- Daily & Weekly newsletters
- Buy & download The Bulletin
- Comment on our articles
Belgium puts protections in place for white-hat hackers
"Ethical" hackers who break into computer systems just to probe for weaknesses will be able to benefit from legal protection as long as their activities are private, proportional and immediately shared with the affected party, the Belgian Center for Cybersecurity (CCB) has announced.
So-called “white hat” hackers, who penetrate closed-off computer systems to identify potential vulnerabilities, have been discouraged in Belgium until now by broad anti-hacking laws that penalise all forms of computer hacking as a criminal offence.
Guillaume Deterville, who has been a hacker since he was a teenager, made no secret of the fact that he had made so-called “ethical” hacking his life’s work. He told RTBF about an instance where he claims to have had access to all the data from the main official education portal in the Wallonia-Brussels Federation.
“At the time, I had contacted the administrator of the site and it went very well,” he said. “He was very nice and more interested in increasing his cybersecurity, but he could have, at that time, filed a complaint against me and I would have been at fault.”
Deterville said that he thought the decision would give hackers more room to use their powers for good.
“There was a loophole that came out a few years ago that concerned major Belgian hospitals,” he said. “And they suffered computer attacks because of this loophole. If this law had been in place at that time, the [hackers] could have warned vulnerable people, anticipated the danger – and the hacks would probably not have occurred.”
According to the CCB, any intrusion into a private system must be “proportionate” – that is to say, limiting itself to identifying and proving the vulnerability without going further, such as collecting data.
The hacker must also inform the organisation in question, as well as the CCB, as soon as possible. The information cannot be made public, not can it be monetised in any way.
The Penal Code remains unchanged and any attempt at hacking that does not meet these conditions remains liable to conviction.