Hacking within the wider community has always been a touchy subject. I personally relate this to the misunderstandings surrounding what the apparent hacker has done.
On this, i mean your classic actions which are defined under the term hacking... cracking copyright protection on programs/games.
gaining illegal access to a network/system, etc, etc.

To the point of this thread...
im interested in people's opinion of specifically hacking to point out security flaws in software/hardware, systems/network.

Do you believe that this form of hacking is ethically okay ? or are these actions still breaking the law, in which case the term 'criminal' would most likely be applied.

My opinion, is that it is ethically okay. Under many laws around the world though, pointing out total lack of security is an offence.
So, (imagine for a moment) its legal for a banking instution to supply on-line banking, which could have no encryption or security, but if anyone questioned or tested to see if their reported on-line banking facility was secure, they would actually be breaking the law.
Analogy... a thief is thinking about breaking into a house (this is only a thought process - its legal), and first decide's to see if the front door is locked. Is the process of trying to turn the door handle, to see if its locked, actually illegal ? I think not.
Reason, no access was granted, no illegal entry was gained, and no illegal activity was conducted during this.
Therefore, why is attempting to see if the "front door" of the web portal for a bank,an illegal activity in itself ?
Shouldnt consumers have the right to know if the front door of the bank is locked at nite ?

:confused:

A couple simple points to consider, if I leave my front door open is it okay for anyone to walk around my house, sit down watch TV go take a poop, turn the TV off, leave a note that he was there and then leave? This is a very basic case of tresspassing. True you may be point out a flaw I have, by not locking my door but nonetheless unethical.

Now doing the same thing on a server is worse. Because I can not just assume you didn't steal anything. Usernames, passwords, etc. I must then go and spend hours, sometimes days verifying that nothing was stolen, and if it was I must now invest the time to correct it.

Hackers, as you defined them, are criminals. They are unethical, and should be treated as such!

Originally posted by parkercd3
A couple simple points to consider, if I leave my front door open is it okay for anyone to walk around my house, sit down watch TV go take a poop, turn the TV off, leave a note that he was there and then leave?

always lock the front door:p! in other words: get a firewall! i must agree with parkercd3, it shouldn't be done unless by the FBI and thats only if they get a serch warrent.............

Me thinks not !
Just because it's made illegal to turn cyber doorknobs does'nt mean people out there arent going to turn them. Quite frankly I believe that any corporation out there that touts how secure their E-business is should be allowed to have their doorknobs turned.
How do you think we get the security updates from software companies??? Somebody finds the flaws. And they say oops we screwed up and heres the patch.
Malicious hacking in order to do harm or steal or f*(k up somebodys pc is wrong. no if's and's or but's.
But exposing the truth about poorly written software that some mega corporation is profitting on while we do all the beta testing for them gratis, no thats not wrong. Those people are our cyber gaurdians and we should be greatful that they exist.

If you live life with your head in the sand your already bent over, eventually somebodys gonna get ya.

Yes under certain circumstances.
For eg.

In a forest with an axe and taking only as much timber as you
can reasonably require.:t

What you fail to realize is that the second someone turns that doorknob and opens the door, even if they don't step in, the cost can be heavy. The cost to a company and it's costers makes thie ILLEGAL action criminal. The recovery neccessary to make sure nothing was touched is usually very close to the cost of partial revoery anyway.

The CRIMINALS are not guarduans! They are thugs, theifs, and do not provide a service of value. THESE CRIMINALS SHOULD ALL BE LOCKED UP!

I think hackers should reform back into what the original hackers were: Program writers. Those hackers could write programs in days that would take a normal computer programmer weeks to. If today's hackers are soooo smart in computers, do some good with it by helping the companies that they hack develop stronger servers. Then, they get to do what they love and actually get paid for it.

Today, however, there are 2 types of "hackers", generally speaking. A true hacker is one of those ol' school programmers that you're talking about. They solve problems, have good moral values, & don't cause harm to others. On the other hand, there are "malicious users"* out there that true hackers know as crackers. They are the creators of love letters & trojans and most other viruses. They take advantage of technology and have no problem destroying what some consider very valuable. I'm positive that there is a gray area here, not just black and white.

So you ask, is hacking ethical? Unlawful entry and breaking and entering are done different ways, but still both are illegal. Oh, someone says my door is unlocked? Why the hell did they even check it?

