

Ask HN: can you get arrested for just attempting to "hack" a website  - wololo_

So basically, I got caught injecting stuff in my school's website and got caught by their logs and they want to take me to court (In Canada).
Are they allowed to do that  ? I didn't manage to grab any info or data at all and my Intentions was to test their webserver for vulnerabilities.
Thanks.
======
citruspi
Obviously, I'm not a legal expert - talk to a lawyer.

However, I believe they do. As you said, you were "injecting stuff," which is
malicious activity.They don't know that you didn't have a malicious intent,
and unfortunately you have now way of proving that. In general, you should get
"approval" for penetration testing from the website's owner.

For example, I'm close friends with the Systems Administrator at my school, so
whenever I feel that there's a vulnerability in the network, I just tell him
and he either allows me to show him, he tells me that I'm wrong and explains
the precautions they take against that attack, or he tells me that it would
work, but not to do it.

