September 28, 2006
A man who accessed the Reserve Bank's telephone systems to find security
weak spots then billed the bank for his unsolicited services told the
Wellington District Court he was surprised when police questioned him
about his actions.
Gerasimos Macridis, 39, a researcher, represented himself in court
before Judge Ian Mill.
Macridis pleaded guilty to one charge of intentionally accessing a
computer system knowing he was not authorised to do so.
Police prosecutor Colin McGilivray told the court Macridis had
telephoned the Reserve Bank on May 30, introducing himself as a security
He outlined problems with the bank's telephone system, then requested
payment for providing the information. He also contacted Telecom and
asked for payment, outlining testing he had conducted, vulnerabilities
he had found and ways these could be fixed.
The Reserve Bank made a complaint to police, who searched Macridis'
house on September 21 and seized his computer.
Mr McGilivray said Macridis admitted having no authorisation from
Telecom to conduct his research but claimed he was not aware his actions
Macridis has a significant number of previous fraud convictions and it
appeared he was trying to obtain money through virtue of his technical
knowledge, Mr McGilivray said.
In his defence, Macridis told the court he had worked as a security
consultant on a casual basis for the past 11 years. He said he had
previously done extensive work for Telecom and completed assignments for
the Police and the Department of Internal Affairs.
He said his intentions were lawful. He told the bank its phone calls and
facsimile transmissions could be intercepted from overseas.
Judge Mill described the case as very unusual. He noted Macridis'
dishonesty offending ended more than 10 years ago.
He said Macridis used his talents to identify security risks and he had
identified a grave risk to the Reserve Bank and its customers.
He did not pass the information on to others and did not use it for
personal gain. "In my view his intentions were honourable."
Judge Mill said conviction would be out of proportion with Macridis'
actions and he discharged him without conviction.
Visit the InfoSec News store!