[ISN] Man escapes conviction over unsought bank probe

From: InfoSec News (alerts@private)
Date: Thu Sep 28 2006 - 00:28:45 PDT


September 28, 2006
A man who accessed the Reserve Bank's telephone systems to find security 
weak spots then billed the bank for his unsolicited services told the 
Wellington District Court he was surprised when police questioned him 
about his actions.
Gerasimos Macridis, 39, a researcher, represented himself in court 
before Judge Ian Mill.
Macridis pleaded guilty to one charge of intentionally accessing a 
computer system knowing he was not authorised to do so.
Police prosecutor Colin McGilivray told the court Macridis had 
telephoned the Reserve Bank on May 30, introducing himself as a security 
He outlined problems with the bank's telephone system, then requested 
payment for providing the information. He also contacted Telecom and 
asked for payment, outlining testing he had conducted, vulnerabilities 
he had found and ways these could be fixed.
The Reserve Bank made a complaint to police, who searched Macridis' 
house on September 21 and seized his computer.
Mr McGilivray said Macridis admitted having no authorisation from 
Telecom to conduct his research but claimed he was not aware his actions 
were illegal.
Macridis has a significant number of previous fraud convictions and it 
appeared he was trying to obtain money through virtue of his technical 
knowledge, Mr McGilivray said.
In his defence, Macridis told the court he had worked as a security 
consultant on a casual basis for the past 11 years. He said he had 
previously done extensive work for Telecom and completed assignments for 
the Police and the Department of Internal Affairs.
He said his intentions were lawful. He told the bank its phone calls and 
facsimile transmissions could be intercepted from overseas.
Judge Mill described the case as very unusual. He noted Macridis' 
dishonesty offending ended more than 10 years ago.
He said Macridis used his talents to identify security risks and he had 
identified a grave risk to the Reserve Bank and its customers.
He did not pass the information on to others and did not use it for 
personal gain. "In my view his intentions were honourable."
Judge Mill said conviction would be out of proportion with Macridis' 
actions and he discharged him without conviction.

Visit the InfoSec News store!

This archive was generated by hypermail 2.1.3 : Thu Sep 28 2006 - 00:39:32 PDT