Did Media Cross the Red Line?

The Red LineWith the recent buzz arround the pwnage of the fist Belgian telco operator, media are again surfing the wave of cyber-[threats|criminality|espionage|*]. They know that, today, an article with the word “cyber” in the title will attract more people! Usually, I try to not trust (or at least to be very careful) with the stories reported by media. When I see how they treat a subject that I understand, I’m really scared about what they tell me about topics that I don’t master.

This new story is feeding the press with “honeyed cakes” and we see more and more papers or reportages about “hacking“. Yesterday, VTM, a TV channel broadcasting in the Dutch part of Belgium, released a reportage about a vulnerable website of a Belgian city and the Russian Visa Handling Services (link to the video here – in Dutch). Shocking but that’s a fact.  Today, they released an interview of a bad guy (I won’t call him a “hacker“!) who explained how easy it is to break into a vulnerable website. The second video is here.

(Click to enlarge)

Showing a (very basic) SQL injection, a hidden face and distorded voice, I call this sensationalism! I can imagine that journalists are looking for stuff like hackers in a dark room eating pizzas in front of screens showing scrolling text files. But let’s focus on the bad guy now… I suppose he was contacted by a journalist who asked him if he would accepted an interview and to “play” a little bit in front of his camera.

There are two aspects that can be discussed here. The first one is called “ethic“. Yes, infosec professionals have ethical codes. Most of us follow them. Never, I’ll “hack” something (which does not belong to me) for fun or profit. The second one is the Belgian law. What demonstrated the guy is simply forbidden in Belgium. This guy could be prosecuted if the Belgian city decides to go to Court. Which connectivity was used? The VTM network or a Belgian ISP? There are great chances that the guy will be discovered. If the journalist asked to perform the illegal stuff, it could be prosecuted too. If you need to demonstrate attacks, do this in a closed environment and not directly on public resources. If you need to break stuff, train yourself in one of the multiple CTF (“Capture The Flag”) games organized online or during conferences.

Conclusions: Dear journalists and “bad guys“, please do not cross the red line!

10 comments

  1. Did you notice that the private data was blurred when it was on TV. I guess you did. But did you also notice that just before closing the item, the videocrew by accident to quickly removed the blur-effect which allowed us to see the data for 1 full second? Sounds not much but when reviewing the news, I managed to stop at the right spot. Of coarse this screenshot is been handed over to the privacy commision in order to take action.

  2. I find it better for my blood pressure not to own a television and not to read Belgian “media”. Relax. Take it easy. Focus on your hacking, not on what silly muggles are up to!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.