(it was translated to English by me, sorry for any mistakes):
- he was invited to visit Telekom's office (the expenses was on him), and wanted to give them the details
- he was not convinced by the meeting that they'll solve it (close the doors): tried again, successfully (yep, that's a bit grey hat).
There are several issues not with the hacking, according to the Hungarian Civil Liberties Union:
- the prosecutors used a way too generic accusation which missed several important details, like [regarding the crime] when, how, etc.
- the accusation claimed that the hack was done by using the Internet (seriously).
- they (the prosecutors) offered a deal of "admit the crime == free to leave" but when the guy denied they asked for more prison.
- the prosecutor stated: "we are not IT people but we know from the media (!) that with Internet and certain competence he could have hidden more of his digital footprints". And the prosecutors didn't asked for expert advisory for more than one an a half year long.
- they asked for 8 years because the hacker should have been able to disturb a public interest service, though the company claimed that this server/service was not affected any of their customers.
The guy was not sentenced yet, likely won't be, but given how incompetent everyone involved one can not be sure.
Telekom does not want to press charges as far as I know, so despite their gross technical incompetence, at least their they have that going for them.
Hungary recently had a bunch of ethical hackers getting into trouble, but fortunately the people are so outraged at the powers that be trying to jail them that they don't get harmed.
Does the public prosecutor in Hungary have a poor conviction rate? I know nothing about your country, but if I were facing a similar charge in the US I would be very concerned.
BKK then tried to prosecute him but quickly dropped the case since there was a huge public outrage. The website and the related services has been down ever since the incident.
So this is why people suspect they will drop the case soon again, but as an other commenter already said, they are incompetent and corrupt to the bones, so who knows?
But Hungary is a very tense country, it only needs a spark to blow up (last time internet tax triggered a massive massive protest), so I don't think the political elite wants to risk protests and outrage.
Not if you are a politician. In the last two terms of Fidesz 1 low figure guy was convicted. I find that ridiculous since we are the poster child of corruption in the EU.
It is because the Chief Prosecutor is a good old friend of Orban.
The article says the prosecutor's recommending an 8-year jail term, but since the court hasn't decided on the case — how did the hacker "get" a jail term?
Is the article wrong, or is the Hungarian legal system different from what I'm used to?
And if you really care about reputation building, you could use an ~anonymous pseudonym plus the sha256 or sha512 hash of some string. If it all works out, you just share the string, and reap the credit.
Why not publish the leak online to force the company to fix it asap?
As someone having worked in pentesting, I have mixed feelings about this situation. Whitehat or not, the hacker knew that what he was doing was illegal. Of course this gives the hacker a dilemma, as not disclosing might result in a blackhat exploiting the same vuln.
Oh gee, a “blackhat” exploits it. Moral dilemma! Who cares? You can’t control what other people will do on the internet and if it’s a target worth more than pennies of crypto cpu someone else has most likely done it already. 9/10 there’s like a dozen webshells on that box if there’s a good bug to be had.
I srsly don’t get the hand wringing folks do. Shells are shells and you know what you be doing.
But every year there are more summer children and I suppose we should look after them.
- If you do, be very careful about how you report it; must be to a recognised bug bounty program
- Especially don't do this in a repressive state
I understand that he did not want to admit wrongdoing, since he believed it should be considered an extenuating circumstance where public interest requires such action.
First of all, I think the argument that can be drawn from one Court decision is not very strong.
Second and possibly more important: this was a decision by the European Court of Human Rights (which is completely unrelated to the European Court of Justice and the EU) and the decision was not an appeal but the question was whether Austria had violated the European Convention on Human Rights which is a specific international treaty with specific Rights, mainly crafted in the late 1940s. It doesn't aim to be an all around Constitution for Europe but protects certain things for example in this case possibly free speech under Art. 10.
