Unauthorized Hacking - NZ$7500. Chutzpah - Priceless.
The fact that Macridis lacked authorization to access the system is apparently both insignificant and irrelevant, as he claims the Bank then used his information to fix the security flaws he found. Macridis reportedly had taken the trouble to send the Bank a report that detailed the security flaws (although the Bank did not request it), and had called the Bank asking for payment for his unsought advice.
Now for the triple-take: Because of his unauthorized access to the Bank's system, Macridis was prosecuted in Wellington District Court, and pleaded guilty to the unauthorized access. Yet the judge -- after hearing from Macridis that "the bank's phone system was the worst he had seen in 11 years as a consultant and was vulnerable to tapping from overseas" -- discharged Macridis from conviction. The judge reportedly stated that Macridis "had acted honourably and a conviction would be disproportionate to the crime."
This ruling does not bode well for law enforcement or IT security departments in New Zealand. Under this court's apparent reasoning, any self-described "security consultant" can hack a computer system, and present the system owner with information on the vulnerability along with a bill for unrequested "services" (at least, as long as he is careful not to threaten harm to the system if he is not paid). One can only hope that Kiwi courts will give any legal action by Macridis short shrift, and perhaps recognize, as future Macridises less come along, that unauthorized access to computers -- far from being "honourable" behavior -- is criminal conduct that deserves to be recognized as such.