Menu
Australian teen accepts police caution to avoid hacking charge

Australian teen accepts police caution to avoid hacking charge

Joshua Rogers' case illustrates the fine legal line computer security researchers tread

Joshua Rogers

Joshua Rogers

An Australian teenager has accepted a caution from police rather than face charges for discovering a vulnerability in the website of one of the country's public transport authorities late last year.Joshua Rogers of Melbourne accepted the caution, he told IDG News Service via email on Monday. He will not face charges, and the caution -- an acknowledgement that he broke the law -- will be expunged from his record in five years if he does not commit the same offense in that period.Rogers' case illustrates the fine line that computer security researchers tread when hunting for software vulnerabilities on public websites.Large technology companies such as Google and Facebook encourage security researchers to probe their sites and pay rewards for supplying security information. The rewards are paid on the condition that researchers do not share the information publicly until the problem has been fixed.But without that kind of blessing, activities that may be research could easily be considered malicious and violate computer crime laws.

Rogers found a SQL injection vulnerability on the website of Public Transport Victoria (PTV), which runs the state's transport system. The type of vulnerability affects databases that do not filter certain kinds of input correctly.Rogers found he gained access to some 600,000 records, including partial credit card numbers, addresses, emails, passwords, birth dates, phone numbers and senior citizen card numbers. He maintained he downloaded two or three records from the database as part of his research, then deleted the data. He notified PTV of his findings via email on Dec. 26, a public holiday in Australia, copying 13 employees of the agency on the correspondence. After not receiving a response, he contacted Fairfax Media. Its Melbourne paper, The Age, covered the story.At the time, PTV decline to comment and said the incident was under investigation. Then in May, between six and eight police officers came to Rogers' residence and seized various electronic equipment, including USB sticks, his Samsung phone, a laptop and a server, Rogers wrote on his blog.Rogers was interviewed at a police station the same day and told he may have violated a computer crime law that prohibits "unauthorized access, modification or impairment with intent to commit a serious offense." According to Australia's Cybercrime Act of 2001, the offense is punishable by between five years and life in prison. On July 2, police gave Rogers the option of admitting he broke the law by signing the caution."The other option was to go through the whole process of being charged, and then going to court," he wrote via email. "It's not like I could have said 'I didn't do it!', after all."

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags legalExploits / vulnerabilitiesPublic Transport Victoria

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments