The Channel logo


By | John Leyden 27th September 2006 18:22

Naive 'hacker' escapes punishment

Hanging on the telephone

Here's a cautionary tale for would-be penetration testers: get permission from a bank before you try to bill them for helping to identify and fix the security short-comings of their services. New Zealander Gerasimos Macridis, 39, learnt that lesson the hard way after his attempts to help the country's Reserve Bank in improving its telephone banking systems resulted in a court appearance.

Macridis told Wellington District Court that he was surprised that his attempts to bill the bank for unsolicited services ended up with the police, and not a cheque, arriving on his doorstep. Macridis was more guilty of naivety then mendacity, the court heard.

Macridis phoned the Reserve Bank in late May. Identifying himself as a security consultant, he explained how calls and fax messages might be intercepted overseas before requesting payment.

He also contacted Telecom New Zealand and gave a full run-down of the testing he'd done and how to fix the vulnerabilities he'd identified before again asking for a fee for his unsolicited services. Bank officials complained to the police, who raided Macridis's house on late September and seized his computer.

Questioned by police, he admitted he had no authorisation to conduct his tests but said he didn't realise he'd done anything wrong, a belief that investigators were quick to dispel. Appearing before Judge Ian Mill, Macridis pleaded guilty to intentionally accessing the Reserve Bank's telephone system without authorisation.

Prior to 1994, Macridis had racked up a number of fraud convictions making it appear to investigators that he might have been using his technical knowledge to extort money from the bank and Telecom New Zealand. But Macridis, appearing in his own defence, persuaded the judge he turned over a new leaf since then, working on a casual basis as a security consultant for Telecom New Zealand and the police, among others, over the last 11 years. He did not use the security shortcomings he discovered for personal gain or pass on the information to other, potentially less scrupulous, individuals.

Judge Mill accepted these arguments and discharged Macridis without conviction despite his earlier guilty plea. "In my view his intentions were honourable," he said. ®

alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


Suit-and-tie-wearing man tries to meditate, take deep breaths in faux yoga pose. Photo by Shutterstock
Emotional intelligence, not tech skills, is the way to woo suits
League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe