Suspended Prison Sentence for Disclosing TETRA Security Issues
Dean Ornig, a 26-year-old student at the Faculty of Criminal Justice and Security in Maribor, Slovenia, received this week a suspended prison sentence of 15 months and will not go to jail if he does not repeat his crime in the next three years.
Ornig's crime, according to local news site Pod Crto, was that he found and then publicly disclosed security issues in the state-developed TETRA encrypted communications protocol.
TETRA is used by Slovenian police, but also by some parts of the army, the Slovenian Intelligence and Security Agency (SOVA), the prison administration, and even some entities in financial administration departments.
According to the website; Softpedia, the student started his work on investigating TETRA in 2012, as part of a school project with 25 other faculty colleagues. By September 2013, Ornig discovered that Slovenian authorities had misconfigured the TETRA protocol.
The protocol, which was designed to encrypt sensitive communications, was sending unencrypted sensitive data over the Internet around 70 percent of the time.
Following a responsible disclosure practice, the student informed the police of his findings. Seeing how authorities took no action, Ornig made his findings public in March 2015.
While officials corrected TETRA's encryption issues, they also brought charges against Ornig for attempting to hack their network on three separate occasions in February, March and December 2014.
Despite the student's obvious good intentions and his cooperation with authorities, police claimed that Ornig should have sought official permission to carry out his research, which they claimed hampered the normal operation of some of its radio stations.