Is it ethical to hack real systems? [closed]

security hacking

It has been shown time and time again it's not ethical. And if you discover a flaw, then they'll likely nail you to the wall if they don't mind the publicity. When you do any sort of security testing, make sure you have permission in writing from someone with the authority to give it. Why?

See Randal L. Schwartz. He fought the conviction for 12 years and finally had his record expunged. He was doing something most sysadmins at the time wouldn't have thought twice about. But convicted he was.


The key flaw I see in your question is that you seem to believe it is possible to correctly assess from the outside what the damage hacking will do to a given system.

How do you know that flipping a given bit the wrong way isn't going to completely destroy something and cost your target thousands or millions of dollars.

Since ethics are very subjective I will answer you this way. It would be far more ethical to leave stuff alone that doesn't belong to you or you don't have explicit permission to touch.


If you just want to improve you security knowledge, there is a linux distribution called Damn Vulnerable Linux. It is used as a teaching aid in university security classes and includes many security vulnerabilities on purpose.

Just install that on a spare computer, much more ethical and you can learn just as much.


In a word, No.

If you find something out in a routine way then it would be good to alert them and not exploit it. But deliberately going out to test someone else's security is not really ethical.

They ought to be paying security firms to do this for them and if they have contracted you to do this, then it is clearly not unethical. But if you have not been contracted to do this, and you unintentionally expose some problem, or cause a problem unwittingly through your hacking actions, I suspect most corporations would want you prosecuted.

For your own safety, I would not go there. If you are really interested in this, try applying for jobs with the security firms contracted to do this.


No, that is not ethical.

If they take you to court for illegally breaking and entering, the judge will not let you off because you were "testing your security knowledge and learning something new".

If you stumble upon a security vulnerability during normal use of their system, I would argue it is absolutely ethical to alert them of the problem, but to explicitly go searching for vulnerabilities when you are not contracted to do so is not only unethical, in many localities it is also illegal.

Related

How to get dig +short to return something when there is no answer?
SSH access gateway for many servers
Why is it called Windows Server 2008 R2? Why not simply call it Windows Server 2010?
Find out which database in SQL Server 2005 uses how much RAM
How to check TCP timeout in linux / macos?
SQL command INSERT is working but the data not appear in table
OpenCV Birdseye view without loss of data
advanced formatted text field input manipulation?
Difference between .getPath() vs cursor in getting the real path of a file from uri in Android
Oracle trigger after insert or delete
How do I do the bash equivalent of $PROGPATH/program in Powershell?
How to correctly linearize depth in OpenGL ES in iOS?