A student facing legal repercussions for breaching the electronic systems of a Bahraini university has argued that the incident merely revealed security vulnerabilities within the institution's computer network.

In their defense, the student's attorney contended that the university should view this situation as an opportunity for growth and learning.

While not condoning the student's actions, the defense emphasized the student's scientific capabilities and thirst for knowledge as factors that should be taken into consideration.

The defense lawyer also pointed out that the university lacked specific internal regulations prohibiting cybersecurity students from exploring and identifying security flaws.

According to the defense, there were no well-defined guidelines outlining the permissible boundaries of activities for students in the cybersecurity department.

The student was initially apprehended after the National Cyber Security Centre received a report from a senior network specialist at the university, indicating that an attempt to download malicious software onto one of the computers in the information technology lab had been thwarted by the university's security software.

Subsequent investigation revealed that the program the student attempted to download was designed to breach secret codes stored in computer systems and bypass their security programs.

The student stole the identity of a female student.

Further inquiry traced the attempted download to the personal data of a student in a department unrelated to computer science.

The student in question denied any involvement, asserting a lack of knowledge about using such technologies.

However, during the investigation, it was discovered that the accused student, who was studying cybersecurity, had obtained her personal login credentials through the university's systems and computers, leading to his apprehension.

The accused admitted to visiting the university's information technology lab on the day of the incident, where he accessed a computer.

He obtained a list containing the names and data of students and teachers. Out of curiosity, he randomly selected the personal identification number of a female student, along with her university ID.

He then logged out of his own account and re-entered the system using her data.

Subsequently, he accessed a search engine and attempted to download a program but was unable to open it after the download was complete.

He justified the incident as a test of his abilities and an exploration of his technical qualifications.

The prosecution has charged him with unauthorized use of the victim's electronic signature on March 6 and 7, 2023, for an unlawful purpose.

This charge includes accessing the university's computer in the information technology laboratory using the victim's electronic signature with the intent to upload a malicious program to university devices, impersonating her identity.