[ISN] NZ jails Aussie bank hacker

InfoSec News isn at c4i.org
Tue Oct 19 19:40:06 PDT 2004 

http://australianit.news.com.au/articles/0,7204,11087415%5E15331%5E%5Enbv%5E15306%2D15318,00.html

Amanda Hodge
OCTOBER 16, 2004

AN Australian IT whiz who stole $2.15 million after hacking into the
New Zealand Health Ministry's bank account and then offered to brief
the department on the weaknesses in its computer security system was
yesterday jailed for three years.

With university degrees in science and mathematics, an MBA and years
of international computer experience, John Denison, 49, cruised into a
senior job with the NZ Health Ministry in March.

But in six months of service, in which he headed a national
meningococcal B vaccination program, Denison tried unsuccessfully five
times to crack the ministry's computer banking system.

On his final attempt, in late September, he found fleeting success,
hacking into the system and redirecting $2.15 million bound for
doctors and medical laboratories to his own bank account, which he set
up with a false passport and driver's licence in the name of Alan
Bennett.

Denison tried to use almost $800,000 as a down payment on a luxury
apartment overlooking Sydney's Hyde Park before he was caught.

He had been planning to return to Sydney to be near his critically ill
sister but confessed to the thefts and passport fraud shortly after
several laboratories rang the ministry to complain about the missing
money.

All the money has since been recovered.

Wellington District Court judge Robert Kerr permanently suppressed
details of how Denison hacked into the system. The crime was a gross
abuse of trust that was partly motivated by a desire to maintain a
certain quality of life, Judge Kerr said.

Denison's lawyer, Greg King, argued the offence had arisen out of
"something of a mid-life crisis" because his client's annual income
had plunged from $200,000 to $103,000 when he took the new job. But
Denison had also been under extreme financial pressure, supporting an
acutely deaf and depressed brother, a sister who was still in hospital
after suffering a brain aneurism in July, and also paying child
maintenance.

Yesterday, Denison's NSW-based former wife said she and her three
children were devastated by the outcome but were trying to keep the
news from Denison's brother and sister, who were too ill to withstand
the trauma.

Mr King said the Health Ministry had acted arrogantly by refusing an
offer by a penitent Denison to talk them through the security gaps in
its system.

Crown prosecutor Cherie Clarke said the ministry did not want or need
Denison's help.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable -
http://www.osvdb.org/

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

More information about the cypherpunks-legacy mailing list