While in the long run Naavi.org would like a proper regulatory regime to be set up for regulating Ethical Hacking trainings in India, it is necessary for Ethical Hackers who have already been trained to be guided properly to use their skills for legal purposes only.
At present the hacking skills can be used only with the written permission of the owner of an Information Asset who can authorize a vulnerability testing of his own systems. Any other form of “Unauthorized Access” or even an “Attempt at Unauthorized Access” including even a “Port Scanning” is not permitted in India law and can be prosecuted for punishment from 3 years to life imprisonment.
If hacking is attempted on foreign government assets there are countries which prescribe even a “Death Sentence”.
No person can give a written authorization to attempt hacking of any system not under his control. For example, an employer cannot try to hack into his employee’s e mail account without his written permission. A hacker should not therefore consider the written permission from a company as an all encompassing authority to hack.
In this context, the trained ethical hackers may feel frustrated that a training for which they paid lakhs of rupees is going unrewarded. Yes there is an underground mafia of Cyber Criminals and it may be profitable for them to join the mafia and make money. Then like Sreeshant the cricketer who sacrificed his promising cricket career for a short term enrichment through spot fixing, they may find themselves spending the rest of their time in jail.
Alternatively, I draw the attention of such frustrated souls to http://bugcrowd.com/ . (There may be other sites like this). Some of these sites are authorized (Please check authorization since they may make false claims) by certain system owners to conduct vulnerability testing and reward the persons who find out bugs. Those who have the skills should explore such opportunities and avoid getting lured to committing Cyber Crimes.
Naavi
