Singapore authorities have fined a Chinese security researcher with SGD$5,000 (USD$3,600) for hacking into a local hotel's Wi-Fi system without authorization and then publishing a blog post about it, revealing passwords for the hotel's internal network.
The incident took place at the end of August, this year, when Zheng Dutao, 23, of China, visited Singapore to attend the Hack In The Box conference that took place in the city.
Zheng took it upon himself, without asking for permission first, to hack into the Wi-Fi network of a Fragrance Hotel branch, where he checked in for the conference's duration.
Also: HP offers hackers $10,000 to find bugs in its printers TechRepublic
The researcher, who works for Chinese internet giant Tencent, hacked into the hotel's internet gateway system, an AntLabs IG3100 device that controls access to the Wi-Fi network for staff and guests alike.
He discovered that the device was using a factory default Telnet password, which he used to gain access to a limited shell on the device.
From here, he used various scripts and exploits to elevate his access and eventually discovered the password for a MySQL database that contained information on the hotel's internal Wi-Fi network.
The researcher didn't report the security issues to the hotel but instead wrote a blog post about his findings, which he later shared online. Zheng did not do any damage to the hotel's Wi-Fi systems but he also did not take any precautions to censor sensitive information from his blog, revealing the hotel's Telnet and MySQL passwords and other details that hackers could have exploited against a more serious attack on the hotel's network.
The Cyber Security Agency of Singapore (CSA) discovered Zheng's blog days later, warned the hotel, and took the researcher into custody.
If the court hadn't concluded he hacked the hotel as a hobby and with no criminal intent in mind, Zheng would have faced a much harsher penalty that could have landed in him in prison for up to ten years.
Last week, in a similar hotel hacking incident, Chinese police arrested a hacker who was selling data from one of China's largest hotel chains on the dark web. In that incident, the suspect didn't appear to have hacked the hotel, but merely found the data on GitHub after a hotel software developer accidentally uploaded it online.
UPDATE: We have removed the link to Zheng's blog post to prevent abuse of similar AntLabs equipment.
Previous and related coverage:
Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.
This simple advice will help to protect you against hackers and government surveillance.
Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.
If you can't answer these basic questions, your security could be at risk.
Retired US Air Force cyber-security expert shares his thoughts on the future of critical infrastructure security.
Researchers turn ordinary WiFi devices in rudimentary scanners that can identify potentially dangerous objects hidden inside bags or luggage.
- Nasty piece of CSS code crashes and restarts iPhones
- FragmentSmack vulnerability also affects Windows, but Microsoft patched it
- Data breaches affect stock performance in the long run, study finds
- Why the 'fixed' Windows EternalBlue exploit won't die
- Hacker gets a whopping 14 years in prison for running Scan4You service
- Man gets two years in prison for sabotaging US Army servers with 'logic bomb'
- Mirai botnet authors avoid prison after "substantial assistance" to the FBI
- Access to over 3,000 backdoored sites sold on Russian hacking forum
- Hackers swipe card numbers from local government payment portals