Monday, 3 February 2014

Help Australia Government? = Arrested!!

16-Year-Old Hacker Arrested for Helping Government

A teen hacker from Australia must be regretting reporting a security hole at the government website which allowed him to access a database with sensitive data about 600,000 public transport users.

Australian government portal was important as a primary website for information about public transport timetables. Its database featured full names, addresses, phone numbers, email addresses, dates of birth, and even a 9-digit extract of credit card numbers used there.

Joshua Rogers, 16, has contacted the website after Christmas and reported the flaw. After receiving no response, the teen called newspapers and that is when Transportation Department reported him to the police. Although it is unknown how Rogers accessed the database, it seems to be a doddle. Perhaps, it was an SQL injection flaw, because it’s the tool of choice to breach websites and access backend databases.

Local police have a record of arresting people revealing security holes. For example, three years ago, Patrick Webster suffered a similar consequence after reporting a website vulnerability to a national investment company which managed his pension fund. The individual was arrested for writing a script to download 500 account statements in attempt to prove that its account holders were at risk. The company reported him to police and demanded access to his machine in order to make sure he had deleted all stolen data.

The teenager admitted that the police haven’t even contacted him. In fact, he learned about what has happened from journalists. Anyway, he might be regretting doing the decent thing and reporting the flaw. Maybe selling his remarks to Russians would have had more sense.

No comments: