Law Stack Exchange
Law Stack Exchange

Questions tagged [ethical-hacking]

An ethical hacker, also known as a whitehat hacker, is a security professional who applies their hacking skills for defensive purposes on behalf of the owners of information systems. Use this tag for questions about legal issues related to ethical hacking. Do not use this tag for questions related to ethics in general.

An Ethical Hacker, also known as a whitehat hacker, or simply a whitehat, is a security professional who applies their hacking skills for defensive purposes on behalf of the owners of information systems. Nowadays, certified ethical hackers are among the most sought after information security employees in large organizations such as Wipro, Infosys, IBM, Airtel and Reliance among others.

22 questions
15
votes
2 answers

Is it legal to hack a hacker back (in the US)?

I was wondering if it's legal to do what most people call a "hack back." Suppose someone tricked you into downloading software onto your computer that was designed to steal your data, but it was advertised as an online security software. Then you…
Blue Herring
  • 634
  • 6
  • 17
10
votes
3 answers

Is it illegal to download passwords in bulk from the dark web to make a password checking tool to help people?

I remember some password managers like Google's would give me a warning about passwords that have been compromised. My question is this. How is Google or any company able to see that the password I have chosen matches one that has been…
devin
  • 217
  • 2
  • 5
6
votes
3 answers

Are publicly available password dumps legal under GDPR

When a company gets breached by hackers, often the contents of their databases will make its way onto the internet. Sometimes this will include obviously personal information such as email contents or personal data but it's quite common to see a…
gorzilla
  • 79
  • 1
  • 6
5
votes
2 answers

Can Law Enforcement in the US use evidence acquired through an illegal act by someone else?

There are reports on the internet this morning that a group of people were able to hack Parler and download around 70tb of data from the servers before AWS ceased hosting the platform. There are plenty of accusations being levelled at Parler's users…
GeoffAtkins
  • 1,088
  • 1
  • 10
  • 17
4
votes
1 answer

Legality of scanning a site with SSLLabs SSL Server Test in order to find and report weaknesses

I am wanting to scan a site (which I do not own) to see if they are vulnerable to anything like Heartbleed or the POODLE attack, not because I want to exploit any such vulnerabilities for malicious purposes, but because I want to inform the site…
user1157
3
votes
1 answer

Legal implications of printing something remotely to tell the owner their printer is vulnerable?

Commonly, wireless printers in homes and corporate settings can be configured incorrectly, exposing them to the internet. This can be a major security vulnerability, and can allow anyone to not only print stuff remotely on it, but sometimes even get…
Blue Herring
  • 634
  • 6
  • 17
3
votes
1 answer

Is reverse engineering for research legal?

I want to look at the code of a certain app, without modifying it. Is that fine accordingly to EU laws ? Btw, sorry if I posted this in the wrong place.
Telno
  • 39
  • 1
3
votes
2 answers

Hacking a scammer: is this guy breaking the law by deleting phishing data?

I just watched this video. In it the presenter hacks a phishing website using a SQL injection attack and then deletes the database of harvested emails and passwords. Assuming that he did this to a real scammer as opposed to a demo website he set up…
Paul Johnson
  • 14,252
  • 3
  • 39
  • 63
2
votes
0 answers

Do I need explicit permissions to clone the FB login page for teaching and demonstration purposes?

We are in the business of training on Ethical Hacking. One of our modules shows a demo of the Social Engineering Toolkit. The demo involves cloning of the Facebook login page. One of our members felt that we needed explicit permissions from FB to go…
user1720897
2
votes
1 answer

Is there any country where hacking back is legal?

Building on this unanswered question: Under what circumstances could laying hacker "traps" cause civil or criminal liability for non-law enforcement civilians? I was wondering if there was any place where hacking back is legal, and if would be…
Guest456
  • 23
  • 3
2
votes
0 answers

As a Developer how should my contract be worded to protect against hacking

I am a web developer and have a contract for client based projects that has been improved over years and many projects. However after reading it this month I think that upgrading the section that protects me from security breaches from nefarious…
Ben Racicot
  • 121
  • 4
2
votes
1 answer

Is it illegal to perform wifi hacks on your own home network using tools like WiFiPhisher, Aircrack, and Wireshark?

Apologies if this has been asked countless times. I've seen it a few times around here however they usually pertain to someone having written permission. And I don't... Or if someone could post a duplicate thread with more information. I recently…
Nocturnel
1
vote
1 answer

Is it illegal to head to public but hidden web pages such as admin.php?

I'm someone who's recently been interested in cybersecurity. I learned that most webpages have a text file called robots.txt (like example.com/robots.txt) that holds webpages that are public but are not allowed to show up in search engines, like…
Thunder
  • 15
  • 3
1
vote
0 answers

Can an individual be held responsible if their code is used maliciously?

For a while now, I have been interested in viruses, backdoors, etc. As a result, I've started to tinker around with techniques on how to go undetectable for educational/personal purposes. I'd like to open source my code as a learning resource,…
Eccentrici
1
vote
1 answer

How to go about learning cyber security if possessing such software (hacking software) is highly and explicitly illegal in my and most countries?

A question for "ethical hackers" or cyber security professionals. I am very interested in the world of cyber security and all aspects of it. I am genuinely interested in the security aspect of it and from a highly ethical and moral perspective. I…
RobbB
  • 123
  • 5
1
2