Bahraini University Sues Student For Hacking Computer Network
A student facing legal action for breaching a Bahraini university’s electronic systems has argued that the incident merely exposed security vulnerabilities within the institution’s computer network.
In defence of these actions, the student’s lawyer contended that the university should view this situation as an opportunity for growth and learning.
While not condoning the student’s behaviour, the defence emphasised the student’s scientific capabilities and thirst for knowledge as factors that should be taken into consideration.
The defence lawyer also pointed out that the university lacked specific internal regulations prohibiting cybersecurity students from exploring and identifying security flaws.
According to the defence, there were no well-defined guidelines outlining the permissible boundaries of activities for students in the cybersecurity department.
The student was initially apprehended after the National Cyber Security Centre received a report from a senior network specialist at the university, indicating that an attempt to download malicious software onto one of the computers in the information technology lab had been thwarted by the university’s security software.
Subsequent investigation revealed that the programme the student attempted to download was designed to breach secret codes stored in computer systems and bypass their security programmes.
Stole identity of a female student
Further enquiry traced the attempted download to the personal data of a student in a department unrelated to computer science.
The student in question denied any involvement, asserting a lack of knowledge about using such technologies.
However, during the investigation, it was discovered that the accused student, who was studying cybersecurity, had obtained her personal login credentials through the university’s systems and computers, leading to his apprehension.
The accused admitted to visiting the university’s information technology lab on the day of the incident, where he accessed a computer.
He obtained a list containing the names and data of students and teachers. Out of curiosity, he randomly selected the personal identification number of a female student, along with her university ID.
He then logged out of his own account and re-entered the system using her data.
Subsequently, he accessed a search engine and attempted to download a programme but was unable to open it after the download was complete.
He justified the incident as a test of his abilities and an exploration of his technical qualifications.
The prosecution has charged him with unauthorised use of the victim’s electronic signature on March 6 and 7, 2023, for an unlawful purpose.
This charge includes accessing the university’s computer in the information technology laboratory using the victim’s electronic signature with the intent to upload a malicious programme to university devices, impersonating her identity.
