I noticed in a thread that there are legal hacks. I thought all hacks were illegal. What kinds of hacks are legal?
DON'T WORRY I'M NOT GOING TO HACK INTO SOMEONE'S COMPUTER, LEGALLY OR ILLEGALLY
I'm just curious.
Printable View
I noticed in a thread that there are legal hacks. I thought all hacks were illegal. What kinds of hacks are legal?
DON'T WORRY I'M NOT GOING TO HACK INTO SOMEONE'S COMPUTER, LEGALLY OR ILLEGALLY
I'm just curious.
Thread was moved from GCC to Misc Security as this seems an interesting security discussion.
Well, I think it might be better to define it as exploits or cracking as hacks -- to me -- are more discovering something about an OS. But to answer your question, legal ones are ones you are given written authority to do against a machine. Or you build a machine at home to do it. (e.g., wargame machine).
It's when you go after someone else's machine that things become ... questionable.
Questionable? Is it automatically illegal to hack into somebody elses computer? Or is it just wrong by moral standards?
Well, I don't want to say outright that all countries have Computer Crime laws as I don't know every country's legal standards but a majority do, so in a "yes and no" answer, it is "automatically" illegal to hack into the majority of computers out there. I don't know which countries don't have such laws but I wouldn't put it past them to assume that they won't have them soon.
How's that for an answer? :D
Good, thank you
I was told that when you get permission you also need to include in the document that the person giving you the permission has the authority to do so. Basically one document that contains those two pieces of information to make it "more" legal. As I'm sure you all know lawyers can be such @(*&%^$** about such things.
There have been some cases where it was deemed legal, when someone "hacked" into computers in a very limited sense, with no detrimental activities and reported it to the right sources. One case a hacker installed trojans on Child p0rn hosters and reported it to the FBI and was given a pat on the back. Its a very tight rope to walk, and there's a lot hypocrisy, when it suits them one time its ok when it doesn't they make hell for you. As msmittens said in pretty much any "modern" nation, they can throw the book at you for any unauthorized access.
the word hack sound illegal
In australia, if you do want to hack a business (to find there weaknesses, or whateva) you must get a signed legal document from the CEO or equivlent of the IT department, it must be signed by a JP (justice of the peace) because if you dont, it turns out that that thing you signed is all it is A THING lmao. but yeah get permission and get a legal document.
And many times i have heard stories about hacking kiddie porn site and the hackers getting off scot free. Well it doesnt work like that here, the way they see it is, we are the authority and all you are civilians we will deal with them. So... a hack is a hack nomatter who you do it to. but im 100% with anti-kporn hackers (if you want to do it, just do it illeagally)
but make sure you have that peice of paper and make sure that you let the company know that they should have a backup, (so if you accidently cough wipe the system) its easy to fix.
:) modderfokker
Amplified girl
The word hack doesnt sound illegal girl. learning things like hacking can help us protect ourselves from outer attacks
Hacking isn't illegal at all. I would argue that the real meaning of hacking is discovering how things work. You can hack your own computer just as much as you could hack into someone else's (although, the meaning of hack and hacker is starting to blur here), but it would be rather strange if someone attempted to prosecute you for it.
I mean, if you get locked out of your house and the only way you can get in is to break the window, would you think that you would be arrested for doing so? It seems unlikely.
Now, if you get "locked" out of someone else's house and you decide that you need to smash the window to get in, I doubt that you could possibly not be breaking the law. But if the person who own's the house requires your help to break into their own house because they have lost the key, you aren't going to get arrested.
Anyhow. I think I've just reiterated what everyone else already said which was kinda pointless. I just get annoyed when people talk about "hackers" and "hacking" as though that was necessarily a bad thing.
ac
In general the great public speaks about "hacking" and "hackers" as it was and all of them were illegal and evil. "Real hackers", however, refer to criminal hackers as crackers (verb. cracking).
"White hat hackers" are those advanced users who have real jobs with computers, like sysadmins and such. White hat hackers are trying to keep the "black hat hackers" out of their systems from destroying or stealing data. "Grey hat hackers" might just visit systems but alter no data. Also some hackers are specialized in cracking into and destroying for example child porn sites and consider themselves as white hats. Well, you can't really blame them but it's questionable again, so I'd put them under the category of grey hats.
