Ethics, Code of Conduct, and a Disclaimer

I am not responsible for the actions of my readers. What one decides to do with any knowledge gathered here is also none of my business. Remember to watch your back. Do not break the law. It seems like there’s always bigger fish out there nowadays.

This short blog post is mainly for my local neighborhood, but these words may one day benefit a larger global audience.

“With great power comes great responsibility.”

“Never bite the hand that feeds you.”

“What goes around comes around.”

“You reap what you sow.”

“Money is the root of all evil.”

“Give back to the roots.”

“Keep your friends close and your enemies closer.”

“The best offense is a good defense”

These are a few sayings that come to mind when we hackers are problem solving.

It is not always simple. Every once in a while you come across a gig or calling which may embody a morally gray area. Sometimes things get too deep and creepy out of nowhere. It is wise to stay conscious and avoid these situations at all costs.

So far, this 2022 alone, using basic mobile packet sniffers and process monitors, I’ve uncovered two separate nasty FUD android malware strains on unique isolated smartphones. Also, ClamAV picked up several other samples present in some of the PlayOnLinux packages on a lightly used debian VM. Furthermore, around Christmas time a random browser exploit hit an acquaintances supposedly-updated windows box and hijacked admin rights in front of me. LOL that was gross and luckily I was there at the right time to contain the infection.

Always double check your opsec. Wireshark is a great ally. Also ClamAV is worth any serious linux user’s time.

Say, if you find remnants of a large lurking predator on a personal system maybe it is definitely worth dissecting the sample, yet not worth pwning the owner of that malware. Digging too deep into things can actually breed danger and mental illness. I have respect for a lot of the antisec folk to a degree because I know what they are capable of. They do serious damage, yet keep whole the scene going like an engine. White hats would be out of work without black hats. Finding FUD samples can cause a rush, but do not go opening up a can of booby-trapped worms on yourself or friend by accident. Some samples may not be worth the time or risk.

In addition, if you do not know what you are doing you should probably stay off of tor. Years back I uncovered it lurking in the background of someone else’s fully up to date windows system, and that person had no memory of even installing tor in the first place… Super sophisticated stuff is usually found swimming around there. Some of it would give you nightmares. Be careful, some tor nodes are safer than others for obvious privacy reasons.

When working for someone who has a wild imagination it is crucial to stay morally and legally grounded to your own cultural or familial beliefs. Do not lose yourself to the power of the skill-set. My dad, who owned a modest bookstore between the 90s and early 2000s, said to me “use the tool, but do not let the tool use you.” Do not be a script-kiddy. Stay true to the art form. I must recommend the timelessly classic articles and interviews found on phrack.org .

These pointers are stemming from personal experience. Do your absolute best not to break the law, but mistakes do happen. Be prepared for the repercussions if you do so. For example, even on large supervised teams of dedicated developers, data such as code can be easily be stolen or willfully backdoored by just one individual.

Sometimes a skilled hacker learns that even the police are incapable of doing anything about a large problem. Take the entire prison-industrial-complex for example. In some parts of the world this system is crooked to the bone.

Final disclaimer:

Ethics, Code of Conduct, and a Disclaimer

Share this: