Ethical hacking could be very risky, this is the experience of a 26-year-old Slovenian student, Dejan Ornig, that had serious problems after the discovery of flaws in the Police Communications Protocol.
It is incredible, but authorities have given him a prison sentence.
Ornig has found security vulnerabilities in the implementation of the TETRA encrypted communications protocol used by national authorities.
“Ornig judgment is charged attack on the information system, falsification of documents and undue audio recording.” reported the Slovenian news website Pod Crto.
The TETRA protocol is utilized by the Slovenian police, the Slovenian Intelligence and Safety Company (SOVA), the military, and also the jail administration.
The facts are dated back to 2012, when Ornig alongside with 25 colleagues started working on the TETRA implementation in the country, as part of a school project.
In September 2013, he discovered that the Slovenian authorities had misconfigured the TETRA protocol used in the country.
Ornig ethically reported his discovery to the authorities, but he did not see any action from the government so he decided to publicly disclose the issues in March 2015.
Only after the public disclosure of the flaw, the authorities fixed the problems in the TETRA implementation but then started the problems for the young student. Ornig has been accused of trying to hack the Government network on three separate occasions in February, March and December 2014.
In April 2015, the authorities raided the house of the student and seized the computer and a $25 custom device with which he was able to interrupt TETRA communications. The police also discovered a fake police badge, then the situation became more complex.
The analysis of the Ornig’s computer revealed the presence of illegitimately recording his former employer, as a result, the police filed a third charge against the youngster.
According to the Slovenian authorities, Ornig should have obtained official permission to perform the tests that allowed him to discover the issue in the Tetra protocol.
The young student this week received a suspended jail sentence of 15 months, the authorities suspended the prison sentence under the condition that the hacker will not repeat the same crime in the next three years.
If you appreciate my effort in spreading cyber security awareness, please vote for Security Affairs as best European Security Blog. Vote SecurityAffairs in every section it is reported. I’m one of the finalists and I want to demonstrate that the Security Affairs community a great reality.
(Security Affairs – hacking, Tetra)