Is crime 'ethical hacking'?
The next reform of the Penal Code keep intact article 197.3, according to confirmed sources WORLD Attorney General's Office. Popularly known as 'Law of hacking', Article 197.3 provides for prison sentences for those who break the security of a computer system. The problem, it takes time to generate controversy between hackers, lawyers, prosecutors and law enforcement, is that the law makes no distinction between the intentions of a criminal simply curious and knowledgeable computer security, that seeks to check the strength of the system without taking advantage of it.
A Daniel Martínez, 27 years old, Alcorcon, is known as' dan1t0’ community hacker Spanish. He works as an ethical hacker and security researcher and runs a popular online store t 'geeks’ (). One day, a colleague told him that Metro had a major Spanish city “things wrong, and I says to begin to look in depth”, explains. It started downloading all the documents that could be caught under the sway freely MetroNOMBREDELACIUDAD.this is: maps, plans, information on software… Enough to put their hands to the head.
According dan1t0, an attacker who obtuviese this information, publicly available, may “at least know the inner workings of the Metro, including network maps, equipment, infrastructure, and other details, considering that had hung everything bought and often describing how they did it work, electrical systems, security measures of certain facilities ..”. There was even a paper on how to access the computer network via a Metro ‘walkie talkie’ viaondas UHF.
The specifications for the award of projects, they were also open to the public, dan1t0 allowed to know who the key service providers and Metro, without attack, by a rapid sweep potential security flaws, discovered that it was possible to extract the same information on your client: “These providers offer services to the Metro and other companies, as video storage servers or PDAs Station Control, from which you can control all the lights, Paging, on and shutting off the exhaust smoke or stop the stairs”, He says hacker.
Under such conditions, knowing that “someone with time and bad idea could injure people”, reported that the young man had discovered the Civil Guard “so they spoke to Metro and take action”. ‘Dan1t0’ had known in Crime Group Telematics, who sought help for the entity being informed of the serious deficiencies, leaving him anonymous. The Civil Guard warned the entity, angry, responded reluctantly, arranging only part of the problems, as 'dan1t0': “Documents remain accessible, but it seems less”.
Has not been the first time-but certainly the most resounding- dan1t0 that has used the Civil Guard as an intermediary to warn of security problems. He claims to be very satisfied with the experience, but he is adamant about the 'law of hacking': “If a failure to report me meddle in legal problem, because I do not report”. According dan1t0, It is not a community problem hacker: “Those who have to fight and lobby to change this law are the companies that they believe is better than warn them to bust a rival network. The only harmed them are because I, with no report, I meet the law, but they are left with the decision”.
They also have a stake in this tax discussion, lawyers and security forces engaged in cybercrime. These groups are currently divided over whether we should create a “Grey Zone” under the Penal Code, with a special status for the call ‘hacker ethical', treated as “the person who uses his computer skills and safety to test and find vulnerabilities in networks, report them and then action is taken, without harming”, according to him Glossary of Computer & Internet. Companies specializing in IT audits also use this combination of words to get your employees.
Winning moment there who do not want an amnesty or special status for ‘hackers ethical’ and advocate that Article 197.3 it is the way it was in the reform of the Penal Code. And it will, as confirmed to THE WORLD sources Crime Information Service of the Attorney General of the State.
Yes there will be changes to Article 197.4, referred to the publication of images on the Internet taken with the consent of the, but his neighbor 197.3 will continue with the same drawn, at least until there is a consensus among key players or Europe explicitly send.
Community hacker It is also divided on this issue, between those thick, marea y la ‘Ley del Hacking’ are warning of the failures that are, using intermediaries so that their identity is not known , and those who have given up, not only because of this law, approved 2010, but long before, for how companies typically react when the alerts of problems in their computer networks: at best they ignore the warning hacker and, at worst, report it. La ‘ley del hacking’ simply puts them second option easier.