The fact the the HR Court interpreted the Convention in a way that allowed Austrian Authorities to fine a certain statement does in no way imply that freedom of speech is not protected in the European Union or in the Council of Europe Member States. Instead it is a fundamental idea of the European Convention on HR that states get a certain margin of appreciation to make decisions such as these. In other cases (for example concerning whistleblowing or Lingens v Austria) the Court has upheld free speech.
> Having a corrupt public servant (if this is the case here) does not make a country a "repressive state".
And now you seem to argue that other countries look repressive as well by quoting a single conviction that was invalidated by the ECJ.
First of all when you make an accusation you have to prove it, bring actual evidence, otherwise it's slander (or blasphemy, in a religious case). Second, we're talking about religion, so take every detail (the "evidence") with a grain of salt. Third, even assuming you can use a holy book to prove your case, the accusation is not valid because the law you're using wasn't in place back then when the "crime" was committed. On the other hand a blasphemy law is in place when your crime was committed.
So although I'm as far from a religious person as it gets, I still believe people are entitled to their own religious beliefs without someone uselessly dragging them through the mud. Every religion mentions some details that could prove insulting for many people, why bring one up in particular? And if a law is in place don't break it arguing that it's unfair. Maybe fight for changing it before you break it.
Eg China has a parliament too but it's just for show. The EU parliament is somewhere in the middle. Norway's parliament is probably the gold standard.
The Council of the European Union as well. Many (but not all) of the government representatives sitting on the Council are elected as MPs in their own countries, but that shouldn't make them a powerful part of the legislature at the EU level.
I wish we had a real bicameral European Parliament instead of this historically grown mess.
My point is that if you call that undemocratic then there is lots of thing probably much closer to home that you should also critisize - like appointed cabinets forming the government - at least in the UK, you elect a local representative - nobody anywhere voted for e.g. Jeremy Hunt to be foreign secretary, so wouldn’t you have to argue that that is undemocratic also?
Being able to vote is the bare minimum for a democracy, not its ultimate realization.
The accountability of elected officials, the procedures, who and when voted for those procedures, the processes used, etc., are more important than merely being able to vote.
In fact the mere decline in participation and lack of voter engagement is also indicative of the disconnect between Brussels and the national EU-voters.
I'm more left-of-center myself, but even the right-of-center Economist put it somewhat well (if mildly):
Not proper in that it's wanted, established by popular demand, accountable, has checks and balances, and moves according to the voters will.
> Since Orbán returned to power in 2010 his government has introduced measures to curb judicial independence and increase control over the media, and imposed restrictions that could lead to the closure of the Central European University (CEU).
Crackdown on the media, compromising judicial independence, and measures leading to increased obscurantism. Net effect is indeed leading Hungary towards being a repressive state.
The rest of what you mention certainly is repressive, but one of the stated aims of the foreign-funded CEU is, by its own admission, open-society propaganda. When the US tries to limit foreign political ads, is that also repressive? If not, why would putting a university behind those ads change things?
That's one interpretation. The alternative is that the media used to be owned/controlled by the (former) communists, and so was the judiciary.
Currently in Hungary it's simply controlled by the governing party.
* Via the Media Authority and the public service broadcasters
* Also financially (the public service broadcasters have a budget that dwarf independent media outlets' budgets, 300M EUR vs a few millions EURs at best; plus the government subsidizes gov-friendly outlets through advertisement and public communications contracts - and they advertise their own propaganda [you know, the usual George Soros, fight Brussels, immigrants are raping everybody] )
* Through buyouts (TV2, local newspapers, etc.), consolidation ( https://www.voanews.com/a/huge-pro-government-media-conglome... ) and strict central command ( https://budapestbeacon.com/wp-content/uploads/2017/11/megyei... https://kep.cdn.indexvas.hu/1/0/1981/19814/198141/19814191_0... )
There are a few independent sites that try to serve the classic democratic role of oversight.
That's even easier. The current government and the governing party is full of members with ties to the old Socialist/Communist era.
