A corrupt laptop repair engineer has gone to jail for nine months after he was convicted of hacking into the laptop of one of his customers. Grzegorz Zachodni, 30, was caught browsing through pictures in a private folder and attempting to hack into an online banking account during a Sky News investigation into computer repair …
Crap at repair as well
Should have used a separate OS boot disk to do the repair, and should have spotted the spyware type app filling the hard disk with video.
As for trying passwords from a file marked password, what a plonker.
I guess he would have transfered any money into a file marked swag.
This crook is not to be commended at all but the assumptions you've stated aren't necessarily true.
While I agree the prudent thing to do is first mount the volume in another system (or a boot disk but that often grants less functionality) and scan for and look manually for suspicious files, ultimately you have to boot the system with the original drive to be sure you caught everything which includes poking around at files since it cannot be assumed any scanner catches everything.
Would he have spotted the drive filling with video? Perhaps, or perhaps not. Lots of junk running in the background can cause CPU spikes if it's a reasonably compressed format which hits the hard drive not all that much more than windows otherwise does when finishing booting and prefetching things, not to mention the idle time tasks like indexing or defragging, or that doing a scan for malware again is causing continual CPU spikes and HDD access.
If he'd searched for a video file, wouldn't we by the same token suggest he shouldn't have been searching for video files since the most likely reason is to get personal data, since windows operation does not depend on video files?
In a production environment you don't really want to do some kind of comprehensive PC analysis, only to get the job done for the price quoted then move on to whatever else you have to do or want to do.
As for trying passwords from a file marked password, why wouldn't those be the first to try, would you instead search for a file named "aunt betty's fruit cake recipe.doc"?
What he did isn't hacking.
Apologies for this, but....
...as terrible as this is, I'd really like to see the bikini pictures.
Failing that, some hot Playmobil-on-Playmobil action would suffice.
He's very flattered but
unfortunately has no pictures.
Or maybe it was Esther Rantzen. :-E
Hey, Reg forum mod people, can we have new icon, one to represent being physically sick!?
Oh hang on, we have one already...
Watch the video then
So what happens to the repair person* who looks through private folders and attempts fraud but who also finds "extreme porn". Does he get busted for fraud as well as the customer for his "porn" collection. Or does the repairer get let off for dobbing in the customer? Would a repair person be able to prove that he didn't attempt to commit fraud? Could lead to people who get convicted for porn on their computer also dobbing in the repair person for attempted fraud.
* I say repair person, not repair engineer since engineers should be highly qualified people and most repairers just follow scripts.
I half agree with you. If a customer brings in a system which isn't password protected and simply wants it "fixed", they are granting permission for the technician access to their files unless explicitly stated otherwise.
Some viri attack personal files like JPEGs, some download pron, some send spam, etc, anything that is not part of the default windows install is a reasonable place to look if it is malware you're tracking effects of.
On the other hand if the tech had copied off the files I'd feel differently and I do believe he shouldn't keep his job after seeing the files were not related to his task but kept looking at them which becomes a breech of employer-employee contract in many cases, and of course the jail time for the online banking attempts.
... but in the end, if you don't want someone looking at your dirty pics or other docs, you don't leave them sitting unencrypted if at all on the system HDD you take in to let a stranger look at, just as you don't leave real photos of yourself nude on the kitchen table if you're letting a plumber in to fix the kitchen sink.
Copied off the files.
If you don't clone a system first before repairing, your an idiot. Repairs dont always work. Some tasks like virus scanning actually take less time on a rigged up system, rather than the clients archaic box. Also cloning lets you know if the HD is nackered.
Recently I had an idiot dump stuff on a keyboard with a machine with a windows7 CD in it. I really found the clone usefull then.... (Windows is, now, really stupidly dumbed down)
I read this a few days ago and thought it was a bit on the harsh side. I'm fairly sure a good dose of community service and a suspended sentence would have worked just as well, especially seeing as they dangled the carrots with a view to this scenario happening.
It's a bit like looking through someone's diary and flicking through to the section named "PRIVATE DO NOT READ". You know you should not do it but the temptation is there and it seems harmless at the time.
I'm not saying he should have been accessing bank accounts or looking at saucy bikini pics but at the end of the day all he did was look, 9 months seems a bit harsh for that.
@Matthew - Not Quite
"A total of six attempts were made to access the online banking account, Sky News reports."
He didn't just look. Admittedly, if he did just have a peek and got caught checking out personal info then a lower sentence would have sufficed, but this guy actually abused his position in an attempt to fraudulently access someone's bank account. Can't help thinking he wouldn't be doing that purely out of curiosity.
