July 12, 2018

The Ethical and Legal Dilemmas of Threat Researchers

1 min. read

Threat intelligence is mainstreaming into a de-facto everyday tool of cyber-defense. But all that intelligence must be collected, analyzed, and prepared by someone. Enter threat researchers, the advanced scouts of cybersecurity. They are becoming more numerous and conspicuous as more intelligence on illicit hacker activity is demanded. Threat researchers trawl through the dark web, pick apart malware, reverse engineer exploits, track outbreaks across the Internet, and set up honeypots to surveil attacker activity.

They also find themselves weaseling around in the slippery space between what is acceptable and what is forbidden. To get to the truth on the ground, they can find themselves using stealth, misdirection, and even outright deception. This is when threat researchers can find themselves in unpredictable legal and ethical situations with consequences that they and their employers never anticipated. I’m going to pose a series of scenarios based on actual threat researcher incidents to illustrate these dilemmas.

Read the full article published May 21, 2018 here: by Help Net Security.

Join the Discussion


Expertly picked stories on threat intelligence

Hundreds of apps will be attacked by the time you read this.

So, we get to work. We obsess over effective attack methods. We monitor the growth of IoT and its evolving threats. We dive deep into the latest crypto-mining campaigns. We analyze banking Trojan targets. We dissect exploits. We hunt for the latest malware. And then our team of experts share it all with you. For more than 20 years, F5 has been leading the app delivery space. With our experience, we are passionate about educating the security community-providing the intel you need to stay informed so your apps can stay safe.


9 hrs

a critical vulnerability—with the potential for remote code execution—is released.