Oh, and don't forget, how since 1990 everyone conveniently forgot to finally grant access to the old secret police archives, or at least set up a process that can clean people holding and/or running for seats and various positions.
50 years of communism in the eastern Europe countries left most of the people with no wealth as it was forbidden to own a company, unless you where co-operating with the secret police and singed a deal with them. This caused the issue that after the collapse of communism and soviet union people with wealth were communist collaborators (there were informing about non-safe people and helping throwing them into jails and sharing money with police officers). Then after communism collapsed they've created TV, media and obviously there was still TV, Radio and press which was government owned, where the same people were working. So as you can see everything is post-soviet countries is still mostly owned by communists and police informants.
Also, don't forget the privatization boom during the early 90s, when every government sold whatever they could find to fund the country. Early on this of course benefited friends of the old guard.
Furthermore, police informants liked to remain hidden. Secret police officers on the other hand liked to make the deals with the informants, especially those with some kind of business ambition.
But these deals produced a very pathological market state. As soon as the old regime fell, new businesses sprang up, and they soon eclipsed these old protected inefficient ones.
Salaries are low because there is not enough high paying job, because there are not enough high-skilled workers to attract/fund businesses that would employ them.
Furthermore, the Hungarian economy and demography suffers from the same problems as other developed economies. Technological improvements made a lot of mid-value jobs so efficient (via automation and of course through global institutions and multinational organizations), that the demand for them disappeared. See David Autor's seminal paper: https://economics.mit.edu/files/11563 (for example page 13, figure 2 is very telling. middle class jobs "disappeared").
Hungary, just as the US suffers from the problem of transforming labor markets (middle class jobs are hard to find, plus typical worker class male dominated fields are shrinking, whereas female dominated service oriented sectors are rising). And whereas in case of the US a lot of people are simply caught in a vicious cycle of poverty and incarceration, about two hundred thousand Hungarians left the country since 2010. (That of course did not help the active population ratio, though people working abroad send a lot of money back.)
The education system is also regressing in the last 5-10 years, now the research institutions are in upheaval too, due to centralization and inefficient restructuring by the government.
This will slowly swing back one way or another. The recent "overtime work hours" law is a good example, because it doesn't make much difference, as the labor market for low-skilled workers is in a gridlock. (A friend of mine works as a HR manager and they can't find enough local workers, so they recruit Ukrainian foreign workers, for a simple, but big warehouse, 1000+ workers.)
And don't forget, wages will rise when labor share of profits increases, but that means more competition, less government protected oligarchs.
Privatization resulted in a lot of foreign companies owning stuff, not commies and informants.
Secret police driven businesses were not particularly successful even back then, they haven't accumulated much capital. There are bound to be some folks living off that, but investors in the early 90s were usually high income individuals. (Doctors, company directors, etc.) They got there during the 80s, which of course required the right party signals, but these people then sold stuff (real estate, companies, etc.) after its value appreciated to foreigners or the new guard.
It's very unlikely that "everything [in Hungary] is still mostly owned by communists and police informants."
There is absolutely no difference in how a shop assistant deals with clients in Hungary or Czech Rep. as in UK or US. So why the disparity? It is definitely not caused by skills, the prices of goods are the same (for sure not 4/5 times cheaper), so what is the problem? The foreign companies? Not enough powerful unions? Governments allowing that?
You haven't disproved my claim, you introduced a different one (that high skilled workers earn good money).
Hungary has fewer people that speak foreign languages (as percentage of working age population: https://scontent-vie1-1.xx.fbcdn.net/v/t31.0-8/18155924_8861... ) than any of the other EU member states. Hungary is the country where the ratio of graduates decreased among the 25-34 year olds between 2014 and 2017 (which might seem like a statistical fluke, but the problem is EU average is increasing monotonically since 2008, whereas Hungary had a peak in 2015 and declined since back to 30% vs 39% of EU average(!), see also: https://ec.europa.eu/eurostat/statistics-explained/index.php... 2017 )
This pretty much means Hungary has too few high-skilled workers.
