If you have an urge of cracking (‘hacking’, for the non-purists) into a computer system or network, make sure you do it stealthily and don’t turn your findings up for a ‘a good cause’ of showing the problems in the deployment of the system. If you try to do a good deed, be prepared for a punishment. No good deed goes unpunished!
Today I read this story on Slashdot and my ugly experience of being a ‘whitehat’ came back to me. Read the story here. At the end of it, Soulskill raises some genuine concerns:
“He should have asked permission before trying, but throwing the book at the guy and wrecking his life with criminal charges (which stick for a long time) seems a little excessive. The university should spend money on hiring some admins with better computer skills and teaching skills rather than paying lawyers.”
“The truth is, some university students are going to have the desire to hack something, and not all of them have the judgment to stay out of trouble. If you acknowledge that and catch them inside the university, you can straighten them out before they wreck their lives, and teach them to be white hats. Rather than creating a hostile environment where people may become black hats, you create an environment where you guide them in the right direction to being good computer security professionals. For every hacker they catch, there’s probably at least one that they don’t know about. I can imagine that a number of those hackers at Carleton are now seeing the university as the enemy for burning ‘one of their own,’ and some of them may become malicious to get even. If the student’s intentions were good – which they appear to be – I can’t help but feel sorry for the guy.”
In my case, I went to ask for a permission for a temporary root access on a system, but the admin –who was a good-for-nothing snob, according to a general consensus– did not allow it, at the time of my utmost requirement, for whatever reasons. I cracked that system, and he could not do anything about it. He did not come to know of the incident for a period of about six months, until he required a root access for some maintenance job. At that time, he realized what had struck him, and his quest to find a culprit started. Logs did not show anything (How could they?), and the next thing I know was that I was banned from entering that laboratory. Why? Doubt! Hunch!
How did he get that hunch? Because I made a ‘white hat mistake’! I went him to ask. I know this sounds pretty spoilt and outrageous, my suggestion. But what am I supposed to do? Tell you guys that you put your finger in flame to get yourselves burnt? You better be a greyhat or a blackhat, but don’t do anything good, at least for your organization or the system administrator.