Skip to content


Ethics and Introduction

Ethics in computer security.


  • Understand why you should behave ethically in the field of offensive security
  • Understand how to ethical behavior in the field of offensive security.


Disclaimer - This article does not constitute actual legal advice.

Hack a Bit is designed to teach you how to become a Security expert in a fun, challenging but supported environment.

  1. Be good. And hack things.
  2. Be good at hacking things.

When people think of hackers, they often think of something like this...

When hackers make the headlines, it's usually about some criminal organization breaching the systems of a large company or the government. Many people question why. The best security people know how to think like an attacker. Before we begin, we'll take a quick look at what it means to be an ethical hacker.



  • White-hat hacker - someone who hacks with good intentions. *With permission*, white-hat hackers attack systems to identify vulnerabilities and help make them more secure.
  • Black-hat hacker - someone who hacks with malicious intentions, usually engaging in criminal activity.
  • Gray-hat hacker - someone who hacks with good intentions but without permission or through ethically questionable methods.

Reasons to Choose White-Hat

  1. You can probably make more money. Many white-hat hackers will work as security consultants or find employment with a company looking for security professionals. According to Glassdoor, the average security engineer can expect a salary of $111,000. On the upper end of compensation, C-suite level positions in major corporations (CIO, CISO) earn millions of dollars.
  2. You avoid going to jail. There are a variety of laws in the US that allow for the prosecution of cybercrime, most notably, the Computer Fraud and Abuse Act. The government has been getting progressively more aggressive about prosecuting cybercrime in recent decades.

Examples of Cybercrime

  • Identity theft
  • Financial fraud
  • Blackmail
  • Ransomware/destruction of data
  • Adware/spam
  • Leaking software/data
  • Running botnets
  • Piracy, software cracks, and other warez

Rules to avoid Jail

We won't be discussing the specifics of the law, but if you

1. Don't touch things that aren't yours - Never attempt to exploit a system you haven't been given explicit permission by the system owners. In Hack-a-Bit, you will be provided an environment where you are authorized to attack systems--just like a traditional white-hat!

2. Follow the rules - When performing a penetration test, ensure you have a written Statement of Work (SoW) or Rules of Engagement (RoE) from the system owners with a well-defined scope. Systems that are not within the scope should not be tested.

3. Observe software licensing and EULA.

Bug Bounty Programs

Many companies have begun offering bug bounty programs, where they give you permission to perform security assessments of their software and systems. Many will even pay you for doing so! **HackerOne**, **Bugcrowd**

Responsible Disclosure

Even without a bug bounty program, it is still advisable to engage in responsible disclosure if you find a vulnerability in a system so that the issue can be fixed.

How to Responsibly Disclose

  • Contact the system owners and provide relevant technical details on the vulnerability you found
  • Give them time to fix the software
  • Make sure patches are released before publicly releasing information about the exploits


Ultimately, how you choose to wield your security skills will be your responsibility. We hope that you make good decisions along the way. Happy hacking! 😊

Extra Reading

Interesting Case Studies

The Law

Bug Bounty