Just for the trivia, the hat-analogy comes from old westerns where good guys had white stetsons and the bad guys always wore black ones. :)
Yes, it does, and that's because of the media as mentioned everywhere.Quote:
the word hack sound illegal
Well, these "kind" are mostly hacktivists, for more info about hacktivism check out this site: http://www.thehacktivist.com/hacktivism.phpQuote:
Also some hackers are specialized in cracking into and destroying for example child porn sites and consider themselves as white hats
the word hacker and hacking have been unduly aggeravated by the media to such a extent that whenever it comes to mind is is a synonium for doing something illegalQuote:
the word hack sound illegal
the following i think best defines the word hacker
the following i think best defines the word hackingQuote:
[originally, someone who makes furniture with an axe] 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. 2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming. 3. A person capable of appreciating hack value. 4. A person who is good at programming quickly. 5. An expert at a particular program, or one who frequently does work using it or on it; as in `a Unix hacker'. (Definitions 1 through 5 are correlated, and people who fit them congregate.) 6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example. 7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations. 8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence `password hacker', `network hacker'. The correct term for this sense is cracker.
the fedral law regarding hacking(oopps Cracking )
try reading this ( a guide to Mostly harmless hacking ) a fairly Newb stuff but a very good reading for NewBQuote:
OVERVIEW OF US FEDERAL LAWS
In general, a computer crime breaks federal laws when it falls into one of
these categories:
· It involves the theft or compromise of national defense, foreign
relations, atomic energy, or other restricted information.
· It involves a computer owned by a U.S. government department or agency.
· It involves a bank or most other types of financial institutions.
· It involves interstate or foreign communications.
· it involves people or computers in other states or countries.
Of these offenses, the FBI ordinarily has jurisdiction over cases involving
national security, terrorism, banking, and organized crime. The U.S. Secret
Service has jurisdiction whenever the Treasury Department is victimized or
whenever computers are attacked that are not under FBI or U.S. Secret
Service jurisdiction (e.g., in cases of password or access code theft). In
certain federal cases, the customs Department, the Commerce Department, or a
military organization, such as the Air Force Office of Investigations, may
have jurisdiction.
In the United States, a number of federal laws protect against attacks on
computers, misuse of passwords, electronic invasions of privacy, and other
transgressions. The Computer Fraud and Abuse Act of 1986 is the main piece
of legislation that governs most common computer crimes, although many
other laws may be used to prosecute different types of computer crime. The
act amended Title 18 United States Code §1030. It also complemented the
Electronic Communications Privacy Act of 1986, which outlawed the
unauthorized interception of digital communications and had just recently
been passed. The Computer Abuse Amendments Act of 1994 expanded the 1986 Act
to address the transmission of viruses and other harmful code.
In addition to federal laws, most of the states have adopted their own
computer crime laws. A number of countries outside the United States have
also passed legislation defining and prohibiting computer crime.
THE BIG NO NO’S -- THE TWO MOST IMPORTANT FEDERAL CRIME LAWS
As mentioned above, the two most important US federal computer crime laws
are 18 USC: Chapter 47, Sections 1029 and 1030.
SECTION 1029
Section 1029 prohibits fraud and related activity that is made possible by
counterfeit access devices such as PINs, credit cards, account numbers, and
various types of electronic identifiers. The nine areas of criminal
activity covered by Section 1029 are listed below. All *require* that the
offense involved interstate or foreign commerce.
1. Producing, using, or trafficking in counterfeit access devices. (The
offense must be committed knowingly and with intent to defraud.)
Penalty: Fine of $50,000 or twice the value of the crime and/or up to 15
years in prison, $100,000 and/or up to 20 years if repeat offense.
2. Using or obtaining unauthorized access devices to obtain anything of
value totaling $1000 or more during a one-year period. (The offense must be
committed knowingly and with intent to defraud.)
Penalty: Fine of $10,000 or twice the value of the crime and/or up to 10
years in prison, $100,000 and/or up to 20 years if repeat offense.
3. Possessing 15 or more counterfeit or unauthorized access devices. (The
offense must be committed knowingly and with intent to defraud.)
Penalty: Fine of $10,000 or twice the value of the crime and/or up to 10
years in prison, $100,000 and/or up to 20 years if repeat offense.
4. Producing, trafficking in, or having device-making equipment. (The
offense must be committed knowingly and with intent to defraud.)
Penalty: Fine of $50,000 or twice the value of the of the crime and/or up
to 15 years in prison, $1,000,000 and/or up to 20 years if repeat offense.
5. Effecting transactions with access devices issued to another person in
order to receive payment or anything of value totaling $1000 or more during
a one-year period. (The offense must be committed knowingly and with intent
to defraud.)
Penalty: Fine of 10, or twice the value of the crime and/or up to 10 years
in prison, 100,000 and/or up to 20 years if repeat offense.
6. Soliciting a person for the purpose of offering an access device or
selling information that can be used to obtain an access device. (The
offense must be committed knowingly and with intent to defraud, and without
the authorization of the issuer of the access device.)
