Disclaimer: The following article is written for entertainment purposes only and should not be taken as official legal advice. It provides no guarantee that the exploits listed are legal in your jurisdiction or that they are legal in every context, only that the author has been able to do them openly without getting arrested. Consult with a legal professional before doing any of these things if you want a guarantee that you won’t face legal trouble as a result. I’m not a lawyer, just a smartass who has seen a thing or two.
Sometimes the purpose of hacking is not to achieve some definite nefarious objective, or even to prevent others from achieving some nefarious objective. Sometimes hacking is something you do for the lulz, or so you can say you did it. With that said, here are some forms of hacking you can (probably) do without having to worry about the feds showing up at your door…
- Spoofing attacks: A spoofing attack is any hack that allows you to masquerade as another IP address, MAC address, user agent, etc. Though not legal in all contexts (especially if being used to carry out a man-in-the-middle attack, as in the case of ARP cache poisoning), spoofing is a perfectly legitimate way to defeat the botnet and protect your privacy from corporate and government surveillance. It’s also occasionally useful if you get booted off of someone’s LAN. This happened to me once, and I spoofed my MAC address as de-ad-de-ad-be-ef and was allowed back in.
- Reverse engineering: Again, the legality of this one depends on the context. Most EULAs for proprietary software forbid end users from reverse-engineering and/or modifying their binaries and will at least revoke your license if they catch you doing it, but as long as you’re not actually distributing your cracked software, how are they going to find out? That said, software reverse engineering is not a criminal offense at least in the US, so the worst thing that could happen is you might get sued.
- Port scanning: Port scanning is a very complex and exploit-laden field of cyber-security that seeks to gain as much information as possible about a target computer or network. Your goal might be to gather information in preparation for an attack, or (if you’re the nosy type like I am) just to gather information. Over the years, various defenses have been incorporated into firewalls for blocking port scans, and port scanner programmers have in turn found ways around these defenses. The primary tool for port scanning is NMap.
- Packet sniffing: Although this could simply be used to diagnose a network problem, or to learn about networking protocols, it can, like port scanning, be used for reconnaissance purposes. And the best part is because the packet sniffer runs entirely on your computer, no one can find out you’re doing it. The preferred packet sniffer for most hackers and network engineers is Wireshark. If you want something you can run in the command line, I would suggest TCPdump.
- Digital forensics: Okay, so I wasn’t entirely telling the truth when I said I’ve done these things myself. I obviously have never worked in forensics and never will. No one would hire an insane person to do forensics work, since you have to be someone whose testimony can be trusted in court. It’s the same reason they won’t hire a convicted criminal to do forensics work (or anything of a legal nature for that matter). But if you are mentally sound and have a clean record, with nothing about you that a defense attorney could pick apart and use to discredit you, a career in digital forensics will give you license to hack into seized computers for a living, using a wide array of state-of-the-art spy tools. It’s not the glorious job people think it is though, and often involves wading through gigabytes of CP. Not a job I would want. But if you like the idea of using your computer skills to solve crimes, this might be something to consider.
- Digital antiforensics: There’s also the other side of the forensics coin – the counter-attack. There are a number of tools and methods that people can use to cover their tracks when doing something questionable, from erasing log files to deleting registry keys to DBAN’ing the hard drive. There are also some antiforensic methods that are totally not legal, like corrupting an NTP server to erase all the log files on a server you’ve just hacked. My preferred method of antiforensics is if I want to do anything I wouldn’t want the feds (or even the cops) to see, I do it in Tails. Tails is an antiforensic Linux distro that is a favorite of hackers and whistleblowsers alike; it runs in live mode, doesn’t save anything to your hard drive, and erases all evidence of what you’ve done when you log off. I also remove the battery from my Thinkpad and let it sit for a while to allow the IME backdoor computer to wither and die before I reboot, so that it can’t send anything out to the CIA until the contents of RAM are completely gone. Now that’s covering my tracks! 😛
- White hat hacking: Hacking someone isn’t illegal if you have their permission. The catch is you have to go through a lot of career-building and reputation-building first before you can get to the point where someone will hire you to pen-test their system. But it will give you all the intellectual thrills of finding holes in a system and exploiting them, just without the thrill of risking arrest if caught. And if convincing people that you’re a pro doesn’t sound like your thing, you can always compete in a bug bounty program. I’ve heard the Pentagon does things like this, where they hold competitions for people to try to break into their systems, and they will pay a bounty to anyone who can find a vulnerability.
- Your own pen-testing lab: It’s also not illegal if you’re hacking yourself. Having your own pen-testing lab at home can give you total unrestricted freedom in terms of the exploits you’re allowed to try. Although some exploits are impractical at such a small scale, there are ways to improvise, to scale down an exploit so it can be carried out on a private LAN. For tips on starting your own pen-testing lab, you can read my recently published article on the topic.
- Doxxing: Although this isn’t exactly legal (I would say it’s in the grey area), no one has actually been arrested for it as far as I know. As long as you’re just looking someone up and not doing anything to harass them, you should be safe. Now keep in mind, when I say “doxxing” I’m not talking about the typical methods of looking up someone’s username on different sites and looking through their contacts and other information. That’s not hacking. I’m talking about stuff that requires actual technical skill. For a list of doxxing methods, see my article entitled Getting Information on People the 1337 H4xx0r Way.
- Black hat SEO: This is a subject that is all-but forgotten in today’s world, mostly because the means used for black hat SEO have been largely eliminated. While not exactly a form of hacking per se, it does follow the same philosophy of exploiting flaws in implementation to achieve some end. Back in the day content creators used to abuse the search system by filling their keywords meta tags with superfluous keywords and similar forms of search engine spam. Now that search engines have gotten smarter, black hat SEO has largely gone the way of the dinosaur. However, search engines still fuck up quite a lot, and indeed I have been able to use various hacks that shouldn’t have worked but did, to trick Google into artificially inflating my rankings. I don’t spam Google with irrelevant content though; any SEO hacks that I use are ultimately well-intentioned.