*malicious users-Microsoft's politically correct way of saying hacker

A simple reply but honest - I think hacking is a very clever ability 'IF' used in a good sense - as discussed earlier in this thread hacking to check flaws and to perhaps release information hidden unwarrantedly from the public eye.
Hacking or phreaking for malicious purposes costs the tax payer lots & lots of ££££ so obviously thats a no no!
Being highly into IT and technical solutions and support I was never pushed into the programming side of the business where I think the control of the IT world lies. If you got it use it, I say! but if your real clever don't obuse it, at the end of the day you the hacker are not the only ones with the ability and you are being watched.....

Originally posted by danee
[BAnalogy... a thief is thinking about breaking into a house (this is only a thought process - its legal), and first decide's to see if the front door is locked. Is the process of trying to turn the door handle, to see if its locked, actually illegal ? I think not.
Reason, no access was granted, no illegal entry was gained, and no illegal activity was conducted during this.

:confused: [/B]

Incorrect.

Two things come to mind. Firstly TRESPASS with Intent. This is where the criminal goes to the door with intent to commit a felony i.e. Burglary.

Secondly Attempted Burglary - Also a Felony. This is where he actually tries the door. It doesn't matter if he gains entry or not.

The same would apply iff a car thief is walking down a road trying car doors to find an open one. This would be interfering with the mechanism of an MPV (Mechanically Propelled Vehicle).

As for hacking. At the very least it is invasion of privacy. If your assumptions were honest - the hacker should announce himself beforehand and say I'm trying to gain access to your system. This is merely done to test your security. Now we all know this is ridiculous. No hacker ever took this line. Most hackers go to great lengths to avoid being identified/hacked themselves.

All I need to do is just look at the number of hits blocked daily by my copy of Zone Alarm.

I'm grateful to all those decent upstanding fine citizen hackers out there who have done so much to attempt to spot security holes in my little system here. I sleep better at night knowing that there are so many selfless people who try to make my life just a little better.

But who has the right to decide what the intent is ? Is seeing enough to judge ?
This is why in policing law no action can be taken until the crime has been committed.

If this was the case we would be arresting people for walking into shops thinking perhaps they may steal from the shelves because the items are there for the taking.

Well in many countries around the worl the court systems often decide intent based on evidence.

But this big issue is, by checking that door they are causing hard. You don't have to steal anything or edit any data to cause a great deal of harm to a system.

We are going by what the term was defined as in the first post. Hackers in this case are CRIMINALS! They are not doing any valued service.

If they are checking the security of a system without permission that should be, and in many places is, a crime.

Originally posted by adestephen
But who has the right to decide what the intent is ? Is seeing enough to judge ?
This is why in policing law no action can be taken until the crime has been committed.

If this was the case we would be arresting people for walking into shops thinking perhaps they may steal from the shelves because the items are there for the taking.

Intent is implied if the person has no other reasonable excuse for taking this course of action. The fact that a person is arrested doesn't mean he is guilty. That's for a Court to decide. If a person is foolish enough to go trying doors of house/building then he/she certainly has a case to answer. I have no doubt but that if a stranger came to your door and started checking to see if it was locked, you wouldn't presume his/her intentions were honourable. Would you?

Of course I agree! I certainly would not invite someone in to my house for coffee and ask why they were trying my front door handle! I would call the cops.
But situations like that would call for 'Home Alone' videos for tips n tricks on all house hold traps !

Originally posted by herosrest
Yes under certain circumstances.
For eg.

In a forest with an axe and taking only as much timber as you
can reasonably require.:t hhmmmmmmmm, wise words:cool:

I'm not going to say that hacking is ethcial because I don't want to be hacked myself. I just think that the people that spend most of their time trying to find backdoors and loopholes in programs can spend their time better.

TO HACK OR NOT TO HACK, that is the question. Well I have an answer! There are plenty of corporations out there PAYING persons to HACK their security to see if they can gain access in ANY means at their disposal. This not only good business but somthing that must be done to keep our network secure. I cant prove it but I suspect that every major corporation who is in e trade was either started by a so called HACKER or employs said HACKERS, this is good business. Just who do you think owns or started, if he still does not have the reigns of the company, Apple Computers? Steve Jobs Is and always will be one of the first known hackers. The founder of MicroSoft, could this be a personal reference?, Bill, whats his name?, Gates was part of the same group that Steve Jobs belonged to. They called their selves the Home brew computer club or somthing like that, I am sure ther will be some one that will correct me on that. He He "Ethical" hackers, those that are only out to expose a weakness, have a place in our computer dependant society and should be encouraged to sharpen their skills with no worry that they will be put in prison under a life term for doing somthing that big business is unwilling or unable to do them selves.

