Thread

Whats illegal and what isn’t?

A lot of people say that when it comes to the web anything and everything is free. If you put it on the web your putting your self at risk to have it get stolen.

A lot of “Hacking” is really just exploiting bugs in applications. If we were to define hacking as “Gaining access to/altering information in a way it was not intended to be accessed or with out permission” a lot of things start to be considered hacking. The most common way to “Hack” into a website is to exploit poor programming with Sql Injections. Doing so can grant you access to a lot of information.

Let say, for example John has a website, where he uses some simple php to protect a section of his site with a simple username and password. The usernames and passwords are stored in a file publicly available called passwords.txt (Above the root of his web server, but not link to by anything). Its very simple to gain access to this sensitive information, all its really takes is calling up a file in your web browsers. Is this considered hacking? Using the definition I stated above, this would be hacking because your gaining access to information with out permission.

John figures out that this isn’t a very safe way to protect his site so he does some research and learns about storing information in a database. He updates his website so it now goes to a database to check for the username and passwords.

John makes two big mistakes here. First he doesn’t check to see if the user exists, so a NULL username with a NULL password will return true in his programing (This is an exploit), also he doesn’t take into consideration sql injections.

The bad programing allows a user to easily login to his site without “permission” although his website clearly granted the user access. The sql injection opens a gateway into his database, allowing a knowledgeable user access to all his information, much like with the publicly store passwords file in his first website.

Now, the first scenario most people wouldn’t call that “Hacking” just because the information is publicly available because you can easily see it in your browser. If that argument is made, I can state that in the second scenario the information is also publicly displayed in my browser, it just takes a little knowledge, much like knowing about the password file in the first scenario.

So when it comes to hacking, cracking and exploding, whats illegal and what isn’t? You can say that both scenarios are hacking if you gain access to the information, but are both illegal?

I agree with everything you said, but cyber laws are still not clearly defined. You can relate them to laws in the “physical world” but its still so new, the internet has only been around for almost 20 years. Its much like pirating, a lot of people say pirating something is stealing it, but your not stealing it because the owner still has a copy. Its more like copyright infringement. Your using information / technology with out permission from the owner. Both are illegal but what is it really?

When you ask someone about pirating and if its stealing they will simple ask you this: If someone where to come to your home and make a replica of your 400,000 USD Corvette would you say they are stealing it from you? Probably not. However, Corvette would get on their ass because they using there design that Corvet have copyright too.

Just to make this clear, I’m not saying that any of this is legal. Just something to think about. The more I think about this kind of stuff the more it makes me want to switch my major and study computer security and cyber law.

The law changes very quickly in this regard - not as fast as technology, but fast.

So technically looking at anything you aren’t supposed to look at gets very close to being illegal. Prosecutable, however? Or even worth investigating? That’s another story entirely.

As to copyright and “intellectual property” law, certainly piracy is defined as illegal, but of course there is a philosophical separation between that which is illegal and that which is immoral. If you download and use software that you would not buy even if it were not available for free, it’s still defined legally as “copyright infringement” and illegal - but morally it isn’t tantamount to stealing, precisely because of the issue of harm. The company isn’t harmed, because they weren’t even theoretically going to profit in the future, and someone else wasn’t harmed because you made a copy, etc.

As for gaining illegal access, the Digital Millennium Copyright Act changed things in many ways legally in cryptography, because technically many security professionals are now defined as criminals because reverse engineering is part of their job, and the DMCA defines most such behavior as inherently illegal - even if you have purchased a copy of the software itself.

There use to be a fantastically fascinating blog on these issues called Law Meme by a Yale professor, but sadly it appears to no longer be online :(

The basic underlying theory of mine is the law will rapidly change to advance the interests of the wealthiest parties involved. The RIAA and their ilk have at times obtained themselves sickening degrees of influence and authority that nears on being a right to inquisition, and have thrown down heavily to violate the right to unreasonable search and seizure by trying to declare online activity something other than private or personal. The assumption of privacy, and all that.

I think it is perhaps one of the most interesting fields of law, precisely because it is so rapidly changing. It can also be one of the more infuriating, as decisions are often made not due to a deep understanding of the issues and reason, but heavy cash spending on the political system by wealthy interested parties.

Of course being the most interesting field of law isn’t saying much - I recall Jerry Spence stating that the legal education system is designed to purposefully drain the soul of passion, conviction, and morality. He’s a hoot 😊