Expert: working as a “white hacker” can lead to criminal liability

MOSCOW, 18 Oct – PRIME. Any users who check computer systems in Russia for security, including white hat hackers, may be held criminally liable for their activities, Yevgeny Tsarev, an expert in the field of cybersecurity and law, who manages the RTM Group, told RIA Novosti.

Kaspersky told about new viruses under the guise of additions to WhatsApp

“Any use of programs that in one way or another affect the computer information protection system may result in criminal penalties. Persons with education and experience in the field of computer technology are at particular risk, since it is assumed that they are aware of the risks of using such software. In general, a criminal can become both an IT specialist who creates programs for checking Internet platforms and services for vulnerabilities, and any Internet user using network scanners or password guessing applications,” Tsarev said.

Read This Now:   The price of cryptocurrency directly influences the Bitcoin mining industry

He noted that all pentesters (specialists in system security analysis) use programs to check for vulnerabilities, and half of them – without the use of a contract or remotely (from home, for example). “And this is several hundred people across the country. But the main risk group is more than 10 thousand students of the specialty of information security and IT, who use such tools thoughtlessly. Almost every one of them scans on their own initiative at least once a year,” the expert specified.

Thus, according to the expert, programs that, according to the criteria, fall under “neutralizing security tools” (scanners, applications for decryption and testing security tools) are in a gray zone of legal regulation. It is important to use only certified software.

“The independent use of scanners and other programs from the Internet can be regarded as a crime, so it is better to delegate such a task to professionals involved in information security. Companies licensed to carry out technical protection of confidential information have experience in this area and understand the risks of using certain programs,” Tsarev said.

Read This Now:   Zaporozhye authorities announced the provision of the region with gas until October 15

According to him, a suitable option for identifying vulnerabilities is a pentest, which requires a competent drafting of a contract. In the documents, it is important to define in detail the subject and boundaries of such testing, to regulate the risks and responsibilities of the parties. This will allow legitimate security research and prevent future hacking threats.

Notice: ob_end_flush(): failed to send buffer of zlib output compression (1) in /home/gamefeve/ on line 5420

Notice: ob_end_flush(): failed to send buffer of zlib output compression (1) in /home/gamefeve/ on line 5420