I don't think Newagg stands a chance. The hackers didn't hack a third party IT network/system. They hacked a train that was owned by the railway company, not Newagg.
Some railway specialist also noted that some of the trains that were publicly known to be part of this have explicit registrations that make the owners also fully in their right to decide about their maintenance.
Personally I object to calling it hacking (it the popular/mass media sense).
If a company hires me to inspect their systems, and it's not shady (i.e. everything seems legitimate), then I'm not hacking anything. It's really no different to working on a CRUD (well, it's more interesting :)).
There might be some legal provisions (DRM laws, some EULA, etc.) that muddy the water. But that doesn't change the fact, that I can't find any ethical problem with what the Dragon Sector folks did[1]. And for me hacking is something unethical--criminal aspect is secondary.
Ethical hacking is a thing. And it is definitely hacking in the sense that they did something someone attempted to prevent them to do, and from a technical standpoint, it is not much different to what criminals do. Hacking a train so that it accepts third party repairs and hacking a credit card reader to steal your money make use of the same techniques. And for me at least, hacking is about technique, not ethics.
The ethical distinction is between white hats and black hats. The people in the article are white hats, that is, they work legally, ethically, and they are open about their activities.
Note: I mean hacking as it is most commonly known now. Not MIT-style hacking.
What I meant wasn't about HN, but about the "outside" world--I don't think "hacker" is a positive word among general public. And they did positive work--they helped train companies and revealed some Bad Stuff going on. If police takes someone's computers, then it's forensic investigation performed by forensic investigators, and not hackery performed by hackers.
But of course on technical forums like HN we call it hacking ("we" includes myself).
To address some of your points:
> they did something someone attempted to prevent them to do
Well, Newag claims they didn't add any shady stuff to the firmware, i.e. they didn't prevent anyone from anything. Which means Dragon Sector didn't break any protection mechanism, they were just debugging potential glitches! :)
I've debugged a lot of software in my life and no one has ever called me "hacker" for finding that missing CSS class :)).
> Hacking a train so that it accepts third party repairs and hacking a credit card reader to steal your money make use of the same techniques.
This is a very low level discussion ("low level" as in "assembler", and not intellectually, for the lack of a better word), but in this case there's one significant different--train firmware is supposed to be unchanged (according to Dragon Sector).
And credit card reader's fw has been modified.
So for me, again, they acted as forensic investigators/"debuggers".
> The ethical distinction is between white hats and black hats. The people in the article are white hats, that is, they work legally, ethically, and they are open about their activities.
Yes, I agree. But I would still prefer if the non-tech world called them something like "forensic investigators", as white hats are still a kind of hackers.
Yeah, you can't call this hacking. This software is operating according to specifications, as far as we know. The hacking was from the guys who uncovered this, much appreciated.
However, this was a huge step backward. The company bypassed the legal system via code, to add obligations, and secret functionality to the client. How was this found? By others who would and do circumvent the law for their own reasons.
These reasons might be as noble. Just. Enlightened.
Having spent some time online, I of course, am skeptical.
They have deep pockets - all they have to do is grind them down, and they win by default. What’s legal or not is practically irrelevant when you’re dealing with individuals vs a corporation.
The legal system may be quite different in Poland to whereever you are (assuming it's not Poland). Also many products these days have a licence/EULA that supposedly prevents you doing certain things.
Exactly opposite. EU high court ruled that you are free to decompile software to fix bugs etc. Also, in Poland at least, it used to be legal to even crack software that you own for the purpose of making backup copies etc (not sure how it is now)
