A cracker who broke into the systems of a big Australian ISP and obtained access to hundreds of thousands of customer records was this week convicted on appeal, even after escaping without any punishment at an earlier hearing.
Stephen Craig Dendtler, 22, of Bankstown, New South Wales, hacked into OptusNet, gaining access to 435,000 customer records and passwords.
At his original court hearing in April no conviction was recorded against him, despite his guilty plea and the charges being proven.
The Australian authorities appealed the case on the grounds that the non-existent sentence was inadequate and could encourage others to engage in similar activity.
Judge Justice McGuire of the New South Wales district court sided with the authorities in the appeal. Dendtler was fined AU$4,000 (£1,580), and placed on a two-year good behaviour bond.
Judge Justice McGuire rejected Dendtler's claim that his actions constituted an "intellectual pursuit" saying, "You don't access 435,000 [usernames and passwords] to fill in a Saturday afternoon. It's a matter of common sense. Why would you do it?"
The judge also criticised Dendtler for discussing with others his actions and the methods he had used.
Security software firms have welcomed the imposition of some punishment in the case. Breaking into remote computer systems and accessing other people's private and personal information is clearly unacceptable, but the court's earlier action failed to reflect this point.
"Hacking is a crime, and there is no point having penalties against crimes like this if the courts are not prepared to sentence those who are found guilty," said Graham Cluley, senior technology consultant for Sophos Anti-Virus.
"Even though it is agreed that Dendtler did not use his access to the data for his financial advantage, it is still a crime to gain unauthorised access to such material." ®