The Malta Independent 13 September 2024, Friday
View E-Paper

UM academic staff express support for university lecturer in students hacking case

Wednesday, 4 September 2024, 14:29 Last update: about 8 days ago

The University of Malta Academic Staff Association (UMASA) has expressed solidarity and support for university lecturer Mark Joseph Vella, who faces charges along with his three computer science students for disclosing security flaws in Malta’s largest student application – FreeHour.

In a statement issued on Wednesday, the UMASA said that it is following the case against Vella and his students with concern.

The UMASA noted that Vella has stated that he provided his students with the ethical framework that should be applied when discovering vulnerabilities through ethical or ‘white hat’ hacking, fulfilling thereby his duties and responsibilities as a lecturer, and acting within the bounds of established ethical practices.

“International guidelines specifically state that before any such flaw is made public, it must be fixed - as was indeed done in this case,” the association said.

It continued that the students resorted to a common practice when they asked for a non-monetary award for discovering these vulnerabilities.

“We believe that Dr Vella acted with academic integrity and in accordance with procedure. As committee members of UMASA, we express our solidarity and support,” the UMASA said.

Students Michael Debono, Giorgio Grigolo and Luke Bjorn Scerri had found serious security vulnerabilities in the FreeHour app, a mobile timetable application popular amongst students, and in October 2022 sent an email to the company informing them of the security flaw and requesting a ‘bug bounty’, a common practice in ethical hacking.

Instead, the trio and another student were arrested, strip-searched and had their computer equipment seized.  FreeHour had later claimed that it had a legal obligation to file a police report but never had any intention of getting the students in trouble.

The students and their lecturer, however, are now facing charges which can carry a sentence of up to four years imprisonment.

Scerri, Debono and Grigolo will be charged with computer misuse, with prosecutors alleging that the trio used computers to access data or documentation being held in another computer in order to copy or modify data, software or documentation without authorisation.

They are also facing charges of obstructing or preventing the use of software and documentation on another computer system

Grigolo separately will be charged for the unauthorised output of data, software or documentation from a computer, and is charged with having copies of any data, software or documentation in a storage medium other than the original location of the data without authorisation.

Vella, who is a senior Computer Science lecturer at the University of Malta, will be charged with being an accomplice to the students.

  • don't miss