SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Teenage Security Researcher Reports Flaw in Budapest Transport Authority Site, Is Arrested
Date    Thursday August 17 2017, @12:48PM
Author    martyb
Topic   
from the no-good-deed-goes-unpunished dept.
https://soylentnews.org/article.pl?sid=17/08/17/0127230

An Anonymous Coward writes:

An 18-year-old Hungarian man was taken into custody after reporting one of the numerous bugs in the Budapest Transport Authority's site. He found the bug by using the "view source" feature of his browser. He then bought a ticket at much less than its usual price, and reported the problem to the transit authority without using the ticket.

Bleeping Computer has a translation of a message from the arrestee:

I am an 18-year-old, now middle school graduate. Perhaps that which differs from the average, is that I trust that I can help solve a mistake.
I discovered last Friday [2017-07-22] that I could take a monthly ticket for 50 for the new internet e-ticket system in BKK, and then informed them about two minutes later. I did not use the ticket, I do not even live near Budapest, I never traveled on a BKK route. My goal was just to signal the error to the BKK in order to solve it and not to use it (for example, to sell the tickets at a half price for their own benefit).
The BKK has not been able to answer me for four days, but in their press conference today they said it was a cyber attack and was reported. I found an amateur bug that could be exploited by many people - no one seriously thinks an 18-year-old kid would have played a serious security system and wanted to commit a crime by promptly telling the authorities.
I am convinced that if I do not speak about the error, I will not report it. My hire was canceled only after I sent my letter to them.
I would like to publish this post without my name and identity. I ask you to help by sharing this entry with your acquaintances so that the BKK will come to a better understanding and see if my purpose is merely a helper intention, I have not harmed or wanted to harm them in any way. I hope that in this case the BKK will consider withdrawing the report

Original Submission #1Original Submission #2

Links
  1. "after reporting one of the numerous bugs" - https://blog.marai.me/2017/07/24/18-year-old-arrested-bkk-tsystems-e-ticket/
  2. "site" - https://shop.bkk.hu/bkk/bkkmain
  3. "Bleeping Computer" - https://www.bleepingcomputer.com/news/security/45-000-facebook-users-leave-one-star-ratings-after-hackers-unjust-arrest/
  4. "Original Submission #1" - https://soylentnews.org/submit.pl?op=viewsub&subid=21811
  5. "Original Submission #2" - https://soylentnews.org/submit.pl?op=viewsub&subid=21815
© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Teenage Security Researcher Reports Flaw in Budapest Transport Authority Site, Is Arrested on 2024-04-24 19:25:51