The Ethical Hacking Debate:
Professional Criminals or Criminal Professionals?
In the current lexicon of the cyber security industry, it's the so-called blackhat hackers who seek to subvert information for their own gain. On the other side of that coin are so-called whitehats, or "ethical" hackers. White hats disclose vulnerabilities to software vendors so they can be fixed; black hats use or sell them to other criminals to conduct crimes. While this may seem pretty straight forward, both the terminology and use of ‘ethical hacking’ have been under discussion since the 90’s, with both defenders and opponents found within both government agencies as well as the security industry. From a creator of new security technologies that challenges the global hacker community to hack into its system, to companies fining white hats for trying to help them solve their software vulnerabilities….
And then there is the grey hat hacker….The legal tussle between Apple and the U.S. Federal Bureau of Investigation (FBI) over access to the iPhone used by the San Bernardino shooter (which left 14 people dead) ended after authorities announced they had accessed the device. After much speculation over who provided the FBI with the mysterious solution, the Washington Post reported that it was a “gray hat” hacker who came forward to save the day for the feds. The hacker found a zero-day flaw in the iOS 9 software running on the San Bernardino iPhone 5C and sold it to the government for a one-time fee. This allowed the feds to bypass security features on the phone to crack its password..
Gray hats disclose or sell vulnerabilities to governments that will presumably use the vulnerabilities responsibly for the public good, although that is not necessarily the case. There are governments that use zero days to spy on dissidents, political rivals and others. There are Hacking Teams that are known for selling their espionage tools and zero-days to repressive regimes.
When it comes to good and bad, like black and white, there’s always a gray area. What’s the white and what’s the black? Isn’t hacking per definition illegal? Do we need the gray hacker; is there such a thing as the greater good…and if so who decides? What are the ethical considerations? Join us in the Ethical Hacking Debate to discuss the good, the bad and the ugly
• Cyber Security, where it all started : hackers, vulnerabilities, exploits, countermeasures, …
• Hacking a variety of things, with a purpose or just for the fun of it, resulting in a business?
• Black Hat hackers turning White, but what about the 50 Shades of Grey?
• What is Ethical in Ethical Hacking, and gradients up to Responsible Disclosure.
• Illegal grounds, court debates and interesting judicial implications.
• Towards legalization, setting the barriers and the level play field?
• Collateral Damage and other challenges?
• Where does science come in? Hacking scientists, and scientist hacking.
Some invited speakers (TBC)
• Ralf Benzmueller, GDATA
• Erwin Geirnaert, Zion Security
• Philippe Vanlinthout, Prosecutor
• Raj Samani, McAfee
• Jos Dumortier, Time.Lex
• Caroline Calomme, Brussels Legal Hackers
• Miguel De Bruycker, CCB
• Tommy Vandepitte, Practitioner
• Erwin Geirnaert, Zion Security
Wednesday June 28th - 2017, Brussels - The Ethical Hacking Debate : professional criminals or criminal professionals?
(part of the LSEC Annual Meeting 2017)
Participation to this event is free of charge upon prior confirmation via the registration page;
Participants interested in the handouts and presentations of the day will be charged a minor fee (121 €) to accomodate for the handling costs and taxes