An ethical hacker who discovered a security vulnerability in Magyar Telekom’s IT systems during April 2018 is currently being investigated by the Hungarian Prosecution Service after the company filed a complaint and faces 8 years in prison, local Hungarian media reports.

The security expert announced Magyar Telekom of the security issues affecting their systems and, although he met with company officials and they mentioned a possible collaboration, nothing materialized.

Following these events, he continued probing Magyar Telekom's systems which led to the discovery of yet another vulnerability that would allow potential attackers to "access all public and retail mobile and data traffic and monitor the servers of the companies served by T-Systems," says Hungary Today.

Indictment documents incomplete according to defense

The Hungarian telecommunications company's security team detected this second intrusion and reported to the authorities that their systems have been breached by an unknown attacker.

napi.hu says that "the company stated that Magyar Telekom has very serious internal systems and processes to ensure that attacks are prevented and fended off." Furthermore, they emphasize that their systems are constantly monitored to take the necessary measures immediately if necessary."

The trial is already ongoing and according to the Hungarian Civil Liberties Union (HCLU/TASZ), the NGO which defends the defendant white hat, the indictment lacks multiple details needed to clarify the circumstances of the events "and in general, nothing that would be necessary to present the lawful accusation in detail."

Hungary Today claims that the indictment documents issued by the Jász-Nagykun-Szolnok County Prosecutor’s Office accuse the man of breaking into Magyar Telekom's database and committing the "crime of disturbing a public utility".

They added that the Prosecutor’s Office offered the man an unusual plea bargain: if he admits he is guilty, the court will suspend the sentence for two years. If not, he may have to serve five years in jail. After refusing the plea bargain, the Prosecutor’s Office upgraded the crime in the indictment, now accusing the man of disrupting the operation of a public utility. As a result, he can be sentenced to up to eight years in prison.

HCLU previously helped defend other Hungarian white hats

HCLU further commented the case declaring that white hats shouldn't be prosecuted given that they are providing a service that, in the end, helps the entire society. On the other hand, the Hungarian Prosecutor's Office argues that the defendant "crossed a line and due to the danger his actions may have posed to society, he must face the consequences of criminal law."

Magyar Telekom issued a separate statement saying that the complaint was filed because the ethical hacker launched new attacks against their systems and did not cooperate with their own investigation.

They also highlighted the fact that the intrusion and the vulnerabilities discovered in their systems did not impact their customers' data or their communications networks.

This is not the first time the HCLU successfully defended Hungarian ethical hackers. During 2017, the NGO represented an 18-year-old man which was accused of hacking the online ticketing system of the Budapest Transport Center (BKK) and another one who was indicted for misuse of personal data and hacking following an intrusion within the National Tax and Customs Administration's systems.

Thank you for the tip MalwareHunterTeam