Please give me the password to your regular email account so I can read your emails. I won't delete any of them, but your email server is not a house, and I should have the right to read your emails.
A right? I didn't say they have a right. They hacked into. Did the US/Israel have a _right_ to use Stuxnet against Iran? No. They hacked into. When did you accuse the US secret service or hope that they will be punished? Double standards?
I won't give my email or its password to you, but if you can find it, hack it and decrypt my emails, then it would be only my fault, and you will have my respect.
You're not getting it. No one is saying that Stuxnet was "right". That conversation is set in an entirely different context than the Linode hack. Iran is seeking to produce a nuclear weapon with the openly stated goal of launching it against another country. There is no segue from Stuxnet to this Linode hack.
"Fault" is not in question here either. Let's say I leave my front door unlocked. If you enter my home without my permission, you have trespassed and can be charged with a crime. The only thing I would be "at fault" for is making a lackluster attempt at securing my home. I don't forfeit protection from trespass under the law for that act though.
You see, locks are not what govern access; laws are. HTP is clearly in the wrong here. They forced entry in to Linode's systems, then attempted to extort Linode in an effort to achieve their goals. Swap out Linode's servers for Linode's offices, and there's no question that HTP are operating outside the boundaries of ethical behavior.
I admit Stuxnet was a bad analogy to black hat hacking. But either is the analogy of hacking into a server and physically trespassing into a private property.
The main goal of my comments is to object to the opinion that hacking is somewhat comparable to physical break and enter actions. This is an age where one can find himself in prison for tens of years for hacking and getting access to information (the prospects of Aaron) or even for IP violations, as it were a murder or rape.
Being in an underground hackers crew is much fun and possibilities to learn things for young men who are smart and different than their friends. Those guys and gals are the future top-class engineers at Google and other IT giants and I want them to continue hacking and growing personally and professionally, not rotting in the prison.
You keep getting buried because you've hitched your wagon to the wrong horse. Your core argument seems to be that punishment for hacking is often disproportionate to the crime committed.
For example, poorly written laws make even simple port scanning a risky activity. I agree that this is ridiculous, but you needn't defend HTP here in order to take that position. If anything, HTP are to blame for the overreaction from policy makers. They are having a very difficult time distinguishing between mischief and mayhem.
The law should take context in to account. If you were caught exploring an old, abandoned warehouse, you might end up with a misdemeanor trespass charge (hopefully), but if you're caught probing a corporate server, the current climate seems to dictate that you'll land a felony in short order. You've got groups like HTP to thank for that because of their extortion activities and willingness to leverage the well being of innocent people in their trivial games.
> Being in an underground hackers crew is much fun and possibilities to learn things for young men who are smart and different than their friends. Those guys and gals are the future top-class engineers at Google and other IT giants and I want them to continue hacking and growing personally and professionally, not rotting in the prison.
Or the next members of the many criminal syndicates on the internet who steal/harass/blackmail with little regard of the consequences.
Offtopic, but have you got a source for "Iran is seeking to produce a nuclear weapon with the openly stated goal of launching it against another country."
I had a quick look on the Wikipedia page but couldn't see anything there.
This is the world stage, so objectivity is hard to find, but there is a substantial amount of posturing from Mahmoud Ahmadinejad that shows a pretty aggressive stance toward Israel, if not open contempt [1].
That's really besides the point though. Anyone who seeks to boil "right and wrong" down to a simple principle that applies in all cases is holding simplicity above practicality. "Simple principles" are no more sustainable than utopian ideologies. The reality is that right and wrong are subtle and contextual. Bringing Stuxnet in to the Linode discussion is just an effort to sidetrack the topic.
Any way you slice it, HTP has dragged "innocents" in to the fight. It's not right when governments do it on the world stage. It's not right when thugs and gangsters do it by terrorizing neighborhoods with gang violence. It's not right when crackers do it during their internet turf battles.
I do see you point about the inferred goals of Iran, it's just the statement "openly stated goal" is untrue and I think it's important to be accurate about these things where we can be.
I certainly agree with you about the actions of HTP being unethical.
> I won't give my email or its password to you, but if you can find it, hack it and decrypt my emails, then it would be only my fault, and you will have my respect.
Ah yes, the "might makes right" philosophy that we all know and admire from primary school.
Not everybody believes in rights, per se. He did put scare underscores around the word. Just saying, if you believe your position to be the moral high ground, you shouldn't need to mischaracterize the positions of others.
Did you honestly just use militarized cyberwarfare as an example of legitimate black hat?
The US/Israel are involved in a proxy war with Iran that involves cyberwarfare, clandestine operations and conventional military strikes (in the case of Israel striking Iranian-sourced Syrian weaponry).
It's an extremely poor example to use open cyberwarfare between nations engaged in everything but overt warfare to attempt to legitimize black hat hacking.
I'm curious how you would classify China's crack teams engaging in industrial espionage. Is that black hat activity, or legitimate cyberwarfare by a nation-state?
I think criley's point is that if your activities closely resemble international warfare, they probably aren't "legitimate" by any reasonable standards.
I won't give my email or its password to you, but if you can find it, hack it and decrypt my emails, then it would be only my fault, and you will have my respect.