Perhaps many netizens may have thought that it is illegal to directly test whether a website is vulnerable without the permission of the website owner. Or is it illegal to directly disclose the vulnerability without the permission of the website owner? The answer is yes, because it may have the opposite effect. Originally, your intention may be to improve the security of the website, but it may also cause the website data to be stolen, or even reveal the private data of the website users.
In the first half of last year, white hat hackers discovered serious flaws in the support system of Hungarian Telekom operator Magyar Telekom. The white-hat hacker then submitted the vulnerability to Magal Telekom, which then confirmed the vulnerability and invited hackers to participate in their security conference.
However, after the hacker arrived in Budapest, he found that things were not what he expected. Magal Telekom did not allow him to continue testing other systems. Unfortunately, the 20-year-old white-hat hacker continued to test without complying with the requirements and then discovered a more critical security hole.
The vulnerability allows attackers to access all public and retail mobile and data traffic and listen to all servers within Magal Telekom and more. Then Magal Telekom reported the police directly on the grounds that the system was attacked, and the white-hat hacker was subsequently arrested by the Budapest police.
The Prosecutor’s Office said that the hacker’s behaviour had crossed the warning line because his actions could have serious potential harm to society. At the same time, the prosecutor also proposed a settlement transaction to the hacker: if the guilty plea is only two years probation, on the contrary, if you do not plead guilty, you may be sentenced to five years in prison.
However, the hacker eventually refused to plead guilty and believed that his actions were not guilty. After the refusal, the prosecutor also updated the allegations to disrupt the operation of the public utility. So in the end, the hacker’s penalty may be eight years in prison. The Hungarian non-profit organization Civil Liberties Union is currently defending hackers.