Positive use of Ethical Hacking Skills

While in the long run Naavi.org would like a proper regulatory regime to be set up for regulating Ethical Hacking trainings in India,  it is necessary for  Ethical Hackers who have already been trained to be guided properly to use their skills for legal purposes only.

At present the hacking skills can be used only with the written permission of the owner of an Information Asset who can authorize a  vulnerability testing of his own systems. Any other form of “Unauthorized Access” or even an “Attempt at Unauthorized Access” including even a “Port Scanning” is not permitted in India law and can be prosecuted for punishment from 3 years to life imprisonment.

If hacking is attempted on foreign government assets there are countries which prescribe even a “Death Sentence”.

No person can give a written authorization to attempt hacking of any system not under his control. For example, an employer cannot try to hack into his employee’s e mail account without his written permission. A hacker should not therefore consider the written permission from a company as an all encompassing authority to hack.

In this context, the trained ethical hackers may feel frustrated that a training for which they paid lakhs of rupees is going unrewarded. Yes there is an underground mafia of Cyber Criminals and it may be profitable for them to join the mafia and make money. Then like Sreeshant the cricketer who sacrificed his promising cricket career for a short term enrichment through spot fixing, they may find themselves spending the rest of their time in jail.

Alternatively, I draw the attention of such frustrated souls to http://bugcrowd.com/ . (There may be other sites like this). Some of these sites are authorized (Please check authorization since they may make false claims) by certain system owners to conduct vulnerability testing and reward the persons who find out bugs. Those who have the skills should explore such opportunities and avoid getting lured to committing Cyber Crimes.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Crime, Cyber Law, Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.