GoGet 'hacker' sentenced to 400 hours of community service

He was found guilty of seven charges.

Special Feature

A Winning Strategy for Cybersecurity

The smartest companies now approach cybersecurity with a risk management strategy. Learn how to make policies to protect your most important digital assets.

Read More

The alleged hacker who infiltrated GoGet's customer database to access customer data and vehicles freely in 2017, Nikola Cubrilovic, was sentenced on Wednesday at Sydney Downing Centre Local Court.

Cubrilovic was found guilty of five charges for taking a vehicle without consent, and a single charge each for dealing with identity information and dishonestly obtaining a financial advantage. 

For these charges, the court sentenced Cubrilovic to five years of community corrections, which will include 400 hours of community service work and supervision from community corrections officers.

The former security researcher will also be required to pay around AU$950 to GoGet and AU$678.50 to the GoGet member whose account was used to gain free vehicle rides.

Cubrilovic had pleaded guilty to these charges in an earlier trial.

Prior to the decision, Cubrilovic had been on bail for 15 months on the conditions that he had no internet access, reported daily to the police, and surrendered his passport.

Cubrilovic was initially accused of accessing GoGet's fleet booking system and downloading customer identification information including name, address, email address, phone number, date of birth, driver licence details, employer, emergency contact name and phone number, and GoGet administrative account details.

GoGet's IT team had identified the suspected unauthorised activity on its system on June 27, 2017, and proceeded to conduct a seven-month investigation with the NSW Police-run Strike Force Artsy. 

"On 27 June 2017, GoGet's IT team identified suspected unauthorised activity on its system and a full internal investigation was immediately commenced," then-GoGet CEO Tristan Sender said in a statement in January 2018.

Cubrilovic was then arrested in January 2018, and charged with two counts each of unauthorised access of identity information, modification of GoGet's system, and impairment with intent to commit a serious indictable offence, as well as 33 counts of taking and driving a vehicle without the owner's consent. The vast majority of these charges were withdrawn and dismissed in previous hearings that were conducted over the past one and half years.

At the time of the arrest, the police also seized laptops, smartphones, and electronic storage devices. 

The court will set a separate hearing date in relation to whether the devices are to be destroyed or returned to Cubrilovic. There is no hearing date as of yet.

Related Coverage

GoGet 'hacker' case stalled awaiting information from Amazon

Sydney Local Court has heard that Nik Cubrilovic intends to plead not guilty to all charges relating to the alleged access of GoGet's systems.

GoGet fleet booking system accessed, alleged attacker charged

A man has been charged after allegedly stealing the personal information such as name, address, and driver licence details, from the car-sharing company's database.

Security consultant granted bail after 'hacking' GoGet systems

The self-proclaimed hacker has been denied access to the internet by a NSW court as a condition of his bail, after being accused of accessing the car-sharing company's systems.

Citrix discloses security breach of internal network

Citrix learned of the hack from the FBI. Hackers stole business documents.

Why third-party providers pose a security risk to organizations (TechRepublic)

A dependency on third-party cloud and hosting providers leaves businesses more vulnerable to potential cyber threats, according to RiskRecon and the Cyentia Institute.