The US Department of Justice (DoJ) has softened its attitude towards ethical hackers.
Hackers conducting “good faith” security investigations will no longer be charged under the Computer Fraud and Abuse Act (CFAA).
The Department defines “bona fide” security research as access to a computer solely for the purpose of “bona fide testing, investigating or correcting a security breach or vulnerability, when such activity is performed in a manner designed to avoid any harm to individuals or the public.” .
What is allowed now?
However, the Ministry of Justice emphasizes that the claim that it is conducting a security investigation is not a “free pass” for those who act in bad faith.
For example, the Ministry of Justice clarified that the detection of vulnerabilities in devices to blackmail their owners, even if claimed as “research”, is not bona fide.
The policy advises prosecutors to consult the Department of Computer Crime and Intellectual Property (CCIPS) of the Department of Criminal Affairs on specific applications of this factor.
The Department of Justice has also been able to confirm that certain activities will not be enough to acquit federal criminal charges.
These include creating misleading profiles on dating websites; creating fictitious accounts on rental, housing or rental websites; using a nickname on a social networking site that prohibits them; checking sports results at work; payment of bills during work; or violation of an access restriction contained in the terms of service.
All federal prosecutors who want to file charges under the Computer Fraud and Abuse Act must follow the new policy and consult with CCIPS before bringing any charges.
Prosecutors must inform the Deputy Attorney General (DAG) and in some cases obtain approval from the DAG before filing a CAFA indictment if CCIPS recommends not to do so.
The new policy, which enters into force immediately, replaces an earlier one issued in 2014.
Independent hackers with white hats are increasingly playing a role in uncovering vulnerabilities in cybersecurity.
A wolf researcher named hyp3rlinx has found that some of the most popular strains of ransomware, such as Conti, REvil, LockBit, and many others, have a drawback that makes them vulnerable to DLL hijacking.
https://www.techradar.com/news/ethical-hackers-no-longer-face-prosecution-in-the-us/
/cdn.vox-cdn.com/uploads/chorus_asset/file/8964133/acastro_170731_1777_0006_v1.jpg "Two more executives are leaving Apple")
