bug in software
Arrest ethical hacker leads to street protests

A student in Hungary was arrested after he found a bug in the Budapest public transport website, and reportedly reportedly reported. The incident raises a lot of protest.

Reporting solid security errors remains risky, even now the world becomes more familiar with ethical hacking and bug bounties all sorts of. This must be evident from the story of a student in Bulgaria. The 18-year-old found a bug in BKK’s brand new e-ticket system, allowing him to change the ticket price of a ticket, and could buy the ticket at a different price. He made it quite simple, by putting his browser on developer mode (so, euh, on f12), and changing the source code of the site. He then reported to BKK, complete with demo.

In response, he was arrested, and Kálmán Dabóczi, CEO of BKK held a press conference in which he reported with some pride that his team had found a hacker and lodged an official complaint against him.

He told the public that the website is back in the meantime. You may recognize this as an incorrect way of responding to a potential security crisis.

His version of the facts was almost immediately contradicted by the young man himself, who reported in a Facebook post that he informed BKK about the security issue a few minutes after his discovery. “I did not use the ticket (from the demo, nvdr), I do not even live near Budapest. I have never driven on a BKK route. My goal was just to tell the BKK that they were there Was a mistake so that they could fix it. ”

He continues: “The BKK has not been able to answer me for four days, but in their press conference they talked about a cyber attack that was reported. I found an amateurist bug that could be exploited by many people. Do you really think that an 18 Year-old would circumvent a serious security system to commit crimes, and tell the authorities immediately. ”

That post has gone viral fast, and it is quite clear which way the public opinion has chosen. The Facebook page of Budapesti Közlekedési Központ (BKK), the public transport agency in Budapest, has been flooded with reactions for several days, and the website of the organization has been plagued by online attacks. The fury grew only when it turned out that a local company, T-Systems, spends one million euros a year to maintain the systems. The latter reported in a new announcement that the bug is meanwhile meanwhile, but now that half the internet picks up the website, many other errors are found.

Early this week, protesters came to the streets for the offices of the BKK in Budapest. The media in Hungary have also jumped in the meanwhile, with interviews and profiles in which the young man is welcomed as an everyday hero.

Translated from Source