> In every country you have lot more of low skilled than high skilled workers hence this is where the problem lies. There is absolutely no difference in how a shop assistant deals with clients in Hungary or Czech Rep. as in UK or US. So why the disparity?
And that's because economics works in the aggregate. Skills matter, because in Hungary you have too many people competing for those low skilled jobs.
Think about what does the emptying of the middle class means. Of what the Autor paper means that I linked. A lot of people move down. The low skilled jobs are threatened not by automation, but by having more people suddenly becoming "low skilled" (because if they are not high skilled enough to count as high-skilled, and middle-skill stuff is disappearing, then more people are now forced to try to find low-skilled work jobs).
https://qz.com/1010831/the-middle-skill-job-is-disappearing-... Hungary lost both low and middle skilled jobs, high-skilled jobs grew. Yet Hungary has comparatively few high skilled workers.
Hence those who are forced to work at "low skilled jobs" are now simply competing with each other more.
Personally, I'm less worried, if the Eastern European countries goes repressive they'll be leaving the EU one way or another..
> Hungary’s Prosecutor Office has indicted the white hat hacker
> 'the Prosecutor’s Office is asking for a prison sentence' despite the fact that in the indictment files 'it is not clear what exactly has he done.' The files lack the place, time, and means of the committed crimes he is accused of, 'and in general, nothing that would be necessary to present the lawful accusation in detail',"
The Prosecutor's Office is a state body, is it not?
It's highly unlikely this guy will actually go to prison. weev, on the other hand, did go to prison. Is the US a "repressive state"?
Well, it has the biggest incarceration rates per capita, and the biggest death penalty rates, of the whole world, and a horrible legal system (three strikes, for example, or the tons of people that went to jail for BS like marijuana). It has the top incidents of cops killing people in the western world. Heck, until the 70s it even have segregation laws.
Then there's the circus that are internal politics (the same two parties alternating in power for a century, following a bizarro multi-step process as remote from the actual people's vote as possible, with gerrymandering on top, and fat pockets with millions in promotion needed to have any chance as a candidate). Oh, and legal lobbying.
That said, they do have a decent rule of law, a legacy of respect for freedom of speech, and quite good representation at the state level.
[Edit: added some counter-items for balance]
aren't they beaten by Singapour on the execution per citizen ratio? They certainly were, a few years ago.
You can't say the same for all the people that die anonymously in certain countries that don't respect (or even have) laws that much.
The scariest thing is that Hungary joined the EU in 2004 but has since a few years turned into a very scary place.
It feels like we are a petri-dish for political experimentation to test what could be scaled up.
Well it's not that different in the West...
Western Europe saw oppressive candidates losing the fight and becoming a fierce opposition. Eastern Europe already got fucked and is now facing consequences. It was enough for the autocratic leaders to win fair elections once and there were no fair elections since.
Maybe it's time for solo security researchers to stop being the nice guys. I'm not saying they should start behaving like blackhats, simply that self-preservation must come first and when you are faced with an industry who treats what I'd consider acts of generosity with contempt and legal action, then fuck them.
> the first vulnerability allowed the hacker to obtain an administrator password through a public-facing service. The second bug allowed him to "create a test user with administrative privileges."
Translated source article with much more information: https://translate.google.com/translate?sl=auto&tl=en&u=https...
> She browsed and found a user guide in a PDF file on the Telekom website that contained the IP address of a DNS server. Performed a routine scan for this IP address and then surprised to find that it was relatively easy to get an administrator password from here.
This is outrageous and ridiculous. Magyar Telekom is a bunch of crooks anyway, why in western Europe phones plans are so much cheaper?
Everything costs more than in Western Europe (except rents and services), yet people make 1/6th of the money. Hence why third of the working population left the country.