In January 2013 the National Cyber Security Center in Holland came with a “Guideline” of Ethical hacking and Responsible Disclosure. Meant to draft steps (rules) and keep a hacker adhere strictly to these rules, if these rules should be met the organization will not follow legal steps. However, it is not a law, so the hacker can be prosecuted anyway.
Working in IT i’ve found many leaks, some were so bad i had to find a way to report them. Does this mean i’m a hacker?
The correct answer would be NO but the guideline makes no difference in this. I do not search leaks, i do not hack for open ports nor do i crack passwords of e-mail accounts. I simply do my job. But, according to the so-called Guideline, even when i do my job and find a hole in someones network i can be prosecuted. In my case, i’ll stop reporting.
But then came “HackersMeldpunt.NL”, a new websites organized by a bunch of hackers in The Hague (Netherlands) so that must be good! I would assume that hackers could guide me the way to anonymous reporting and staying out of trouble, but sadly – no. Reading the website i get the feeling they just *really* needed publicity and found this to be the way since they offer no protection at all. And, really.. These guys pretend to be hackers?!
Before you do any type of reporting, upload any type of file or even sent them an e-mail ; Please *be aware* of the following:
On there website it says very clearly:
” …. and is not affiliated with (government) organizations. … ”
There dead wrong on this one. Maybe they do not work together with the local government but since they are a Foundation based in The Hague they are bound to the Dutch law. There is absolutely no protection here, AT ALL. Actually they already knew this since they put this so obviously on there website too:
” … We have no statutory duty of confidentiality and in theory can be tapped our connection, and our archives can be searched. … ”
Right? Can you believe this? Here i thought these hackers would provide me anonymity and secure my safety! Thats what these guys do all day, right? Stay anonymous?! So Actually they have no confidence that they can keep information a secret from the government ?
And to make it even worse, they just want me to sent an e-mail with all my dirty laundry to “meldanoniem @@@ revspace.nl” .. Like, where is the protection here? I’m anonymous by using my GMail or what ?
This news report is disappointing, to say the least. There should be a hotline for leaks like this but it should be setup professionally, by people that actually know what there doing. This hotline could be of great value for company’s, our country and security as we know it now! And in regards to the new Guideline, there should be a big difference between people (employees!) working in IT discovering a leak by accident and a ‘real hacker’ (whatever that means after reading that horrible website).