Penalty: Fine of $50,000 or twice the value of the crime and/or up to 15
years in prison, $100,000 and/or up to 20 years if repeat offense.
7. Using, producing, trafficking in, or having a telecommunications
instruments that has been modified or altered to obtain unauthorized use of
telecommunications services. (The offense must be committed knowingly and
with intent to defraud.)
This would cover use of “Red Boxes,” “Blue Boxes” (yes, they still work on
some telephone networks) and cloned cell phones when the legitimate owner of
the phone you have cloned has not agreed to it being cloned.
Penalty: Fine of $50,000 or twice the value of the crime and/or up to 15
years in prison, $100,000 and/or up to 20 years if repeat offense.
8. Using, producing, trafficking in, or having a scanning receiver or
hardware or software used to alter or modify telecommunications instruments
to obtain unauthorized access to telecommunications services.
This outlaws the scanners that people so commonly use to snoop on cell phone
calls. We just had a big scandal when the news media got a hold of an
intercepted cell phone call from Speaker of the US House of Representatives
Newt Gingrich.
Penalty: Fine of $50,000 or twice the value of the crime and/or up to 15
years in prison, $100,000 and/or up to 20 years if repeat offense.
9. Causing or arranging for a person to present, to a credit card system
member or its agent for payment, records of transactions made by an access
device.(The offense must be committed knowingly and with intent to defraud,
and without the authorization of the credit card system member or its agent.
Penalty: Fine of $10,000 or twice the value of the crime and/or up to 10
years in prison, $100,000 and/or up to 20 years if repeat offense.
SECTION 1030
18 USC, Chapter 47, Section 1030, enacted as part of the Computer Fraud and
Abuse Act of 1986, prohibits unauthorized or fraudulent access to government
computers, and establishes penalties for such access. This act is one of
the few pieces of federal legislation solely concerned with computers.
Under the Computer Fraud and Abuse Act, the U.S. Secret Service and the FBI
explicitly have been given jurisdiction to investigate the offenses defined
under this act.
The six areas of criminal activity covered by Section 1030 are:
1. Acquiring national defense, foreign relations, or restricted atomic
energy information with the intent or reason to believe that the information
can be used to injure the United States or to the advantage of any foreign
nation. (The offense must be committed knowingly by accessing a computer
without authorization or exceeding authorized access.)
2. Obtaining information in a financial record of a financial institution
or a card issuer, or information on a consumer in a file of a consumer
reporting agency. (The offense must be committed intentionally by
accessing a computer without authorization or exceeding authorized access.)
Important note: recently on the dc-stuff hackers’ list a fellow whose name
we shall not repeat claimed to have “hacked TRW” to get a report on someone
which he posted to the list. We hope this fellow was lying and simply paid
the fee to purchase the report.
Penalty: Fine and/or up to 1 year in prison, up to 10 years if repeat offense.
3. Affecting a computer exclusively for the use of a U.S. government
department or agency or, if it is not exclusive, one used for the government
where the offense adversely affects the use of the government’s operation of
the computer. (The offense must be committed intentionally by accessing a
computer without authorization.)
This could apply to syn flood and killer ping as well as other denial of
service attacks, as well as breaking into a computer and messing around.
Please remember to tiptoe around computers with .mil or .gov domain names!
Penalty: Fine and/or up to 1 year in prison, up to 10 years if repeat offense.
4. Furthering a fraud by accessing a federal interest computer and
obtaining anything of value, unless the fraud and the thing obtained
consists only of the use of the computer. (The offense must be committed
knowingly, with intent to defraud, and without authorization or exceeding
authorization.)[The government’s view of “federal interest computer” is
defined below]
Watch out! Even if you download copies of programs just to study them, this
law means if the owner of the program says, “Yeah, I’d say it’s worth a
million dollars,” you’re in deep trouble.
Penalty: Fine and/or up to 5 years in prison, up to 10 years if repeat offense.
5. Through use of a computer used in interstate commerce, knowingly
causing the transmission of a program, information, code, or command to a
computer system. There are two separate scenarios:
a. In this scenario, (I) the person causing the transmission intends
it to damage the computer or deny use to it; and (ii) the transmission
occurs without the authorization of the computer owners or operators, and
causes $1000 or more in loss or damage, or modifies or impairs, or
potentially modifies or impairs, a medical treatment or examination.
The most common way someone gets into trouble with this part of the law is
when trying to cover tracks after breaking into a computer. While editing
or, worse yet, erasing various files, the intruder may accidentally erase
something important. Or some command he or she gives may accidentally mess
things up. Yeah, just try to prove it was an accident. Just ask any systems
administrator about giving commands as root. Even when you know a computer
like the back of your hand it is too easy to mess up.
