Has anyone ever considered hacking to do good?
Yes, often.
What i mean is, lets say you wanted to target pedophiles.
I've done this for years; look up a group called 'EHAP'. It's long since dissolved but some of us still participate.
You could pretend to be a young girl on a chat site and wait for someone who clearly has an intent to do wrong. Then you'd have to play along with them for as long as needed to gain enough infomation about them like their email address. Then i would create a payload and get them to click a link to download it then you'll have access their computer.
I very much doubt you'd be able to get anything off their computer that you could give to the police to actually get them arrested (without the spotlight being put on you) but you'd be able to say, format their hard drive(s) or gain access to sites they use i.e facebook and expose them.
Social engineering is one method but it's most often utilized by legal authorities. As hackers, we're usually looking to exploit the target's systems and comb through stored information. A lot of people use encrypted archives to store images & videos so tiny monitoring software can help locate caches of applicable data. Once a data cache is located, the information is relayed(through various means) and if the cache is small enough, it's uploaded to a remote system(sandboxed, because people can be clever) for private review. Once there's evidence, further information is obtained as to the identity of the person and other activities that might be of interest to the authorities. Eventually, all of it is packaged together and 'anonymously' handed over to the authorities. It does tend to go a bit further than an 'anonymous tip' but the authorities are always required to perform their own investigation. Of course, performing an investigation is much easier when someone hands over all the passwords, connection information, etc. The only thing they really need to do at that point is ensure that the illegal behavior is still ongoing.
You could look at it like fighting fire with fire, and bottom line, is you're doing a good thing if you could take one more pedophile out of the mix.
I'm interested to know what your thoughts are on this.
Comm4nd0
I don't exactly see it as 'fighting fire with fire'. Instead, I prefer to view it as a quick tour of the flames of hell that they should become comfortable with.
Thats gray hat hacking. It happens all the time.
It can fall into the scope of gray hat hacking but that's not, by definition, what gray hat hacking is.
It's illegal because what you described would be called entrapment so it's not "good" and no police or government will ever condone it.
To my knowledge, there are no real entrapment laws anywhere in the US that prevent authorities from using such tactics. However, private citizens do not necessarily have the authority to do such things alone. Police forces and governments all across the world do use these tactics on a near daily basis. The concept of an 'entrapment law' is fictitious and popularized by Hollywood. Also, if there were entrapment laws as they're purported by Hollywood, many 'sting' operations(particularly those using recorded conversations) would be illegal and the details obtained would thus be inadmissible in court.
CLEARLY i do! no need to be a dick about it.
You're absolutely right, there's no need to be a dick about it. I don't think that was Geoff's intention, though.
i thought grey hat was just hacking anyone but then not causing damage and also, you might let them know about it, anon of course. that's what i've done in the past. i mean't specifically targeting people who are doing wrong.
Actually, gray hat hacking is kinda the 'lawful/neutral/chaotic-neutral' concept. That is; a gray hat hacker tends to follow their own ethos, if they have one, but in general is not otherwise categorized by behavior. To be more plain; I'm unlikely to destroy data or cause harm to a system or network but that doesn't mean that I'm going to ask for permission to attack. On the other hand, I may decide that a particular entity is deserving of some form of retribution. I may hack on behalf of something that I believe in but in general I'm not out to hurt anyone. It's still information that I'm after.
The concept of 'gray hat' can seem a bit obscure, at times, and so it is defined primarily by not fitting into the 'black' or 'white' columns with absolution but rather permits behavior of both. It's not really a "I do what I want" thing. On the other hand, it should also be noted that 'hats' like these are almost intolerably ridiculous and should be avoided. Each hacker is an individual and they have their own reasons for doing whatever it is that they do. Trying to classify someone only serves to limit them and then suddenly it becomes hard to understand when people cross one line or another. I'd suggest just pretending that 'hats' don't exist in this sense.
Are there groups out there that do this kind of thing? working outside the law to take down people who are breaking the law.
EHAP, as mentioned above. There are several others. Note that it's usually far less about targets who are breaking the law and more about personal motivations or trying to enact justice for some sense of wrongdoing. When I was much younger, I was responsible for a series of things that ended up taking quite a bit of money from a number of innocent individuals. It took me quite a while but I was eventually able to restore the money to those individuals by means of hacking. In other cases, a company or group or individual who has done something harmful to others may have had a digital visitor at one time or another.
Ever heard about the skid group called, Anonymous?
"Anonymous" is a moniker used by numerous groups and individuals. As well, I think it unfair to call them skids since the purpose of the moniker is to avoid identification and thus it unfairly attributes behavior to all where only a few may actually qualify. That'd be like saying EvilZone is a group of noobs & skids when that simply doesn't apply to everyone here.
Why not just practice random acts of kindness in general.
You don't need a computer for that.
Awesome! Cookies for you!
Instead of lurking for pedophiles (or pretending your a 12 year old girl, practicing cyber-sex),..
Isn't that what MMOs are for?
..why not find companies that no longer need their computers and re-purpose them for schools that cannot afford to buy new computers?
That's quite a bit more difficult to do illegally than legally. Illegally, you're ultimately talking about theft, which likely involves breaking & entering..and being chased and potentially caught. Legally, however, you're talking about giving the companies a tax break for donating to charitable causes.
Or offer your computer skills pro-bono to low income families.
Hmm... I wonder what tasks would be requested.
Much better ways to do good then to target people that look at baby-porn.
True. But please realize that it's not merely people 'looking' at images that are the problem(and therefore targets) but rather those who participate in sex trafficking, kidnapping, forced prostitution, rape & murder of children, etc. At least for me, those are the people I try to target. Every now & then you do get the basic perv who has a few [dozen] images but otherwise does no other real harm. For those individuals, I may collect some information in case it's needed at a later point(like where they got their images) but generally I'll just replace all their images with advertisements for
http://www.virped.org/ and call it a day. I know several people that are far more adamant about 'enacting justice' even for such light offenders but I'm a firm supporter of permitting people to make reasonable, responsible & informed decisions to correct poor behavior before it gets worse.
Of course, most people also seem to forget that, except for the last few centuries, 13 was considered adulthood and if a female was unmarried by the age of 18, she might be branded unfit and could have been 'rightfully' put to death. However, I fail to recognize any point in human history where a 6 year old was considered viable for mating.
So..to wrap it up... Hackers performing 'good deeds' is certainly not a new thing at all and I, for one, encourage it.