I wonder if Big Brother is counting the number of times i have said the word H A C K E R in this Hacker Thread. Ill tell you it is 9 times i have typed the word Hacker....oops now it is 10 times i have typed the word.................... not going to do it again as you can see where this is going :p :t

Im beginning to think that my thief analogy has been ruled out, and wasnt quite a good example.

New line of thought...
Dimitri, the Russian 'hacker' who cracked the adobe pdf standard.

Okay,.. for those who dont know the full story..
Dimitri, was employed by a Russian software company, to find a way to encode / decode pdf documents.
Under Russian law, this was legal, and he was quite simply doing the job he's payed to do by a legit company.

This same man, has now been arrested, and passport confiscated by the FBI, upon entering the US, for being a Hacker.

From what i understand, this project was originally in the 'grey' area of copyright laws in Russia, in that they were originally searching for security holes (considering this is 'suppose' to be 100% secure). So this software, once developed was legal in Russia.

Does the US have the right to arrest a man (upon entering the US) for what is considered 'hacking' in the US, and legit software development work in Russia... hence ethics.
This dosent quite apply - but would/could you say that Russia saw this as ethical and the US didnt ?

So, to bring it back... was this ethical in Russia and not in the US.
or was it quite simply always pure hacking. Do consider though that you local bank is probably using the 'secure' pdf standard to transfere your bank records.
Therefore... is it ethical to prove how insecure a 'apparent' secure connection is espically considering its transfering your money electronically ?

Also think about so-called 'white hat' hackers. These people are known for breaking into websites, finding all the flaws in the security, then emailing the company saying.. yes, i did this, and these are your apparent flaws in the site. Unfortunately quite often though, these companies then immediately contact the FBI, and have the people arrested for hacking.. is that ethical ?
Occasionaly, businesses do get hacked, then employ the hackers to fix these problems... this kind of business i support.

Originally posted by bob05


always lock the front door:p! in other words: get a firewall! i must agree with parkercd3, it shouldn't be done unless by the FBI and thats only if they get a serch warrent.............

Heres a thought...
Your front door dosent lock, but for some reason you dont realise.
Should it take the FBI to get a search warrant, to then investigate your house, to simply point out your door dosent lock.
Or... if a stranger one day.. total random event... sent you an email alerting you to the fact that your front door didnt lock.. would you then consider this illegal entry (hacking), thus call the cops/FBI or whoever.. or would you fix the broken lock, thank the person for being HONEST, and go on with your normal life ?

If a web site has flaws and believe me they all do! then the company who owns the site should be held responsible for any security breaches - I know people say that hacking is a crime, but so is nearly everthing else we do, or if it isn't it soon will be made to be a crime by those fat beurocrats.
Having a web site for a business or access to a network has its risks and people know this before they set them up.

I think too many companys act like sheep in a sense that if one large company has it, then we should.

Keep things informative on the web but nothing too destructive. Again firewalls have backdoors and web hopping can confuse security and lose any trails.

And with digital networking now on the burner - hackers heaven!

I think that what we are truely talking about is not weather it is ETHICAL to hack but weather or not the company or government is going to be embarrased upon recieving the message that they have been hacked. People can and often do get down right vicious upon being publicly embarrased, they tend to find ways to make their point and that is "Don't mess with me!". :r

Originally posted by BluesClues
Gates was part of the same group that Steve Jobs belonged to. They called their selves the Home brew computer club or somthing like that, I am sure ther will be some one that will correct me on that.

Actually you have the name of the CLub correct, but Bill Gates was never a member. Bill Gates was in Harvard and Seattle during the times of that club.

Originally posted by adestephen
If a web site has flaws and believe me they all do! then the company who owns the site should be held responsible for any security breaches - I know people say that hacking is a crime, but so is nearly everthing else we do, or if it isn't it soon will be made to be a crime by those fat beurocrats.
Having a web site for a business or access to a network has its risks and people know this before they set them up.

This sounds like the same logic as, "she deserved it by wearing that tight skirt". Blame the woman rapped not the raper!