A simple email bomb attack, “killer ping,” flood ping, syn flood, and those
huge numbers of Windows NT exploits where sending simple commands to many of
its ports causes a crash could also break this law. So even if you are a
newbie hacker, some of the simplest exploits can land you in deep crap!
Penalty with intent to harm: Fine and/or up to 5 years in prison, up to 10
years if repeat offense.
b. In this scenario, (I) the person causing the transmission does not
intend the damage but operates with reckless disregard of the risk that the
transmission will cause damage to the computer owners or operators, and
causes $1000 or more in loss or damage, or modifies or impairs, or
potentially modifies or impairs, a medical treatment or examination.
This means that even if you can prove you harmed the computer by accident,
you still may go to prison.
Penalty for acting with reckless disregard: Fine and/or up to 1 year in prison.
6. Furthering a fraud by trafficking in passwords or similar information
which will allow a computer to be accessed without authorization, if the
trafficking affects interstate or foreign commerce or if the computer
affected is used by or for the government. (The offense must be committed
knowingly and with intent to defraud.)
A common way to break this part of the law comes from the desire to boast.
When one hacker finds a way to slip into another person’s computer, it can
be really tempting to give out a password to someone else. Pretty soon
dozens of clueless newbies are carelessly messing around the victim
computer. They also boast. Before you know it you are in deep crud.
Penalty: Fine and/or up to 1 year in prison, up to 10 years if repeat offense.
Re: #4 Section 1030 defines a federal interest computer as follows:
1. A computer that is exclusively for use of a financial
institution[defined below] or the U.S. government or, if it is not
exclusive, one used for a financial institution or the U.S. government where
the offense adversely affects the use of the financial institution’s or
government’s operation of the computer; or
2. A computer that is one of two or more computers used to commit the
offense, not all of which are located in the same state.
This section defines a financial institution as follows:
1. An institution with deposits insured by the Federal Deposit Insurance
Corporation(FDIC).
2. The Federal Reserve or a member of the Federal Reserve, including any
Federal Reserve Bank.
3. A credit union with accounts insured by the National Credit Union
Administration.
4. A member of the federal home loan bank system and any home loan bank.
5. Any institution of the Farm Credit system under the Farm Credit Act of 1971.
6. A broker-dealer registered with the Securities and Exchange
Commission(SEC) within the rules of section 15 of the SEC Act of 1934.
7. The Securities Investors Protection Corporation.
8. A branch or agency of a foreign bank (as defined in the International
Banking Act of 1978).
9. An organization operating under section 25 or 25(a) of the Federal
Reserve Act.
WHO’S IN CHARGE OF BUSTING THE CRACKER WHO GETS A BIT FROGGY REGARDING
SECTION 1030?
(FBI stands for Federal Bureau of Investigation, USSS for US Secret Service)
Section of Law Type of Information Jurisdiction
1030(a)(1) National Security FBI USSS JOINT
National defense X
1030(a)(2) Foreign relations X
Restricted atomic energy X
1030(a)(2) Financial or consumer
Financial records of X
banks, other financial
institutions
Financial records of
card issuers X
Information on consumers
in files of a consumer
reporting agency X
Non-bank financial
institutions X
1030(a)(3) Government computers
National defense X
Foreign relations X
Restricted data X
White House X
All other government
computers X
1030(a)(4) Federal interest computers:
Intent to defraud X
1030(a)(5)(A) Transmission of programs, commands:
Intent to damage or deny use X
1030(a)(5)(B) Transmission off programs, commands: Reckless disregard X
1030 (a)(6) Trafficking in passwords:
Interstate or foreign commerce X
Computers used by or for
the government X
Regarding 1030 (a)(2): The FBI has jurisdiction over bank fraud violations,
which include categories (1) through (5) in the list of financial
institutions defined above. The Secret Service and FBI share joint
jurisdiction over non-bank financial institutions defined in categories (6)
and (7) in the list of financial institutions defined above.
Regarding 1030(a)(3) Government Computers: The FBI is the primary
investigative agency for violations of this section when it involves
national defense. Information pertaining to foreign relations, and other
restricted data. Unauthorized access to other information in government
computers falls under the primary jurisdiction of the Secret Service.
MORAL: CONFUCIUS SAY: “CRACKER WHO GETS BUSTED DOING ONE OF THESE CRIMES,
WILL SPEND LONG TIME IN JAILHOUSE SOUP.”
