When hacking is legal

Written by

The Merriam-Webster dictionary gives two different definitions of “hacker” related to computer security. A hacker is either “an expert at programming and solving problems with a computer” or “a person who illegally gains access to and sometimes tampers with information in a computer system”. Hacker's themselves usually prefer the former definition, and law enforcement officers the latter. This article is about the occasions when computer hacking, gaining unauthorised access to a computer system, is completely legal.

It sounds as if this would be completely impossible, but as most computer security experts will know “penetration tests” are fairly routine things. This guy (http://www.security-gurus.net/2006/08/how-to-hack-bank.html) for instance, gives a fairly in-depth account of how a bank employed him to test their security, and he breached it in under 45 minutes.

As usual, the weakest part of their security system was the people who operated it and he found his way into their highly secured building simply by sneaking in behind an authorised employee. Penetration tests are one of the more efficient methods of highlighting simple errors in the way a company conducts its security and trains its staff for security.

In the UK there are now qualifications available for those who wish to become penetration testers, to legally hack computers for a living. Schemes variously called CREST, CHECK and TIGER exist so that those who are employed by a registered computer security firm can train and prove their knowledge of computer hacking to future employers and their firm's clientèle.

Online there are websites and servers known as “hacker wargames” that offer themselves up to newbie hackers as training grounds. Some are very simple affairs, highly secured servers where there's only one way to “win”: by logging in as the root user, with administrative privileges. Others such as hackthissite.org are fully evolved sites with various levels of “missions” for aspiring hackers to cut their teeth on.

In principle there is no reason why the word “hacking” should necessarily denote anything illegal. For decades now computer enthusiasts have taken pleasure in finding flaws in security systems to exploit and there are plenty of ways to do it legally, or even to do it for a living.


Image credit: Flickr



What’s hot on Infosecurity Magazine?