Security Investigator who Compromised Hotel Wi-Fi, Shared Pass-Codes Online, is Fined

A security expert from China has been fined SGD5,000 (USD3,600) in Singapore because he illegitimately broke into one Wi-Fi system of certain hotel and subsequently created one blog post wherein he posted the passphrases which that hotel used to work its internal network.

It was at August-end current year when the incident occurred. Chinese national Zheng Dutao, aged 23, was at Singapore for taking part within a competition called "Capture-the-flag" in a security conference named "Hack in the Box." In an attempt at finding how strong the Wi-Fi security was Zheng broke into one of the Fragrance Hotel branches' Wi-Fi network the place he lodged.

Working for Tencent the Internet giant of China, Zheng invaded the Internet gateway provision of the hotel. The gateway was certain IG3100 device of AntLabs which regulated the employees' and guests' admission into the Wi-Fi system. Zheng found the device utilizing Telnet password available as factory default. He too used it and found acquiring admission into the device's limited shell. The mechanism enabled him utilizing different exploits and scripts for enhancing the admission level after which he finally found the passphrase to access one MySQL database which had details about the Wi-Fi system of the hotel.

Zheng did not inform the hotel about his findings but rather created one blog post where he described them. These findings after sometime he shared over the Net. Zheng didn't perform anything destructive for the Wi-Fi mechanism of the hotel; however, he didn't as well act cautiously for keeping secret the confidential info from the blog post because he published the MySQL and Telnet passphrases of the hotel on it which malicious attackers could have utilized for executing a more severe hack for the hotel.

Day later when Cyber Security Agency of Singapore saw Zheng's blog it cautioned the hotel while arrested him.

News outlets in China reported Singaporean officials penalized Zheng September 24, 2018 after conducting a probe. The court had reached the conclusion that Zheng performed the hack with leisure motive and not with any criminal intent. That saved him a harsher punishment like imprisonment while at present he's free.

» SPAMfighter News - 10/4/2018