Australian police criticise 'ethical' hacking demonstration

Australian police criticise 'ethical' hacking demonstration

Summary: Police in Queensland, Australia have spoken out after a researcher demonstrated an 'ethical hack' on a Facebook user account


Police in Queensland, Australia have spoken out against a demonstration of a Facebook privacy hack that took place at the BSides Australia conference on the Gold Coast.

Read this

Hacked off: Protect your email from a breach

Because online security breaches seem 10 a penny, consumers must take simple steps to protect themselves, says Rik Ferguson

Read more+

In the demonstration on Tuesday, researcher Christian Heinrich showed how he obtained from Facebook photographs of security contractor Chris Gatford and his family, including the image of a child. Heinrich used a brute-force attack to guess the URLs of privacy-protected images stored on Facebook's content distribution network. The incident led to a journalist being arrested and having his iPad seized, after he published some of the images online.

Following the event, detective superintendent Brian Hay, head of the Fraud and Corporate Crime Group of the Queensland Police Service, criticised the demonstration of a so-called 'ethical hacking'. "I think cultures have built up where hacking, in the past, has been a part of a competition, and you have black-hat conferences around the world. The technical reality is that on those occasions crimes may well have been committed," he said.

For more on this ZDNet UK-selected story, see Qld cops denounce 'ethical hacking' on ZDNet Australia.

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Topic: Legal


Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust.

He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit trap, clear a jam in an IBM model 026 card punch and mix a mean whiskey sour.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • Clearly some law enforcement organizations are have less or no knowledge at all in the difference between 'black hat' & 'white hat'. I've read the whole article & it is very sad to know that the enforcers only know of 'black hat'. It's just the same concept, 'Good cop - Bad cop' & 'White hat - Black hat'. Duhhh! Just because you are not open to system vulnerability checking of any method, doesn't mean others will follow. Take a look at other country's government, banks of the world, Fortune 500 organizations who resolve to the 'White Hat's to identify the loop & strengthen their system. This article is so over-rated just because it's a press conference by the police. I think they don't even have a team of Computer Forensics!