The company considers that the defendant exceeded the limits of the ethical hacking labor
The Hungarian authorities are investigating an
ethical hacker who discovered a critical vulnerability in the systems of telecommunication
company Magyar Telekom at the
beginning of last year. According network security specialists from the
International Institute of Cyber Security, the company would have filed a
complaint against the hacker, thus facing a sentence of up to eight years in
prison.
According to local media reports, the hacker
would have reported security flaws to the company and, despite the possibility
of collaboration, none of these plans came to be realized.
The hacker kept analyzing the security
infrastructure of Magyar Telekom, discovering a new vulnerability that would
allow attackers to access data traffic, as well as monitor the servers of the
organizations that use Magyar Telekom services, mentioned experts in network
security.
The point is that the company detected the
second tests carried out by the hacker, reporting them to the authorities
mentioning that an unknown attacker had hacked their systems.
Experts on network security in Hungary mention
that “Magyar Telekom has very strict internal policies and processes to prevent
intrusions into their systems of any kind.”
The trial against the ethical hacker is
underway; the Union for Civil Liberties
in Hungary (NGO in charge of the defense of the ethical hacker’s defense),
states that the plaintiffs are ignoring the context in which the facts were
presented.
Local media claim that the documents filed with
the prosecutor’s office accuse the hacker of entering the company’s database
for the purpose of compromising a public service.
The Union for Civil Liberties argues that
ethical hackers should not be prosecuted by law, as they perform these tasks
for the benefit of only public and private organizations. However, the
Hungarian authorities consider that the defendant exceeded the limits of his
work as an ethical hacker, exposing the security of the company and its
customers’ data.
On the other hand, Magyar Telecom released a
statement clarifying that the lawsuit was presented because the ethical hacker
deployed a second wave of attacks against the company’s systems.
Magyar Telekom issued a separate statement
saying that the complaint was filed because the ethical hacker launched new
attacks on his systems and did not cooperate with his own investigation. The
company also stated that the vulnerabilities detected had no impact on their
services or on their customers’ information.
The Union for Civil liberties in Hungary has
already defended ethical hackers in similar cases. In 2017, the NGO took over
the defense of an 18-year-old accused of hacking the ticket-selling system of
the Budapest Transport Centre, in addition, that same year also defended in
court a person charged with misuse of personal data and cyberattacks against
the customs administration system in Hungary.
