My eyes are caught when I read this news: “国内最大黑客培训网站两名负责人被捕“.
It is reported that the hacker training company “Black Eagle Security” (translated from its Chinese name “黑鹰安全网”) was shut down and that the company owner and general manager were arrested.
According to PRC law enacted February 2009, “提供专门用于侵入、非法控制计算机信息系统的程序、工具,或者明知他人实施侵入、非法控制计算机信息系统的违法犯罪行为而为其提供程序、工具,情节严重的,依照前款的规定处罚。” (Google-translate it yourself if you can’t read Chinese), it is illegal to provide hacking tools and training in China.
This case is rather controverial. In what circumstances is it being considered providing hacking tools? Say I am a security author and I am writing to teach people what is rootkit and how to protect against it. If I give code examples to show what a rootkit is, will I be prosecuted? I am not knowledgable in legal matters, but this kind of stuff makes me worried because it is subjected to individual interpretation.
So what is the practice in Western world? It’s probably quite different(let me know if you know about it).
Security and hacking is essentially the same thing viewed from different angles. So if you are a security enthusiate and you blog on internet security in China, be careful.