Anyone serious about learning hacking should make sure to go through all the relevant laws in their jurisdicitions. For those who are not so serious, it is even more important. Simply goofing around may be enough to rack up a hefty fine, probation or even a sentence. In germany, for example, simply owning a tool that can be used for hacking, is a crime. One may actually be convicted for downloading a freaking app. In the same country, a professional penetration tester or a 12 year old may be regarded as criminal hackers just because s/he downloaded Cheat Engine (I’m serious) or BackTrack OS. This is not to single out Germans but to show that imperfect laws still exist in almost every country’s constitution (Germans, don’t worry. I have a lot more laws to insult from all over the world. But we’ll leave these for another day) This problem depends on your geography only a little, but it is mostly global.
Why bother with all this legal nonsense? If you’re not the type to spend your life fighting pointless politics or start protesting around to change existing laws, you need to follow them. After all, what choice do we have? Jail? Sure, why not. If you aren’t against something, then by definition, you support it. Anyways, let’s leave politics for another website.
When it comes to hacking, no matter where you live, practically doing it means walking a fine line. But, before anything else, before the law too, you need to look after yourself and make sure you are aware of every possible consequence of performing a hack or anything even remotely related. From running batch files, which can wreck your computer to hacking a school’s server which can get you expelled to leaking NSA secrets which can open the eyes of the world, you need to tread carefully. When it comes to hacking, there is no universal definition of right and wrong. It’s different for the government, it’s different for the anonymous hackers group and it will be different for you and me. While we’re on this, you may have heard about the “criminal” anonymous hacktivist group and their “illegal” and “unethical” activities in the news and media somewhere. Take a wild guess, who’s definition of right or wrong does the media follow?.. The obvious can be surprising. Change your viewpoint and you can change your world.
Coming back to the limits of legality, what all is legal for an average joe who wants to learn hacking? Although the exact answer will depend on your address (another bug in the matrix..), there are some general things you should keep in mind while learning and carrying out different hacking techniques, no matter where you live. These are not only to keep you out of jail but also to protect you from yourself. Since our lives will just keep on getting more and more dependent on technology, hacking is no longer just about hacking. Plus, it won’t hurt to double check what you’re doing won’t get you in trouble.
•Know what you’re doing.
Whatever the hacking method you’re trying to do, it can never hurt to know a little more than what you need. You just might end up saving yourself a lot of trouble. Just one misplaced command in a batch file virus could spell disaster. As a rule of thumb: If you don’t know what you’re doing, don’t do it. In the world of hacking, it’s easy to get carried away, specially when you try out something new, it works and you want more. Skipping the learning phase and moving straight to the doing phase is what turns potential hackers into script kiddies. In professional penetration testing, a small mistake in typing the IP address may result in you “hacking” into a whole different company on the other end of the globe. Clearly, they may not care about the difference between “pentesting” and “hacking” and your boss will find a lawsuit waiting to greet him. Actually, typos don’t really lead to lawsuits. The point is, a big firm can probably get away with a little mistake. You can’t. If you hack into some server or network where you don’t have permission, there is no justification for what you’re doing there (if you’re caught). Now THIS, looks more like lawsuit material.
•Know the consequences of what you’re doing.
This is an extension of the previous point. Before performing any hack, you should always try to visualize every step. See it in your mind, what all you need to do and what exactly is the expected outcome. You should try to avoid involving someone else’s property or devices when learning hacking. If you stick to what you know, you should always be able to predict what will happen. That will leave only typos and genuine errors. Hacking is not all that dangerous and unpredictable if you know what you’re doing.
•Don’t hack anyone without their knowledge.
It may be only a fun little trick for you, but for the other person it could be an invasion of privacy or perhaps a massive violation of all the trust they put in you, for the more dramatic ones. Not all hacking techniques can be tried on yourself for practice. Most can, but still some like those involving networking need more systems. It’s great if you can find a willing and trust-worthy friend and try hacking eachother for learning. If you ever consider trying larger and more elaborate hacks, taking written permission from all the involved parties is a good idea. For example (students), asking your computer teacher permission to simulate a DDOS attack in the computer lab, or perhaps the local cyber cafe. Another example, hacking public (protected) WiFi networks is illegal. You could try knocking on your neighbour’s door and advising them to switch over from WEP to WPA. This is what puts the “ethical” in “ethical hacker” and the chances of them giving you the new password by simply asking also increase.
•Know when to stop.
Companies hire penetration testing firms to check the security of their networks but almost always want them to stay away from private and confidential information, even if they have access. If someone were able to “guess” the facebook password of someone, it doesn’t give them the right to exploit their ability without regard for anyone else. With each passing moment, our lives are getting more and more integrated with technology making it extremely important to know when to stop.
•Know the law.
In normal hacking, you will probably never need to be worried about legal trouble but it won’t hurt to double check. To be extra sure, you can google up the constitution of your country or search for relevant laws regarding hacking.
That’s pretty much all a beginner hacker needs to know about the legal side of hacking. Once again, anything you do on your own computer that affects nobody else is usually safe (for others). As the world is increasingly interconnected, everyone shares the responsibility of securing cyberspace. Hence, it is better to be despised for anxious apprehensions, than ruined by superficial security (a little bit).