Hackers as defined in the first post are CRIMINALS. Plain and simple!

So instead of "hacker" should some other politically correct term be found??? Oh, I know, IT Security consultant. Yeah I like that.
Maybe they'll have a certification for that?? call it ITSC. or Systems security consultant SSC.
Maybe one day they'll make it illegal to repair your own car. You won't be allowed to look under the hood to see what's under there. Or you won't even be allowed to pump your own gas.
And comparing hackers to rapists, thats wrong, just plain wrong.
So as the sun sets in the west and the DELL or HEWLETT PACKARD you purchased, merrily hums away and leaves your surfing habits for the world to see or find one day. Remember that the program you bought to wipe clean the dos files of places you've been whilst looking about the internet, or the tweaks that you have done to make your OS run smoother or connect faster are forms of hacking too.
Curiosity Illegal ??? that sucks.

I think the term CRIMINAL works just fine

dannee The answer is most definitely yes. Give me your IP address so I can do some ethical things. I promise I won't distrub your private files! :cool:

Originally posted by RayH
dannee The answer is most definitely yes. Give me your IP address so I can do some ethical things. I promise I won't distrub your private files! :cool:

Ray, id love to give you my IP address, unfortunately i dont think it will help you much. Its called random generated IP addresses from your ISP, when using the old 56K copper line dial up.

So you could then try hacking the ISP, to see what u could find out about me... but this will lead no where, as ive never actually signed up with my ISP in over 2 years.. its called getting access to an ISP collection of prepaid CD's before they hit the street.

Also technically speaking, the IP address isnt actually random.
Its is of course supplied by the ISP, and within a particular range. Also note, that on a 'general' basis, when dialing in with a 56K V.90, the IP address each time should differ from the pervious login, though it all depends on your ISP.

So i offer a simple challenge... identify the ISP im using.

Anarchists are an integral part of any society. However suppressed or repressed the anarchists are because of their anarchistic nature they always break through. Therefore is it good that we have anarchist hackers? Yes... and no.... Extremely few hackers=no security advancements and complacency While... Absolutely no hackers=no need for security and no downside to complacency. So is it ethical? Depends on who you ask. Is it good? In some ways? Is it bad? Yes it does far more harm than good but it isn't entirely evil. Does anyone have a snowman's chance in hell of stopping the anarchistic lobby? No.

danee Don't worry about me finding out what ISP you're using. Worry about the ISP finding out what ISP you're using.

I'd sure hate to see your bill when they decide to send you one! You don't have to convice me. You have to convice their lawyers.

Originally posted by RayH
danee Don't worry about me finding out what ISP you're using. Worry about the ISP finding out what ISP you're using.

I'd sure hate to see your bill when they decide to send you one! You don't have to convice me. You have to convice their lawyers.

Actually, i had thought about that for abit.. and the fine print on the packaging, confused my legal situation even more.

Im actually using the standard 1 month prepaid internet access packages which you can purchase for a large majority of ISP's.
I dont really see that i could get in trouble, as i have come across a 'small' pile (approx 300 CD's) of these types of CD's, which can be purchased from any Newsagency shop. The fact that i didnt pay for these they wouldnt/couldnt know, unless the ISP has the ability to trace a cash sale's, thru about 3 different hands etc.
Therefore what im doing is legit.. how i obtained them, well thats another story.
The fine print is interesting, because it states that multiple logins are not allowed, thus using a 2nd CD after the first finishes is apparently illegal, and after the 1st CD expires, you are suppose to register with them. Its rather strange, considering you can buy these CD's everywhere for $25, and your legally only ever allowed to use one ?

my two cents:
I "hack" (try out many things on my computer), but don't try to "crack" other people's security, whether its a locked door or just a door hanging open. Just the act of having a door/gate present shows everyone that there is private property on the other side. Having a disregard for other people's privacy is uncivilized and sometimes immoral, depending on your intent.

I like hacking and trying to see how other people have solved things. If the code is visible, then this isn't hacking. If I have to run extra utilities or access via another method, then this would be cracking.

danee Personally, I don't care how you connect. But as for me, paper trails and me stay far, far apart.

As I live in San Francisco, and many of my friends are "first generation" pc types, the thing I learned about the internet, "Telephone conversations, unless actively recorded, are gone after they are made. The internet doesn't as much bounce information as store it. Everything I type is stored on some compuer somewhere."