:2)
And their also taking the Slovenian Defense Ministry's word that
Re: (Score:2)
That isn't true.
Tetra was used by military, police, etc.
Military communications did NOT have any encryption.
Police communications DID have encryption, although a weak one.
He wasn't charged for intercepting plaintext military communications, but for breaking the encryption, eavesdropping on police communications *and* obstructing/jamming several police radio stations.
Re: (Score:2)
I should be able to do my due diligence that this third party is actually doing its job.
Your due diligence doesn't entitle you to break the law, or attempt to break in, or gain fraudulent access to the safety deposit boxes.
Instead get them to produce reports by a security audit services company they pay to audit their security.
If the reports do not satisfy you, and you are a big enough fish, you can insist they hire the auditor of your choice, at your expense, or perhaps your a big enough fish to demand they even do it at their expense. Being a big fish opens a lot options.
If you aren't a big
Re: (Score:2)
And what do you call conflating red-tape procedure with criminal law?
You can't try to assault a woman wearing a rape whistle, just to find out if it works or not. Claiming after the fact that you weren't really going to actually rape her even if nobody came to her rescue isn't going to fly.
You want to test the efficacy of rape whistles, or bank security, or anything else that's fine, but the methodology needs to be legal. That's not bureaucratic red tape; that's just common sense.
Re: (Score:3)
Re: (Score:2)
I don't think you understand software, nor does the government. No one gets hurt with white hat hacking.
No one got hurt in my rape whistle scenario either. That was part of my point. It was a just a "white-hat" test to see if the rape whistle was going to work.
Everyone doing white-hat external security audits knows that you need permission to do it up front. That consent is what transforms it from a 'an illegal criminal activity' to a 'legitimate service'.
Comparing it to rape is like comparing a snow cone to a blizzard.
Except nobody got raped, or was ever at risk of being raped. Don't you see my hat! Its WHITE! I'm here to help! I'm not going to actually hurt you.
External security audits are the best way to find vulnerabilities, and when the results are given to you for free, it's even better.
That's wh
Re: (Score:2)
Re: (Score:2)
That is a crime.
Hacking into computers that aren't yours is also a crime.
You can even kill someone with a weak heart.
You can inadvertently corrupt a critical database that wasn't being properly backed up and destroy a company.
You are hurting a person
You are causing harm.
The day you can teach a computer to feel fear, I'll change my tune.
Why does the computer itself need to feel fear for you to realize causing harm to it causes harm to the company and the people who own it?
Re: (Score:2)
Re: (Score:2)
Hacking into a system and letting the company know about it is good. Hacking into a system and destroying there database is bad
Intending to do the former, still risks doing the latter.
Blindly applying a law without hearing the circumstances of the case is moronic and does not constitute justice.
Agreed. Consideration of Intent absolutely matters for justice. But that still doesn't make it ok.
Bottom line, this is basic property law. Its NOT your property, so if you want to fuck around with it, get permission from the owner first.
What exactly do you disagree with about that statement?
Re: (Score:2)
Re: (Score:2)
If you hack in and do no harm
If I find a way into your house, get in and walk around and don't damage anything, that's no harm either right? If I pick your lock because it wasn't very good, what's wrong with leaving you a note on your fridge? What's wrong with trespassing?
And what if you do harm? What if your 'hack' does damage the data, whether you intended to or not? You can't know for certain you won't crash the system or corrupt data.
If you hack in and accidentally wipe my server, then you are liable.
I don't tolerate good Samaritans wandering around in my kitchen either, whether they wreck the plac
Re:Only programmers (Score:5, Interesting)
This site depresses me sometimes. Look at this comment getting voted up. I mean, aside from the dodgy analogy housebreaking vs penetration testing (which may be similar or not, depending on the specifics) look at this: "Regardless of his objective, he broke the law." --- as if your intentions can not be an absolute defence - punching someone is illegal; punching someone in self-defence is **not** - but "regardless of his objective" is somehow a valid statement? C'mon.
Score:4, Interesting (at time of writing). Seriously.
Re: (Score:2)
punching someone is illegal; punching someone in self-defence is **not** - but "regardless of his objective" is somehow a valid statement? C'mon.
Punching someone in the face, unsolicited, to show them how weak their guard is, is not just assault, it's aggravated assault.
Re: (Score:2)
What about punching someone without their consent to test the strength of their bone structure, and then publicly humiliating the target?
As if self defence can be compared to uninvited pen testing followed by public disclosure of a vulnerability.
Re: (Score:2)
If you think
Re: (Score:2)
Not sure how your comment got so highly ranked. It seems to stem from ignorance.
The laws dealing with assault and homicide have exemptions for certain situations. Self-defense is one of those, so harm committed in a reasonable act of self-defense is not punishable. The context and intent are important because the law takes them into consideration.
I cannot speak to Slovenian law, but his intent would be irrelevant in the US. The primary hacking law here, the Computer Fraud and Abuse Act, does not take motiva
Re: Only programmers (Score:2)
not lenient (Score:2)
The courts were very lenient on him, so no harm was done.
3 years suspended sentence is not lenient... This is a European country... Where unlike the US, doing a crime is not a life ending event.
On topic, "counterfeit police badge" is very bad... That said, I don't see how they got a search warrant in the first place, so he could probably go after them on the fact that such search warrant shouldn't have been issued.
Re: (Score:2)
Re: (Score:3, Insightful)
So capturing signals broadcasted over the public airspace and decrypting them is breaking an entering? Gee, then whenever the police use a Stingray device to intercept encrypted data between my cellphone and the cell tower, they are really violating my constitutional rights by entering my home and I am therefor obliged to sue them personally and directly for that violation of my civil rights. Also Castle law, because hey they are breaking an entering. Lets get a party together, go find the stingray van,
Re:Only programmers (Score:4, Interesting)
Re:Only programmers (Score:5, Insightful)
You discover a door to a bank door open:
Option #1: You tell the bank and the police. They do nothing. You let journalists know the bank and police did nothing for 2 years, you get jail sentence in retribution.
Option #2: You tell some criminals for a cut of the profits, retire in Bahamas. No jail sentence.
Clearly the system wants us to take option #2. Lesson learned.
Re: (Score:2)
> Why is it programmers are the only people who feel breaking into your house to show you how bad your locks are is a reason for congratulations and adoration?
As opposed to the crooks who will just make off with everything because of your shitty security???
To be informed is to be forewarned
Re: (Score:2)
Sorry to wake you but you should really get a proper lock for your doggie door.
Re: (Score:3)
At the same time, they didn't seem all that interested in the false identification until he reported the weakness. The last instance of the false ID was 2014.