‘Hacking’ legal in Belgium from now on: these are the rules | Tech

Hackers who found errors in companies’ systems could still be prosecuted for this in our country. Even if they did for the right reasons. After all, ethical hackers want to improve the security of those companies in this way, even if they do not work directly for them. But they were just as punishable as hackers who did it for criminal reasons, for example to steal and sell data. That will change from now on.

New legislation makes ‘ethical hacking’ legal in our country. There are, however, a number of rules associated with it. For example, hackers must report the vulnerability to the (Belgian) company in question as soon as possible. The Center for Cyber ​​Security must also receive a (written) notification. Hackers are also not allowed to go beyond what is necessary to discover the vulnerability. So they can mess around with a company’s systems, but only report that they have found a leak, for example.

Simply asking for money, or extorting the company to get a reward, is also prohibited. Then you go back into illegality. Ethical Hacker Cedric De Vroey: “I am very happy that this framework now exists. Until now, anyone who reported insecurity to a company that had no procedure for doing so was really treading on thin ice.”

Ethical hacker Inti De Ceukelaire of Intigriti is also relieved that there is finally clear legislation: “In fact, the obligation to report to the CCB lapses as soon as the company in question has its own policy for reporting and publishes it publicly, which is called a responsible disclosure policy. As a hacker, you immediately know what to do if you find something.”

HLN/Het Laatste Nieuws has such a policy. You can here find.

All ‘rules of the game’ can be found on the website of the CCB.

Ethical hacker points Autogids.be to data leak at 600,000 car fans: “I just wanted to help, but now I am accused of theft”

Hackers publish documents Geraardsbergen: “privacy-sensitive data leaked, reporting point for citizens set up”