When exploring the net, at what point do you feel that harmless legal exploration crosses into the realm of illegal 'hacking'?
Printable View
When exploring the net, at what point do you feel that harmless legal exploration crosses into the realm of illegal 'hacking'?
Personally, I think you cross the line the moment you infltrate a computer without the person's consent.
Depends, for a lot of Law Enforcement agencies, the moment you cause financial harm to someone. There's always the two lines though: legal and ethical. Hacking nowadays is much more likely to be unethical than illegal in many countries, mostly because laws are still playing catch-up.Quote:
Originally posted here by fraggin
When exploring the net, at what point do you feel that harmless legal exploration crosses into the realm of illegal 'hacking'?
Easy one.... ;)
The whole crux of the question depends _not_ on your determination of the meaning of the word "harmless" but that of the person who discovers your "harmless" activity.
That's the only issue really.... It's up to you to decide what the other person's version of "harmless" is......
I agree. I do not think there is a law against hidden cameras as long as there is no audio because currently there are only laws against eavesdropping under certain conditions. Up until recently, most people only utilized CCTV in stores, shopping centers and other misc. areas where they were provided to prevent illegal activites. Now anyone can afford cameras that are very hideable and the laws should be updated to protect the rights of individuals, however, this goes back to your quote.....Quote:
Originally posted here by chsh
.... Hacking nowadays is much more likely to be unethical than illegal in many countries, mostly because laws are still playing catch-up.
As far as hacking a system, I would have to compare such activity to breaking and entering. If a door is wide open, (i.e. a port, or VPN tunnel with no protection) and not locked, and is on public property (i.e. an internet site, not a home PC or Network) then there would be no security devices to disable and no doors to bust open to enter the property. At this point, what more would it be than ulawful entry.. (if there is such a crime).
Fraggin:
One could technically argue that, in the case of the web site, port 80 is the only _public_ port. Thus, finding an open port for ftp, (21), could be considered exactly the same as going through the back door into the warehouse of your local supermarket because it was unlocked. At a minimum you can be charged with trespass. If you download a single file or cause any expense to the supermarket then you are a burglar.... Simple as that really. I believe the same applies to the internet... if my DNS points you to a web server or mail server or whatever then those are the "public" doors to my business. All others, be it by intent, misconfiguration or sheer stupidity are not your's to even "rattle the door of"... they are mine, period. The fact that you _can_ enter doesn't mean you _have_ to enter.
Then again, even my "public" port _should_ have some reasonable expectation of "proper use". Download my web pages, fill in my forms, buy stuff from me.... whatever.... but when you start trying to exploit the system in any way you become no better than the shoplifter who entered by the front door of the supermarket... Your intent may not be criminal, (maybe you are just trying to prove that you can steal a dozen eggs), but the moment you get outside the door with those eggs you have stolen them.... Similarly, using "devious" means to enter my supermarket can be considered to be equally criminal.
It's back to my original question..... What does the 'violated" person consider the meaning of the word "harmless".... In any case it will cost the owner money to mitigate the issue.... Thus, technically, _you_ just stole from him.
comes back to ethics..
You find an port 5000 open (was this by accident or were you doing a port scan.. so ethicly your off track already)
so you decide that a VNC prog must be in use, wow, the Password is PASSWORD, now you have the users Desktop ..
IF your "browsing" you won't accidently find that a site has an open port. If you Find an open Port, you are activly looking, that is your running a port scan.
When you go to the bank or a supermarket, there are a number of Customer Entry points, that is the Web sites port 80, you also have service entry points, these are normaly locked, that is have a secure password, and or they are hidden from view.. they wont have a banner inviting customers in .. customers don't enter a store via the fire escape or backdoor without invitation.
yes there is such a crime, regardless of what a dumbass the sysadmin of the site maybe, if your where the site normally wouldn't allow, your trespassing. A fellow in Aus äccidently" found a web page with a list of customers and their creditcard details, method.. typed random url's .. the page inquestion was not linked to on the site..that is no internal links.. ok it was a dumbass webmaster that allowed this.. but this guys intent was to find access via another method.. I forget what he was charged with.Quote:
what more would it be than ulawful entry.. (if there is such a crime).
Ouch... That really sucks.. he must have used this info for personal reasons.Quote:
Originally posted here by Und3ertak3r
. A fellow in Aus äccidently" found a web page with a list of customers and their creditcard details, method.. typed random url's .. the page inquestion was not linked to on the site..that is no internal links.. ok it was a dumbass webmaster that allowed this.. but this guys intent was to find access via another method.. I forget what he was charged with.
I guess that does make a valid point.... If your rolled into your local bank branch throught the door they deliver money orders to with armored trucks, you may get some odd stares, a
Ctrl-C of your appearance and clothing and end up answering some questions. And, going into the local supermart after hours and walking out with a dozen eggs may get you beat down by an overzealous rent-a-cop. Similar to being noticed port scanning and unethical, overzealous admin's domain.
I guess the days of innocent network exploration (other than your own) are pretty much over with, but it seems that it hasn't slowed down the act.