What are the legal ...
 
Notifications
Clear all

What are the legal limits to sending malware.

chriskincaid
(@chriskincaid)
New Member

Hello everyone,

 

Getting into a debate with a buddy and I thought it might be some good questions to bring to this forum.

First question. Is it legal to send people links to websites or programs (malware) which take advantage of vulnerabilities if you are honest about what the link or program does?
For example; I send out an email to some one with a message that says, "This email link attachment contains a virus, feel free to open it if you want." And if in fact the email attachment did contain a malicious script or something, would that be illegal?

Second question. Is it legal to send phishing emails that actually do nothing malicious. for example; the CEO of a large company sets up a email account external to the company systems and sends every one in his company an email claiming they have won a billion dollars in the Nigerian lottery. If a employee clicks on the link from their company email account it goes to a website informing them they have just been fired. Would that be illegal?

I feel the first question is no, it is not illegal so long as the malicious program does not do anything harmful, and does not spread beyond the original receivers system. But there is probable a lot of grey area in there.

I feel the second question is also no, it is not illegal so long as the company has very detailed company polices in place with explicit content informing employees they could be terminated for violations such as the one described, and all employees have signed a document claiming they understand said polices. But again, there is a lot of grey area.

What do you think?

This topic was modified 10 months ago 2 times by chriskincaid
Quote
Topic starter Posted : 14/02/2021 6:01 am
giandega
(@giandega)
Active Member

it depends of the law of the country. I think the first is illegal at least in Italy. we a article of the penal code about spreading malicious software.

The second I am not sure.

Generally talking, here in Italy to do a pentest you should have the customer sign a release. If you don't you can be charged about unauthorized access to a system and eventually detention and spreding of password

ReplyQuote
Posted : 14/02/2021 7:02 am
athulin
(@athulin)
Community Legend

Getting into a debate with a buddy and I thought it might be some good questions to bring to this forum.

First question. Is it legal to send people ...

Second question. Is it legal to send ...

What do you think?

Does it matter? Really?  If it does, consult a legal expert in the relevant jurisdiction, ... who will not stop at the information you provide here, but ask a lot more things before answering.

If it doesn't matter ... you might as well consult I Ching.

ReplyQuote
Posted : 14/02/2021 8:22 pm
Share: