A 17-year-old boy from Adelaide who hacked into Apple’s computer system has escaped conviction after pleading guilty to a number of computer hacking charges.
The boy was urged to use his exceptional gift ‘for good rather than evil’ by Adelaide Youth Court Magistrate David White, who then placed the schoolboy on a 9-month good behaviour bond.
What did he do?
The boy, who can’t be named for legal reasons, hacked into Apple’s mainframe in 2015 and again in 2017. He was only 13 years of age when he embarked on the first hack.
His hack was achieved by creating false digital credentials, which successfully fooled Apple’s server into identifying him as a company employee.
Once he had access to the platform, he then downloaded internal documents and data.
His actions were only detected after he performed the second hack. Apple then notified the FBI, who in turn notified the Australian Federal Police.
The boy told the court (through his lawyer) that he was remorseful and had hoped that the event might have secured him employment with the company when it was discovered.
Hacking offences NSW
The Act refers to this type of conduct as the unauthorised access or modification of data.
Under section 308H of the Act, a person’s conduct will amount to an offence if the person has:
- Caused any unauthorised access to or modification of restricted data held in a computer; and
- Knew that the access or modification was unauthorised; and
- Intended to cause that access or modification
The offence carries a maximum penalty of 2 years imprisonment.
What does that actually mean?
Computer offences and terminology can be quite complicated.
Clarification of the key terms of the offence can be found in section 308A of the Act.
For the purpose of the above offence, ‘access to data’ is defined as behaviour that involves:
- Copying or moving the data to any place in the computer or to a data storage device
- Executing a program (in the case of a program)
- Displaying the data
A definition of modification is also included in the Act. It is defined as:
- The alteration or removal of the data; or
- An addition to the data
Cyber fraud is another common computer offence.
Fraud is an offence under section 192E of the Act. It is a serious crime, for which the maximum penalty is 10 years imprisonment.
Under the Act, a person who, by deception or dishonesty, either:
- Obtains property belonging to another; or
- Obtains financial advantage; or
- Causes financial disadvantage
is guilty of the offence.
In order for the prosecution to establish this offence beyond reasonable doubt, they need to prove that there was a connection between the deception/dishonesty and attainment of financial advantage.
In the context of this offence, ‘dishonesty’ is both an objective and subjective test.
This means that in order for the charge to succeed the prosecution must prove beyond reasonable doubt that the defendant knew his/her conduct was dishonest, and the conduct was dishonest according to the standard of ordinary people.
Cyber fraud can take many forms, including:
- Email scams
- Identity theft
Cybercrime and computer offences can be complex, and a conviction can have far-reaching consequences on employment prospects.