Mohit Kumar reports:
Last year, Hungarian police arrested a 20-year-old ethical hacker accused of finding and exploiting serious vulnerabilities in Magyar Telekom, the largest Hungarian telecommunication company, who is now facing up to 8 years in prison.
According to local Hungarian media, the defender first discovered a severe vulnerability in Magyar Telekom systems in April 2018 and reported it to the company officials, who later invited him to a meeting.
Reportedly, the hacker then traveled to Budapest for the meeting, which didn’t go well as he expected, and apparently, the company did not permit him to test its systems further.
However, the man continued probing Magyar Telekom networks and discovered another severe vulnerability at the beginning of May that could have allowed an attacker to access all public and retail mobile and data traffic, and monitor company’s servers.
When Magyar Telekom detected an “uninvited” intrusion on their internal network, the company on same day reported the incident to the police, leading to his arrest.
Read more on The Hacker News. I’m not sure that this man can really claim to be an ethical hacker after he continued to access/intrude after they presumably made clear that he was not authorized to do so. That said, I think prison is probably a waste of his talents and some alternative should be considered.
But that gets us back to a convo on Twitter after I commented that U.K. sentencing for hacking was very lenient compared to U.S.— maybe too lenient. In this case, 8 years would be too harsh.
We continue to play “Goldilocks and the Three Sentencing Guidelines.”