Seems to me that the general opinion in this country (and others) is that if you do something wrong then jail is the place for you. We are in 2010 now not 1810 and I like to think that we are a little more sophisticated than "stick him in the slammer".
The fact is no one was hurt by his actions yet he gets to spend 9 months (ok half that) behind lock and key, costing the taxpayer money and probably ruining his life to a certain extent. Punishment needs to fit the crime and in this case no one was hurt, no losses made, no damage etc so wtf is the point in sending him to jail? I'm not saying don;t punish him, just that there are better options available.
@ Matthew Anderson
Are you certain your opinion on this is reasonable? By the same token I assume you wouldn't mind if someone fired a gun at you every time they saw you, so long as they didn't hit you (so no one was hurt by the actions)?
Is it not illegal to try to rob a bank if you don't leave with any money? Is it not illegal to speed if you don't wreck?
The point of sending him to jail is very easy to understand, it is punishment to deter him and other would-be criminals. What is the better option, sending him to pick up litter in town for a couple days? Fair is fair, if you break the law you have to be put in prison. If you don't like the laws - and almost everyone has a problem with one law or another, the best you can do is vote to change them or accept the punishment if convicted of breaking one.
In short, it doesn't matter what you or I "feel" is just, and rightly so, justice cannot depend on one person's subjective opinion. Besides which, 9 months is not a very long time and if having a criminal record causes him to lose job opportunities in life, why shouldn't it? Why shouldn't people that don't break the law have that as an advantage in life over those that do? How would we ever temper crime if everyone got a slap on the wrist?
Ok, BUT there is no law against "abusing your position" or curiosity. The thing the fellow tried to do (which I do feel deserved at least 9 months in jail) was get into the bank and other online password protected accounts... makes no difference whether it was during or after performing his job, whether he had any specific skill at it, or even whether he knew the victim at all - had never even heard the name or saw the person who owned the bank account.
sounds like entrapment to me..
IANAL either, but
I have the ability to use a search engine.
Learn what entrapment means first. To entrap, a person has to be induced to commit a crime they otherwise (probably) wouldn’t have committed. All these guys did was observe what the miscreant would do.
It was not entrapment (under law in England and Wales) as he was not encouraged to commit a crime - he chose to look in the passwords file and then he tried to use those passwords, neither of which actions were necessary to the completion of his work.
What might be interesting is whether he had a reasonable expectation of privacy as he worked. More to the point, if the journalists performed covert surveillance of other people, who did not break any laws, those individuals might be able to make claims against the organisation(s) concerned.
Perfectly legal (in some states)
I can't see how this makes sense either but apparently it's legal, reminds me of the show where the police left a wallet full of cash in a phonebooth, guy walks in puts the cash in his pocket, walks out then a couple of minutes later gets arrested and ends up with a prison sentence.
This guy is in prison for being stupid, at least this process will breed a better criminal by getting rid and victimising stupid opportunistic criminals.
....was the repair engineer who found all the dodgy pics on Gary Glitter's PC ever convicted for invading his privacy?
"Hopefully this conviction will be a warning to the computer repair industry that the copying or use of customers' private and personal information is not acceptable"
Unless you're repairing a laptop belonging to a 1970s glam rock singer...
Bicycle repair engineer
This falls well short of the expected behaviours of a professional Engineer. What does the Engineering Council say about this ?
What ? Computer repair bloke ? I thought you said he was a repair engineer....
Engineer? More like technician...
He was working at repair, rather than design. He's no hacker and no engineer either.
Not really entrapment, is it....
...unless casually browsing through the filesystem is a natural part of the repair process.
@ Not really entrapment, is it...
No it isn't entrapment, but depending on the repair, yes a competent technician would browse through the filesystem if it were something like a typical malware infection because it is unthrough and premature to assume that if a virus scanner can't find anything remaining that you can be assured nothing remains. The competent tech would note things running at boot-time, new file dates and folders, background processes, etc. Anything not part of a default windows install "could" be something other than what it appears to be, though I will grant that most malware authors are pretty dumb, they could make a virus look like a normal application instead of an obvious malware... they just wouldn't have as much of a purpose for the infection then.
We can say that the pics were none of those things but to know that you have to browse to them and see them - at least the filenames, it doesn't excuse continuing to look at personal pics whether they be of a woman in a bikini or a picture of a potted plant.
However, it can be fairly stated that in no way was it related to computer repair to attempt to access the bank account, UNLESS it was something as innocent as firing up the browser to see if any BHO infections where present and having the bank acccount login page auto-load because the user had set tabs on their browser to automatically open that webpage, at which point there is no justification for trying to get into the account.
Caught him red handed?
Well, what color are his hands now?