Unauthorized Ethical Hacking: No good deed goes unpunished
Some of you may not know this, but an individual needs permission from a company to ethically hack its assets, perform penetration tests or look for vulnerabilities within Web applications. A person can’t just hack a company’s Website, socially engineer their employees or do Web-based drive by malware installs under the guise of protecting the public’s interests. Doing so will only get the person into trouble – not only with the company, but law enforcement as well.
What people need to realize, is that 15 minutes of fame is not going to prevent them from getting into trouble. Law enforcement is going to pounce on them like a jungle cat on a mouse. If they’re really unlucky, law enforcement will already be monitoring their target and they’ll be arrested as soon as they successfully hack something.
If you know someone that is thinking of becoming a superstar by hacking some company’s Website, please do the person a favor and try to talk the person out of it.