Sophos, a global leader in anti-virus protection for businesses,
has welcomed the conviction on appeal of Australian hacker and
self-confessed "nerd" Stephen Craig Dendtler.
Dendtler, aged 22, hacked into one of Australia's largest ISPs,
OptusNet, gaining access to 435,000 customer records and passwords.
However, at his original court hearing in April, despite him
pleading guilty and the charges being proven, no conviction was
recorded against him.
Sophos, at the time, questioned the lack of any
sentence, pointing out that breaking into remote computer systems
and accessing other people's private and personal information was
clearly not acceptable.
The Australian authorities subsequently appealed the case on the
grounds that the non-existent sentence was clearly inadequate and
might have encouraged others to engage in similar activity.
Judge Justice McGuire of the New South Wales district court
agreed with the appeal and fined Dendtler AU$4,000, placing him on
a two-year good behaviour bond.
"Hacking is a crime, and there is no point having penalties
against crimes like this if the courts are not prepared to sentence
those who are found guilty," said Graham Cluley, senior technology
consultant for Sophos Anti-Virus. "Even though it is agreed that
Dendtler did not use his access to the data for his financial
advantage, it is still a crime to gain unauthorised access to such
Under cross examination, Dendtler told the court how he had been
a "nerd" since an "early age" and had a particularly strong
interest in computer security.
Judge Justice McGuire rejected Dendtler's claim that his actions
constituted an "intellectual pursuit" saying, "You don't access
435,000 [usernames and passwords] to fill in a Saturday afternoon.
It's a matter of common sense. Why would you do it?"
The Judge also criticised Dendtler for discussing his actions
and the methods he had used with others.