UK Cops Punish Suspected Hacker By Having Him Work With The Organization He Hacked To Patch Up Security Holes

from the a-better-way-to-handle-minor-breaches dept

We've seen lots of companies (and prosecutors) go after researchers and hobbyists who have exposed security holes in websites and software. Rather than simply fix the problem and alert those who might be affected, too many see fit to shoot the messenger as well.

We've also seen some disturbing over-prosecution of less well-intentioned hackers, presumably meant to act as a deterrent toward others who might feel like taking a poke at a company's firewall. This tends to result in sentences completely divorced from the reality of the situation. So, it's somewhat refreshing to see law enforcement officials handle a hacking case in a much more proactively positive way. (via the Office of Inadequate Security)

Following an investigation, a 24-year-old man from London was arrested for computer misuse by the Metropolitan Police. The man admitted accessing email accounts by using information found on social media sites such as LinkedIn and Facebook to identify targets, and bypass their security questions.

It's unclear if the man did anything with the information he'd obtained. The man admitted to accessing the accounts and claimed he didn't know his actions were illegal. After some discussion with the suspect and the organization affected (which has asked not to be named), both aggrieved parties agreed to let the enterprising hacker work it off.

Instead of pursuing a prosecution, the victims agreed to a 'restorative justice' option, whereby the hacker will now be giving advice to the organisation about cyber security and some of the methods used to breach networks.

The 24-year-old will now be strengthening the security of the organization whose system he'd breached. This is a much better outcome for everyone involved than the alternative. A prosecution would likely have kept the suspect on the wrong side of the law. Spending time in jail tends to decrease the chances of rehabilitation and a criminal record can often serve as an inadvertent deterrent to making an honest living. A chance to work with those he's negatively affected will disabuse the man of any "victimless crime" notions and give the organization a chance to learn cybersecurity skills from someone who knows a thing or two about working around the minimal security roadblocks erected with a "will this do" shrug by far too many entities.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: hacker, patch, police, uk

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 8 Jan 2017 @ 10:41am

    Sounds like a job title that should have been created a long long time ago

    Ethical hackers mind you, whose purpose is to hack, inform, and strengthen security, as is happening today

    So why dont we do the opposite and implement mass fucking surveillance while weakening security to do the few dont have an already massive influence in our lives.........this ones gonna hit the fan, gonna hit it out of the ballpark, probably around about the same time they create the effective programs to collect, store, analyze and then present our private lives in a nice user friendly GUI

    Disgusting, WE ARE NOT PROPERTY, how far from equal are you guys planning to go, i would not mass survey someone, because i would not want to be mass surveyed, i can only assume that these folks feel protected from the thing they inflict on others........ makes you a baaaaad person, certainly not as the media would portray, freaking jesus christ personified

    Wow, sorry, that went slightly off topic

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Essential Reading
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.