Ethical hacker faces prison time for exposing vulnerabilities in a telecom company

The company considers that the defendant exceeded the limits of the ethical hacking labor

The Hungarian authorities are investigating an ethical hacker who discovered a critical vulnerability in the systems of telecommunication company Magyar Telekom at the beginning of last year. According network security specialists from the International Institute of Cyber Security, the company would have filed a complaint against the hacker, thus facing a sentence of up to eight years in prison.

According to local media reports, the hacker would have reported security flaws to the company and, despite the possibility of collaboration, none of these plans came to be realized.

The hacker kept analyzing the security infrastructure of Magyar Telekom, discovering a new vulnerability that would allow attackers to access data traffic, as well as monitor the servers of the organizations that use Magyar Telekom services, mentioned experts in network security.

The point is that the company detected the second tests carried out by the hacker, reporting them to the authorities mentioning that an unknown attacker had hacked their systems.

Experts on network security in Hungary mention that “Magyar Telekom has very strict internal policies and processes to prevent intrusions into their systems of any kind.”

The trial against the ethical hacker is underway; the Union for Civil Liberties in Hungary (NGO in charge of the defense of the ethical hacker’s defense), states that the plaintiffs are ignoring the context in which the facts were presented. 

Local media claim that the documents filed with the prosecutor’s office accuse the hacker of entering the company’s database for the purpose of compromising a public service.

The Union for Civil Liberties argues that ethical hackers should not be prosecuted by law, as they perform these tasks for the benefit of only public and private organizations. However, the Hungarian authorities consider that the defendant exceeded the limits of his work as an ethical hacker, exposing the security of the company and its customers’ data.

On the other hand, Magyar Telecom released a statement clarifying that the lawsuit was presented because the ethical hacker deployed a second wave of attacks against the company’s systems.

Magyar Telekom issued a separate statement saying that the complaint was filed because the ethical hacker launched new attacks on his systems and did not cooperate with his own investigation. The company also stated that the vulnerabilities detected had no impact on their services or on their customers’ information.

The Union for Civil liberties in Hungary has already defended ethical hackers in similar cases. In 2017, the NGO took over the defense of an 18-year-old accused of hacking the ticket-selling system of the Budapest Transport Centre, in addition, that same year also defended in court a person charged with misuse of personal data and cyberattacks against the customs administration system in Hungary.