Home > Computer Security > Unauthorized Ethical Hacking: No good deed goes unpunished

Unauthorized Ethical Hacking: No good deed goes unpunished

Some of you may not know this, but an individual needs permission from a company to ethically hack its assets, perform penetration tests or look for vulnerabilities within Web applications.  A person can’t just hack a company’s Website, socially engineer their employees or do Web-based drive by malware installs under the guise of protecting the public’s interests. Doing so will only get the person into trouble – not only with the company, but law enforcement as well.

What people need to realize, is that 15 minutes of fame is not going to prevent them from getting into trouble. Law enforcement is going to pounce on them like a jungle cat on a mouse. If they’re really unlucky, law enforcement will already be monitoring their target and they’ll be arrested as soon as they successfully hack something.

If you know someone that is thinking of becoming a superstar by hacking some company’s Website, please do the person a favor and try to talk the person out of it.

About these ads
  1. July 8, 2010 at 1:35 am | #1

    Hi,
    Ethical hacking as opposed to hacking, or, black hat hacking is about revealing the security loopholes or vulnerabilities that can be a potential source of security breach. Hacking lifecycle begins with intelligence information gathering, also called footprinting http://technolocus.blogspot.com/2010/05/ethical-hacking-footprinting-basics.html Through internet, any host can be identified and with a little effort, significant amount of information can be revealed. An Ethical Hacker needs written permission from the organization to undertake hacking exploits or even to gather in-depth information about the organization. Without exclusive permission of the company itself it would be a crime and an ethical hacker may end up in jail. Even after having the permission, the activities of an ethical hacker may be limited by company norms. For example, many organizations don’t let their penetration tester to try Denial of Service in their systems.
    Thanks for publishing such an informative article.
    God bless you

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: