Misuse of "Ethical Hacking"
In the past weeks, I have been active on multiple Discord "hacking" servers.
You could probably argue whether Discord is the best platform for this topic, but I think at least the CIA is very pleased about this development. Anyway...
I came across the huge misuse of the term "Ethical Hacker" or "Ethical Hacking", so I wanted to write a short post about it.
Let's look up the term on Leta:
IBM
Source: https://www.ibm.com/think/topics/ethical-hacking
Ethical hackers follow a strict code of ethics to ensure their actions help rather than harm companies:
- Ethical hackers get permission from the companies they hack.
- Ethical hackers don't cause any harm.
- Ethical hackers keep their findings confidential.
- Ethical hackers work within the confines of the law.
If any one of these four points is not fulfilled, it is not ethical hacking.
Unethical ethical hackers, often called ‘gray hat hackers’, use unethical methods or even operate outside the law toward ethical ends. While their intentions may be good, their actions can also expose new attack vectors to malicious attackers.
Malicious hackers, known as ‘black hat hackers’, commit cybercrimes for personal gain.
UK Government
Ethical hacking is the practice of testing a computer system, network, or application to find security vulnerabilities that could be exploited by criminal hackers.
Ethical hackers use the same tools and techniques as criminal hackers, but they do so with permission from the owner of the system being tested.
The goal of ethical hacking is to help organisations improve their security posture by finding and fixing vulnerabilities before they can be exploited.
The term Ethical Hacker does not have an official definition, but the largest companies, governments, and learning platforms (such as HTB and THM) all share very similar definitions.
The Misuse
Earlier I mentioned the misuse of these terms and my experiences on these Discord servers.
"Ethical" Account Recovery
"Ethical" Hacking Scammers
Quite often, I see people hunting scammers, trolling them, sending them RATs, IP loggers, and similar tools. While presenting their findings, they describe themselves as ethical hackers.
The intention might be good — limiting the action radius of cybercriminals — but is it truly ethical?
---> No, it is not. It isn’t even white hat hacking, as you are attacking an individual without their consent.
I also dislike cyber criminals, scammers, spammers, and all sorts of malicious actors. Attacking them feels like some kind of vigilante justice, and while understandable, it should not be supported.
Sometimes punching back is the only way to stop them — but please don't confuse this with ethical or legal behavior.
Great Book: https://archive.org/details/pdfy-YNtvDJueGZb1DCDA
Conclusion
I don't want to go into further detail and talk about responsible disclosure or lawful conduct. There are enough blogs and websites that already do this sufficiently.
The meaning of "Ethical Hacker" is being watered down, and we shouldn't allow that to happen.
Speak up. Explain the real definition. People might not even realize that they are engaging in illegal activities.
If you still want to engage in activities outside of the legal scope — fine — but keep your OPSEC tight:
Don't use services like Discord, use VPNs, and hide your identity.
o7
Blu3
