The art of hacking can be legally and ethically ambiguous at times. For professionals, proper permission can make the difference between a paycheck and a prison term. Pentesters must work within the boundaries of a defined scope, which provides the parameters and restrictions of the penetration test. Violating the scope of a penetration test can lead to dire legal consequences.
However, legality isn’t the only consideration to be made. That which is legal is not always ethical, and that which is ethical is not always legal. It is vital that hackers consider the ethics of their actions, and the potential consequences those actions may have in the world.
The subject of ethics weighs heavily into discussions about the disclosure of vulnerabilities, hacktivism, state-sponsored cyber-warfare, “hack-back” legislation, and many others. These subjects are highly subjective and widely debated, and will continue to evolve along with technology and global views on ethics.
This guide is written for ethical hackers. To be an ethical hacker, one must have a code of ethics. The authors of this guide make no claims of moral or ethical authority. Your choices are your own. We urge you to cultivate and abide by a strong code of personal ethics, not just for hacking, but for life.