1

Lets say for instance...

  • X has hacked Y.
  • X does not know Y but thought Y looked and sounded suspicious over social media.
  • X infiltrated their emails and discovered content that local authorities would be highly interested in.

The only issue is how would X inform the authorities about Y being a suspected criminal if hacking is against the law and X does not want to get themselves into trouble?

Truly speculative, just wondering, that's all.

What would you do?

JohnDoe
  • 43
  • 2
  • 5
    I fail to see the "ethical" part of this hacking. – Neil Smithline Dec 16 '15 at 20:09
  • 1
    The ethical thing would have been to not have hacked anything to begin with (without permission). – Jonathan Gray Dec 16 '15 at 20:20
  • 2
    This scenario is not "ethical hacking", by definition. There might be ethical considerations once you obtain the data, but this is not "ethical hacking". I'd put it more in the "hacktivism" camp. – schroeder Dec 16 '15 at 20:51
  • All these edits have ruined the original meaning and intent of this post. If this does not belong in 'security' then please inform me where this question is best suited. – JohnDoe Dec 16 '15 at 21:11
  • @JohnDoe, If it's kiddy porn, turn it in to the authorities. Regardless of what any of these plebs say, you will not be punished, and there is precedence for this. – Mark Buffalo Dec 16 '15 at 21:19
  • @JohnDoe the only real question is whether your title of "ethical hacking" was accurate. Only the title has been edited by the community. – schroeder Dec 16 '15 at 21:36

3 Answers3

6

X should do nothing. X likely broke a few laws by hacking into the system controlled by Y, so by reporting it they are incriminating themselves. Should it come to a criminal case against Y, the defense of Y will likely be that any evidence X claims to have found was forged by X to incriminate Y. X admitted to being a cyber criminal, after all, so X can not be trusted.

What X should have done is inform the authorities when they thought Y looked and sounded suspicious over social media, let them decide if they want to pursue the case or not and forget about it.

Philipp
  • 49,384
  • 8
  • 129
  • 160
1

I guess it really depends on what X found regarding Y. The ends shouldn't justify the means, and therefore X cannot consider himself an ethical hacker (hacking someone unwittingly is NEVER ethical as it's a violation of privacy and liberty - period).

However, if what X found was of concern enough that harm may come to another due to Y's actions, X should find a way to anonymously tip law enforcement.

Jesse Williams
  • 115
  • 3
0

Even if law enforcement got involved they would not be able to use any of your illegally obtained evidence(only exception is that if they didn't know where it came from ie. Anonymously mail a flash drive with nothing pointing back at you) and without the evidence they wouldn't be able to get a search warrant either.

PC3TJ
  • 121
  • 2