- Hungary’s Prosecutor Office has indicted the white hat hacker on account of finding vulnerabilities in the database of the country’s largest telecom company, who reported an unknown attacker to the authorities.
- This comes after he informed Magyar Telekom of the security loopholes and continued exploring for more flaws in the system.
A white hat hacker is facing an 8-year jail term for exposing vulnerabilities in the database of Magyar Telekom after the latter filed a complaint against him.
Magyar Telekom group operates the T-Home, T-Mobile, and T-Systems companies in Hungary.
From job offer to jail
The hacker, whose name remains undisclosed for now, had contacted the telecom company in April 2018 to inform a vulnerability in their database. As a consolation, Magyar Telekom discussed employment terms for joint work with the hacker once he reported the loophole but it never happened.
However, the hacker continued looking for security issues. In May, he found a serious loophole that allowed access to all private and public data in the company’s servers. Following this, Magyar reported that it was done by an unknown attacker, that eventually lead to his arrest.
The Hungarian Civil Liberties Union (HCLU) has chosen to defend the hacker and has blamed the Prosecutor’s Office for not clearly expressing his crime.
"The trial began this week and according to the HCLU, 'the Prosecutor’s Office is asking for a prison sentence' despite the fact that in the indictment files 'it is not clear what exactly has he done.' The files lack the place, time, and means of the committed crimes he is accused of, 'and in general, nothing that would be necessary to present the lawful accusation in detail'," reported Hungary Today which covered the news.
On the other hand, the Prosecutor’s Office had also offered the ethical hacker a plea bargain. The plea would reduce his sentence to 2 years. However, he rejected it and the office increased his sentence to 8 years.
Notably, earlier in 2017, Magyar Telekom had been embroiled in a similar case where an 18 year old student had reported a major security bug in an online ticket service launched by the company. The student was detained by the police which had led to a public outcry at the time.