The Uruguayan Cyber-Dilemma: A Deep Dive into National Strategy, Legal Enforcement, and the Transparency Deficit (2024–2025)
The Uruguayan Cyber-Dilemma—A Critical AnalysisPresenter: Alberto Daniel Hill (Ethical Hacker, Forensic Expert, and Defender of Knowledge)Part 1 of 4: The Personal Cost of Transparency and the True Ethos of HackingI stand before you today not just as an expert in forensic science and ethical hacking, but as someone who has experienced firsthand the systemic failures and institutional fear within Uruguay's cybersecurity landscape. My philosophy, shaped profoundly by my own unjust processing, centers on defending the "universal right to knowledge".Hacking is Not a Crime: It is CuriosityLet us begin by defining what hacking truly is, and what it is not. Hacking, as many of us practice it, is not illegal; it is the natural consequence of curiosity. When a professional in cyber security sees a username and password field, trying simple, common inputs like "admin" in the username and "admin" in the password is a natural, almost incorporated, part of the process—it is like a game. Similarly, when systems expose parameters in plain text URLs, curiosity compels us to modify a number to see how the system reacts.In both 2014 and 2015, I accessed a medical provider's system where the security was non-existent. The first time, it was the ridiculous "admin-admin" vulnerability. The second time, I gained full access to all medical records simply by modifying a parameter in the URL—no username or password required. I realized the information of over 200,000 people was involved.In both cases, my reaction was immediate and responsible: I reported the findings to the National Center for Computer Security Incident Response (CERTuy) within 15 minutes. I did what I considered the right thing to do to protect others. Once you transfer the information to the CERT, your business is done; you can sleep without any problem.The System’s RetributionWhat should have been a commendation for responsible disclosure became my downfall. Despite doing the right thing, I was arrested and imprisoned for nearly nine months. The judge who sent me to prison could not understand my profile, fearing my high knowledge level meant I could remotely alter the evidence stored at the INTERPOL facility. The fear of the unknown led them to take the easy way out: locking me up.This unjust process came at a devastating cost. I lost immense assets, including approximately 26 Bitcoins and 1,000 Ethereum, a financial loss that today translates to millions of dollars. I can live with the damage to myself, but the consequences to those I love, including losing people while I was wrongfully imprisoned, are scars that cannot be repaired.The Consequence of Zero TrustThe greatest tragedy is the systemic damage this kind of persecution causes. Currently, Uruguay lacks the legal warranties necessary to protect researchers who enter systems without intent to harm. When people witnessed what happened to me, they realized it was a "lose-lose situation". Now, many people stop reporting vulnerabilities to the CERT out of fear. By punishing those who seek to improve defenses, the state grants a massive advantage to the actual criminals.The presentation continues on Part 2, focusing on the systemic failures and poor preparation within Uruguay’s critical infrastructure.https://cybermidnight.club #HackingNoEsCrimen #DerechoAlConocimiento #CiberseguridadUY #ProtocoloDelSilencio #AlbertoHill #JusticiaUruguaya