Australian hacker sentenced upon appeal, Sophos says better late than never

May 16, 2003 Sophos Press Release

Sophos, a global leader in anti-virus protection for businesses, has welcomed the conviction on appeal of Australian hacker and self-confessed "nerd" Stephen Craig Dendtler.

Dendtler, aged 22, hacked into one of Australia's largest ISPs, OptusNet, gaining access to 435,000 customer records and passwords. However, at his original court hearing in April, despite him pleading guilty and the charges being proven, no conviction was recorded against him.

Sophos, at the time, questioned the lack of any sentence, pointing out that breaking into remote computer systems and accessing other people's private and personal information was clearly not acceptable.

The Australian authorities subsequently appealed the case on the grounds that the non-existent sentence was clearly inadequate and might have encouraged others to engage in similar activity.

Judge Justice McGuire of the New South Wales district court agreed with the appeal and fined Dendtler AU$4,000, placing him on a two-year good behaviour bond.

"Hacking is a crime, and there is no point having penalties against crimes like this if the courts are not prepared to sentence those who are found guilty," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "Even though it is agreed that Dendtler did not use his access to the data for his financial advantage, it is still a crime to gain unauthorised access to such material."

Under cross examination, Dendtler told the court how he had been a "nerd" since an "early age" and had a particularly strong interest in computer security.

Judge Justice McGuire rejected Dendtler's claim that his actions constituted an "intellectual pursuit" saying, "You don't access 435,000 [usernames and passwords] to fill in a Saturday afternoon. It's a matter of common sense. Why would you do it?"

The Judge also criticised Dendtler for discussing his actions and the methods he had used with others.