Ethical hackers can now legally hack Belgian companies

Ethical hackers test the security of systems and networks operated by commercial companies and government bodies in order to reveal vulnerabilities.  The companies are then alerted to the issue so that it can be resolved.  Ethical hackers are seen as a force combating cyber-crime.

VRT spoke with ethical hacker Inti De Ceukelaire: “Until now we needed a company’s permission to start hacking.  We had to be asked to test the security of their systems”.

Starting today explicit permission isn’t needed, but this doesn’t mean there is now a free for all.  The new law only deals with Belgian companies.  Hackers cannot put their energy into hacking foreign businesses just yet.  Moreover, ethical hackers are bound to alert the company to any vulnerabilities found within 72 hours.

The ethical hacking shouldn’t be seen as a way of generating revenue for the hacker.  Ethical hackers aren’t allowed to identify vulnerabilities and then send a bill for their work! “It’s clear in the law.  You are not allowed to request a reward.  That would boil down to a ransom” says Inti.

“I’ve been looking forward to this for a decade now, but I haven’t got a hitlist of companies I want to teach a lesson!  I will be able to check the security of systems operated by companies where I am a client!”

Inti doesn’t believe ethical hackers will abuse the new law. However, it should become clearer which Belgian companies have good cybersecurity and which haven’t.

“In Belgium there are some 3,000 ethical hackers. They will now be able to discover whether the data of ordinary citizens is properly secured.  If the government comes forward with a new corona app, ethical hackers will be able to test it. Legally”.

“Many companies are ignoring the issue. As long as there are no problems, they think they don’t have to resolve anything and don’t need to set funds aside to pay for it”.