[ISN] Tsunami hacker convicted

From: InfoSec News (isn@private)
Date: Sun Oct 09 2005 - 21:08:39 PDT


http://www.theregister.co.uk/2005/10/06/tsunami_hacker_convicted/

By John Oates
6th October 2005

Daniel James Cuthbert was convicted today of breaking Section 1 of the
Computer Misuse Act of 1990 by hacking into a tsunami appeal website
last New Year's Eve.

District Judge Mr Quentin Purdy said: "For whatever reason Mr Cuthbert
intended to secure access, in an unauthorised way, to that
computer...it is with some considerable regret...I find the case
proved against Mr Cuthbert." He was fined £400 for the offence and
must pay a further £600 in costs.

Cutbert, 28, of Whitechapel, London, told Horseferry Road Magistrates
Court yesterday that he had made a donation on the site, but when he
received no final thank-you or confirmation page he became concerned
it may have been a phishing site, so he carried out two tests to check
its security. This action set off an Intruder Detection System in a BT
server room and the telco contacted the police.

The prosecution made an application for costs but declined to seize
Cuthbert's Apple notebook on which the offences were committed. They
made no further claim for compensation.

The defence asked for some sort of discharge because the case came
close to "strict liability" - it was his responsibility but not his
"fault". Mr Harding, for the defence, said: "His reasoning was not
reprehensible. He was convicted because of the widely-drafted
legislation that could catch so many."

Mr Purdy, speaking to Cuthbert in the dock, said: "I appreciate the
consequences of this conviction for you are considerably graver than
any I can impose. But you crossed an inappropriate line, time and
expense was expended and anxiety caused. That aside, the price may be
a heavy one for you to pay." Cuthbert lost his job as security
consultant at ABN Amro as a result of his arrest and has only recently
been able to find work.

DC Robert Burls of the Met's Computer Crime Unit said afterwards: "We
welcome today's verdict in a case which fully tested the computer
crime legislation and hope it sends a reassuring message to the
general public that in this particular case the appropriate security
measures were in place thus enabling donations to be made securely to
the Tsunami Appeal via the DEC website."

Peter Sommer, who was an expert witness for the defence, said he
thought the judge had a good understanding of the issues involved but
"took a very strict view of the wording of the legislation." Sommer
added that he thought the policing of minor offences should "not
involve taking people to court but rather talking, warning and
slapping wrists."

Asked if he thought the verdict would make it harder for the police to
get help and cooperation from security professionals Sommer said: "It
will certainly make them more wary."

Speaking after the verdict an upset Daniel Cuthbert told the Reg:  
"They've now set the bar so high that there should be thousands of
convictions for people doing things like these. There will be lot of
anger from security professionals and the police will find it harder
to get help in future."

Cuthbert is considering a career outside the IT industry.

For the full text of Section 1 of the Act click here [1]. ®

[1] http://www.opsi.gov.uk/acts/acts1990/Ukpga_19900018_en_2.htm#mdiv1



_________________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org 



This archive was generated by hypermail 2.1.3 : Sun Oct 09 2005 - 21:45:47 PDT