The term “hacker” has taken on a negative connotation in some circles. This unfortunate turn of events for the non-criminal hackers out there happened with the explosion of criminal activities by some hackers on the Internet in the 90’s. Hackers often believe they are performing a valuable service with their hacking. And some of them are. Hackers can be abstractly divided into two categories: Black Hat and White Hat. Black Hat hacking is criminal in nature. White Hat isn’t. White Hat hacking is probably what most hackers reading this perceive themselves as doing. Now, this is possible, but it is often a matter of perspective.
It might seem harmless to you, but there are larger issues to consider. While you may believe it is harmless to let the world know about some security problem, realize that the ethics of others out there may not be as pure as your own. Your noble goal of helping the computing world through your hacking may not be viewed as noble by everyone else.
If you haven’t been asked specifically to try to hack something on a network or the Internet, the best rule is don’t do it! Trying to hack a program you’ve purchased, running on your personal computer on your own home personal network, and only with your own personal data isn’t going to bring the Gestapo to your door (of course). But consider that the software vendor may or may not be interested in hearing your report about the problems you have so expertly found? Do they have a public bug reporting forum or form on the Web? How have you documented your findings? Do you really think they will appreciate you reporting to the world the problems with their software without notifying them first?
Unless it’s part of your job, if you engage at computer hacking at work you are very likely going to be fired when caught. Almost every company will have a policy against hacking. It’s important to understand that with new laws and regulations, especially regulations like HIPAA, that liability for employers has increased enormously. Your employer just can’t take the risk that you won’t keep hacking. In this case, curiosity definitely killed the cat–and you’re the cat!
The possible problems for you are even worse if you try hacking a company’s presence on the Internet and are successful. This may seem strange–you may think you’ve gotten away with it if you “get in” and get some “interesting” information. It’s not always as easy to hide your trail as it appears on TV and in the movies. If things go very badly for you and there is a strong evidence trail and documentation of your hacking adventures, criminal charges may be filed against you. These will likely be federal charges. Laws such as the Computer Fraud and Abuse Act and others can result in you serving hard time just because you wanted to see what the security of this-or-that system was like.Lawsuits against you for damages are another likely item on the list, especially if criminal charges are filed. Do you really want to defend yourself against criminal charges as well as civil ones just because you wanted to show your hacking buddies how much better you are than they are?