Most hackers actually don't break into anything. They are the people you see releasing all those fine Linux Distros and finding all the security holes in programs. They also are the admins that test servers and websites for holes and weaknesses. Crackers are those that try to break into hotmail accounts, release warez, and try to deface someone's site/
Quote:
A hacker is one who creates; A cracker is one who destroys
well, in my views, hacking is legal also...
when you are bound to a contract by a company to check the vulnerability of their systems, you need to check the security of the systems by trying to hack it by yourself.. like you check the door after locking it... this is called ethical hacking, which is not having a wrong purpose behind it...
It is better to check the security of the system yourself, before a malicious hacker tries his/ her hand!!
Yea, I've heard of "Vigilante Hacking" before... I heard a story similar to that one that extreamez told... A hacker monitored some ppl who were downloading kiddie porn, and one of the people turned out to be a judge! :o I've got an idea... how about the FBI declares that Kiddie porn sites aren't sheltered under the protections of the information security act.. Therefore allowing hackers to shut them down legally. hahaha! There wouldn't be too many kiddie porn sites on the net after that ;)
http://dictionary.reference.com/search?q=hackQuote:
Doesn't read that way to me.
We can't judge on something still questionable?
Some Cyber experts claims that Hacking is completely legal,,,,
And they categorize the people who have a malicious intentions
to Crackers...
So, this is a very complicated question?
I heard that in China/Japan it is legal to hack? the other day some kid got arrested though for hacking the goverment of china's website and in da headlines stating that it is rare for some hacker to get arrested in china. he was arrested because he was defacing the websites and putting porn on the websites.
as far as i can say, it is the intentions which makes hacking legal or illegal...
there are sites which help you learn the ways of hacking...
and it is legal, as far as you are not misusing your knowledge...
I agree with a lot of people here that "hacking" has become such a dark term. The media has ruined it's original meaning, which was exploration and extensive knowledge of computers. Everyone views hackers at such horrible people when the true hackers are the ones saving their asses. I hate that the media has spoiled the true essence of a hacker. Too bad we can convince them to switch the word to cracker.
[quote]
One case a hacker installed trojans on Child p0rn hosters and reported it to the FBI and was given a pat on the back
[/qoute]
This is how i think it should be, but i hate the idea that it could be used against you, like being sued for attacking the attacker :(
Just a minor curiosity for the person who mentioned white hats, black hats, and grey hats.
Where does the hacker who penetrates a network for the challenge and then fixes any holes they find fit in? Are they "grey hat" or "white hat"?
Everyone here is confusing hacking with cracking. Cracking is the term for a "black hat hacker" and hacker is a term for a "white hat hacker".
IMHO, Cracking is only illegal if you get caught. :D It is unethical if you get caught or not.
The question you have to ask yourself is: Are the 5 minutes of fun you'll have worth the 5 years with Bubba that you'll earn it you get caught?
Now there's a twist to ponder!
grey hackers are the crackers, who work for a good cause...
now it depends on the job they did...
if it is known to the owner/user (against whom it is done), then theres no prob, otherwise... it is a crime..
hacking not only helps in exploration but also tell us the vulnerabilities... loopholes...
Actually, the word cracker is invented by hackers that didn't want those people to be called hackers. Hacker simply means computer guru.
Who cares, it's just a word, instead of telling someone you are an uber elite hacker you now tell them you are an elite computer guru ;)Quote:
I hate that the media has spoiled the true essence of a hacker. Too bad we can convince them to switch the word to cracker.
well.. as there is a lot of difference between the intentions of a cracker and hacker.. the good people wanted that the bad people should have another name and given the name CRACKER... but unfortunately hackers are considered bad instead of CRACKERS!! what a tragedy!! :)
sorry, was just a joke!!
Actually, I suspect it's the derogatory defination of cracker that makes the media not use that term. That and the fact that hacker sounds sexier.
Here are some brief definitions to help keep this stuff in the right context.
I guess you could use hacker or cracker, depending on which term you prefer.
Blackhat: |Insert Preferred term here| who attempts to gain access to systems and information with the intent to steal, deface, destroy, sabotage, or otherwise perform a malicious act.
Greyhat : |Insert Preferred term here| who attempts to gain access or information which is usually used to find and fix vulnerabilities without the permission or knowledge of the system owner. Usually does not involve malicious intent. The actions and methods used may be considered malicious by the system owner. The actual intent of the greyhat is uncertain, or grey, hence the use of the term.
Whitehat: |Insert Preferred term here|, usually a system or security administrator or consultant, who uses the many of the same methods and tools Blackhats and Greyhats use, but with the intent to find and fix vulnerabilities and otherwise secure systems they control against malicious attackers. The intentions of Whitehats are not malicious. These actions are always performed with permission from the system owner.