in brief Public Transport Victoria has reportedly reported a 16-year-old Melbourne schoolboy to Victoria Police for merely informing it of substantial security holes in its IT infrastructure. The Age newspaper reports (we recommend you click here for the full article):
“Joshua Rogers, 16, discovered an extensive database containing the personal details of public transport users in Victoria, using what cybersecurity experts described as a common hacking technique … Public Transport Victoria said the Metlink database had been ‘‘illegally accessed’’ and that it was ‘‘the only known attack on its website’’.
It appears that Rogers’ actions in disclosing the IT security hole directly to Public Transport Victoria were in line with what is termed in IT security circles as “white hat” hacking behaviour. Wikipedia describes white hat hacking as follows: “The term “white hat” in Internet slang refers to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization’s information systems.”
So-called “white hat” hacking is generally considered ethical within the IT security industry, as it is aimed at testing IT systems to ensure security, rather than to breach security. In contrast, the ‘hackers’ popularly portrayed in mainstream media are often what the IT security industry would label “black hat” hackers — those who attempt to breach computer systems for malicious reasons or for their own personal gain.
Public Transport Victoria’s apparent overstep is not the first time a major Australian organisation has had an overreaction when confronted with an IT security problem. In October 2011, local superannuation fund First State Super reported a similar attempt at assistance to the NSW Police.
Image credit: @CJNewsAu, used with permission