The High Criminal Court began hearing the case of a university student accused of hacking into its electronic systems. He managed to gain access to the computers in the university laboratories after secretly obtaining the login credentials of a fellow student, impersonating her, and downloading malicious programmes that posed a threat to the security of the university’s database and jeopardised its safety.
The accused student attended Thursday’s session and admitted to committing the crime, but denied any intention or knowledge of causing harm to the university’s laboratories. He claimed that he was testing his abilities and exploring his technical qualifications.
The National Cyber Security Center received a report from a senior network specialist at the university, indicating that the university’s security software had successfully prevented an attempt to download malicious software onto one of the computers in the information technology lab.
Based on the report, it was revealed that the programme the accused student attempted to download was designed to crack secret codes stored in computer systems and bypass its security programmes.
Further investigation traced the attempted download to the personal data of a student in one of the departments unrelated to the computer science department. The student denied involvement, stating that she was not knowledgeable in using such technologies.
Through the investigation, it was discovered that the accused student, who was studying cybersecurity, obtained her personal login credentials through the university’s systems and computers. He was subsequently apprehended.
The accused admitted that on the day of the incident, he visited the university’s information technology lab and accessed a computer. He managed to access a list containing the names and data of students and teachers. Out of curiosity, he randomly selected the personal identification number of a female student along with her university ID, logged out of his own account, and reentered the system using her data.
Subsequently, he accessed the search engine and attempted to download a programme but was unable to open it after the download was complete. He justified the incident as a test of his abilities and exploration of his technical qualifications.
The prosecution accused him of unlawfully using the electronic signature of the victim on March 6 and 7, 2023, within the jurisdiction of the Kingdom of Bahrain’s security department. He accessed the computer in the university’s information technology lab by using the victim’s electronic signature, which was her secret password for her university account.
This act was done with an unlawful purpose, as he logged into the computer system using the victim’s electronic signature in order to download malicious software onto the university’s devices while impersonating her identity.
The prosecution has charged him with the unauthorised utilisation of the victim’s electronic signature on March 6 and 7, 2023 for an illegal purpose, by accessing the computer in the university’s information technology laboratory by using the victim’s electronic signature for the purpose of uploading a malicious program to university devices impersonating her identity.