Dejan Ornig, a 26-year-old student at the Faculty of Criminal Justice and Security in Maribor, Slovenia received this week a suspended prison sentence of 15 months, and will not go to jail if he does not repeat his crime in the next three years.
Ornig’s crime, according to local news site, was that he found and then publicly disclosed security issues in the state-developed TETRA encrypted communications protocol.
TETRA is used by Slovenian police, but also by some parts of the army, the Slovenian Intelligence and Security Agency (SOVA), the prison administration, and even some entities in financial administration departments.
Student was silent over TETRA encryption flaws for over two years
The student started his work on investigating TETRA in 2012, as part of a school project with 25 other faculty colleagues. By September 2013, Ornig discovered that Slovenian authorities had misconfigured the TETRA protocol.
The protocol, which was designed to encrypt sensitive communications, was sending unencrypted sensitive data over the Internet aroundof the time.
Following a responsible disclosure practice, the student informed the police of his findings. Seeing that authorities took no action, Ornig made his findings public in.
Was he supposed to face trial?
While officials corrected TETRA’s encryption issues, they also brought charges against Ornig for attempting to hack their network on three separate occasions in February, March and December 2014.
Officials also conducted a search of his house a month later, in April 2015. Besides seizing his computer and a $25 custom equipment with which Ornig was able to intercept TETRA communications, officers also found a fake police badge, and also accused him of impersonating a police officer.
After analyzing his hard drive, police piled on a third charge for illegally recording his former employer. Recordings showed abusive language from his former boss, who was calling Ornig “stupid” and addressing him with other curse words.
Despite the student’s obvious good intentions and his cooperation with authorities, police claimed that Ornig should have sought official permission to carry out his research, which they claimed hampered the normal operation of some of its radio stations.