A simple observation:
"White Hat Hacker" is NOT synonymous with "Ethical Hacker"
You can legally protect an unethical corporation and in doing so, you are an accomplice to their unethical actions.
You can ethically hack to protect people and still be conducting illegal activities.
Do not conflate the two terms.
(I speak from experience. One of my first #infosec jobs was protecting an exceedingly unethical corporation. The work I did in their SOC protecting them from attacks by ethical hackers was an unethical action.
But I had to eat. And I had to provide for my family.
I did what I needed to do to survive. And left as soon as I could. I don't fault anyone from stealing bread if they need it and I don't fault anyone from working for an unethical corporation is that is their only choice. But acknowledge and understand the consequences of your actions.)
@tinker Very much this. Also, if you regard the ethical goal as protecting users from harm from the exploitation of a vulnerability, SOMETIMES the best thing to do is to quietly warn the vendor, while other times the best thing to do is warn everyone. It depends on very particular circumstances.
It's easier if your definition of "ethical" is simply "protect vendors from reputational harm". But that's not a very useful ethical system.
@chiclet - Sure! The two most common examples of Ethical Hackers that are not Corporate / Legal "White Hat" Hackers are:
Folks who hack software that affects people's safety and security (even without permission) and report those vulnerabilities, either to the corporation directly or publicly - with the intent to have the vulnerability patched. Regardless of where the software sits (thick client on hacker's box or web app on a corp's servers), this has often been met with lawsuits and criminal charges against the ethical hacker.
Folks who hack with the intent to destroy, sabotage, or otherwise hinder unethical corporations. Phineas Fisher was an example of this. Hacked Gamma Corp and Hacking Team which were making malware and spyware used by despotic governments to track journalists, activists, and other enemies of the despotic state.
Edit to mention: There are other examples, these are just to two prominent examples. It can help to step back even from hacking. Think of examples where breaking the law is the ethical thing to do. Harboring slaves pre-US Civil war. Harboring Jews during Nazi Germany. These were illegal things that were the ethical thing to do. Now find similar examples in regards to hacking. What is something that you can hack for an ethical purpose but is also against the law.
@tinker @chiclet Another (good) example: Hacking for the right to repair - like that episode with the locked down train software in Poland.
https://gizmodo.com/hackers-hit-with-legal-threats-after-they-fixed-a-brick-1851097424
@chiclet @tinker see the Polish train producer company threatening hackers who exposed the company creating deliberate train failures that could only be „repaired” in their workshop with legal action.
Grey hat I guess because they worked officially for the local government owned transport company that bought the trains but worked against the producer and hacked their software?
@ausir
@chiclet @tinker
Technically it's a white-hat hacking under the EU law, but nevertheless a good example as going against an unethical company.
P.S. here is the original link, from a site that's not affiliated with Russia: https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains
We've all been there: the trains you're servicing for a customer suddenly brick themselves and the manufacturer claims that's because you...
@tinker The problem lies from what "ethics" means to an ethical hacker. There is no consensual code of ethics (except that ethical hacker certification garbage) so using it as a label is problematic in the first place. Combine that to the vagueness of what a "white hat hacker" is supposed to be - IMO it's not even "acting inside of the law framework" because historically that's been totally false (point finger at self-described white hat hackers getting sued)
At Icon we also say "hackers for good" which is less pompous than "ethical" and easier to pass down to the general public
@tinker the question is, which one is which. Both terms have been (mis)used as marketing terms and are not really well defined.
Maybe it's time for a new, untainted term for an morally motivated hacker. 🤔
@tinker precisely
#WhiteHat: refuses to violate laws out of principle, even if that means being unethical
#GreyHat: refuses to violate good principles out of moral obligation and ethics, even if that means they'd violate laws
#BlackHat: doesn't give a damn and is only interested in personal profit if not maximizing damage to others
NineTailedFox
Tinker ☀️
Fritz Adalis
mav 
Matt Blaze
Chiclet
Bill Woodcock
AMS
Daniel Blake
Ausir
Take It EV Podcast 🎙️
voltar13
Aris Adamantiadis 
💲Paid
Konstantin Weddige
J Wolfgang Goerlich
Magnesium
Kevin Karhan 
Jasmine
ShawnT 🔧🐀
Konstantin 