@tinker

Can you give an example of an ethical hacker that isn't a white hat?

#hacking #infosec

@chiclet - Sure! The two most common examples of Ethical Hackers that are not Corporate / Legal "White Hat" Hackers are:

• Folks who hack software that affects people's safety and security (even without permission) and report those vulnerabilities, either to the corporation directly or publicly - with the intent to have the vulnerability patched. Regardless of where the software sits (thick client on hacker's box or web app on a corp's servers), this has often been met with lawsuits and criminal charges against the ethical hacker.

• Folks who hack with the intent to destroy, sabotage, or otherwise hinder unethical corporations. Phineas Fisher was an example of this. Hacked Gamma Corp and Hacking Team which were making malware and spyware used by despotic governments to track journalists, activists, and other enemies of the despotic state.

Edit to mention: There are other examples, these are just to two prominent examples. It can help to step back even from hacking. Think of examples where breaking the law is the ethical thing to do. Harboring slaves pre-US Civil war. Harboring Jews during Nazi Germany. These were illegal things that were the ethical thing to do. Now find similar examples in regards to hacking. What is something that you can hack for an ethical purpose but is also against the law.

#hacking #infosec

@chiclet @tinker see the Polish train producer company threatening hackers who exposed the company creating deliberate train failures that could only be „repaired” in their workshop with legal action.

Grey hat I guess because they worked officially for the local government owned transport company that bought the trains but worked against the producer and hacked their software?

https://www.kaspersky.com/blog/train-hack-37c3-talk/50321/