http://australianit.news.com.au/articles/0,7204,11087415%5E15331%5E%5Enbv%5E... Amanda Hodge OCTOBER 16, 2004 AN Australian IT whiz who stole $2.15 million after hacking into the New Zealand Health Ministry's bank account and then offered to brief the department on the weaknesses in its computer security system was yesterday jailed for three years. With university degrees in science and mathematics, an MBA and years of international computer experience, John Denison, 49, cruised into a senior job with the NZ Health Ministry in March. But in six months of service, in which he headed a national meningococcal B vaccination program, Denison tried unsuccessfully five times to crack the ministry's computer banking system. On his final attempt, in late September, he found fleeting success, hacking into the system and redirecting $2.15 million bound for doctors and medical laboratories to his own bank account, which he set up with a false passport and driver's licence in the name of Alan Bennett. Denison tried to use almost $800,000 as a down payment on a luxury apartment overlooking Sydney's Hyde Park before he was caught. He had been planning to return to Sydney to be near his critically ill sister but confessed to the thefts and passport fraud shortly after several laboratories rang the ministry to complain about the missing money. All the money has since been recovered. Wellington District Court judge Robert Kerr permanently suppressed details of how Denison hacked into the system. The crime was a gross abuse of trust that was partly motivated by a desire to maintain a certain quality of life, Judge Kerr said. Denison's lawyer, Greg King, argued the offence had arisen out of "something of a mid-life crisis" because his client's annual income had plunged from $200,000 to $103,000 when he took the new job. But Denison had also been under extreme financial pressure, supporting an acutely deaf and depressed brother, a sister who was still in hospital after suffering a brain aneurism in July, and also paying child maintenance. Yesterday, Denison's NSW-based former wife said she and her three children were devastated by the outcome but were trying to keep the news from Denison's brother and sister, who were too ill to withstand the trauma. Mr King said the Health Ministry had acted arrogantly by refusing an offer by a penitent Denison to talk them through the security gaps in its system. Crown prosecutor Cherie Clarke said the ministry did not want or need Denison's help. _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/ --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'