It all started as a game. A boy of just 13 years illegally entered the database of the municipality of Bergen, a Norwegian city famous for the fjords, stealing and publishing all the personal data of his 35,000 citizens.

From passwords to school reports. Such an impressive result that Sbanken, a local banking institution, offered him a summer job and a computer course!!!

Christoffer Hernæs, the bank’s IT director, welcomed the young hacker with great enthusiasm: “We have a great need to embrace and cultivate talents. Companies should be deeply grateful to those who test computer systems”. Statements of esteem that arrived immediately after the proposal for a summer job “that the boy has already accepted”, says his father: he will be the company’s IT consultant during the holidays. Then follow courses of strengthening for programming and computer security. 

The story really hadn’t started very well… After entering the computer systems of the municipality of Bergen, the police decided to seize the 13-year-old’s computer and open an inquiry into the reasons for the gesture, to see if he had acted on someone’s behalf, perhaps for a fee. The Norwegian town hall was also punished: in addition to the damage caused by the intrusion in the computer systems, a heavy fine arrived from the government. The motivation? Poor protection of citizens’ sensitive data. 

This is not the first time a hacker has been hired by the bank. A similar incident occurred in 2003. The protagonist was Thomas Tjøstheim, a computer science student at the time, who detected a serious vulnerability in the home banking login system. It was a “hole” that allowed any attacker to get into Sbanken’s online accounts. A discovery that allowed Thomas to receive a job offer as “responsible for login solutions and computer signatures” in the same bank that he himself had hacked.