Many of you might have this question in your mind:
“Is it illegal to test a website for vulnerability without permission from the owner?”
Or… “Is it illegal to disclose a vulnerability publicly?”
Well, the answer is YES, it’s illegal most of the times and doing so could backfire even when you have good intentions.
Last year, Hungarian police arrested a 20-year-old ethical hacker accused of finding and exploiting serious vulnerabilities in Magyar Telekom, the largest Hungarian telecommunication company, who is now facing up to 8 years in prison.
According to local Hungarian media, the defender first discovered a severe vulnerability in Magyar Telekom systems in April 2018 and reported it to the company officials, who later invited him to a meeting.
Reportedly, the hacker then traveled to Budapest for the meeting, which didn’t go well as he expected, and apparently, the company did not permit him to test its systems further.
However, the man continued probing Magyar Telekom networks and discovered another severe vulnerability at the beginning of May that could have allowed an attacker to access all public and retail mobile and data traffic, and monitor company’s servers.
When Magyar Telekom detected an “uninvited” intrusion on their internal network, the company on same day reported the incident to the police, leading to his arrest.
The hacker is currently on trial. The Hungarian Prosecution Service is requesting a prison sentence, while the Hungarian Civil Liberties Union, a non-profit human rights watchdog, is defending the hacker, claiming that the indictment is inaccurate, incomplete and in false colours.
images from Hacker News