Slovenian Student Gets Sentenced for Reporting Configuration flaws in Tetra Protocol
Is it possible that somebody could be sent to jail for identifying security flaws in a protocol that is being used by the local Police department? This particular news report strengthens the notion that it certainly can happen.
Reports have it that a 26-year old Slovenian hacker identified configuration flaws in the Tetra protocol that was being used by the police but the guy ended up receiving a prison sentence. The Slovenian news site Pod Crto reported that “Ornig judgment is charged attack on the information system, falsification of documents and undue audio recording.”
Hacker should have obtained permission, says the authorities
This means hacking on ethical grounds is also a risky feat. The Slovenian hacker is actually a student named Dejan Ornig and he is currently facing drastic outcomes for discovering errors in the Police Communications Protocol. Ornig managed to identify security-related weaknesses in the Tetra protocol, which facilitates encrypted communications and is widely used by national authorities including the Police, Intelligence and Safety Company (SOVA), Jail administration and the military.
Back in 2012, Ornig started working on the Tetra implementation with his 25 colleagues. This was basically one of his school projects. In 2013, September, he identified that the protocol that is being used countryside has been misconfigured by the Slovenian authorities. It was identified that the Tetra implementation wasn’t encrypting data that was being transmitted for at least 70% of the time, which obviously was leading to severely damaging consequences if allowed to run like this. Therefore, the student reported this discovery.
However, much to his surprise, the authorities didn’t respond in a way that he had expected. So, Ornig decided to disclose this finding to the public in March 2015. When this was done, the authorities woke up from their deep slumber and fixed the Tetra implementation issues, however, they started harassing the student. Ornig was charged with hacking the Government network on three different times in 2014, in February, March and December respectively.
The student’s house was raided by the authorities in April 2015 and his computer along with a custom device with which he interrupted Tetra communication was confiscated. The Police also found a fake police badge, which further complicated the situation. When his computer was examined, it was revealed that there were illegal recordings present on the hard disk that belonged to his previous boss. Thus, the police were able to file another charge against the young student.
Slovenian authorities also claim that Ornig should have obtained permission from authorities to conduct the tests that led him to identify issues in the above-mentioned protocol.
As of now, the student has been given suspended jail sentence of 15 months, suspended because the authorities have given him the sentence on the ground if he vows to never repeat this crime in the next three years.