Save Neil McDonald

Looking at your ‘read more’ link, something alarms me:

“Okay, so 3 years ago I gained access to The University of Melbourne. 5 different departments databases. I had access to various types of [redacted] logins etc. Interpol gets hold of it, under: Operation Akimbo. They found me, I gave a statement, and confessed.”

Interpol would not have been able to ‘get hold of it’ so quickly. This makes me believe that the story he tells isn’t fully accurate. I am assuming he decided to dig further with this information (5 different departments further?) before reporting, rather than reporting the initial breach immediately without accessing anything further.

7 years is too long I agree, but I am not swayed by this story and in my book grey-hat == black-hat.

Judging him the way you do is improper in my opinion, after all it is mostly gray-hats who drive the IT world to a change and apply proper ethics, as Neil did. Yes, he did breach the server without permission. Yes, he did dive deeper; but what if he didn’t do so? What if somebody else discovered the vulnerability and used it to their advantage? What if all the information was leaked or even worse - sold? Neil McDonald is not a criminal, he is a hero because he managed to overcome the human Ego and the lust for power. But a lot overlook that and see him as a selfish, greedy black-hat. Even though he acted for the well-being of the University and those related to it, he obviously needs to pay for what others claim to be a crime. But seven years is too much.

White-hats do not exist. They are just yet unseen gray-hats.

[quote=Elhitch]White-hats do not exist. They are just yet unseen gray-hats. [/quote]

Yet you judge a whole community…

I judge nobody, instead I express my personal opinion. I don’t enforce it neither by commands, nor negative karma. I am only provoking you to reason his actions.

In the same vein, mine was also opinion.
Did you judge me in saying I was judging another? :D

This is all getting out of hand :)
I’m out.

Perhaps I did, and perhaps I didn’t. :P And do not worry, I am not planning to start any trouble. Thank you for the time and effort you dedicated. No sarcasm.

Likewise. Healthy debate is fun once in a while :)

The main problem here is lack of information. That is, we know nothing except vague claims from McDonald himself.

We only have one concrete thing: the mentioned law [1]. From 1961? Yeah, not quite; relevant sections have been replaced in 2003. He’s getting 7 years? Not quite; maximum sentence is 7 years. What is it about? About damaging data on the systems. (Fine, it also says ‘modifying’, but I think it is clear that this is meant in a destructive way.)

So yeah.. feel free to join that little hype over there. ;)

(As for the hats: definitions matter.)

[1] Crimes Act 1961, Section 250