Is Hacking Illegal? The Ethics Behind Penetration Testing

We see some recurrent questions across prospective cyber security learners. Is learning cyber security hard? Is learning to hack ethical? Is hacking illegal? Today we’re exploring some of the industry's common concerns.

In short, it’s entirely legal to learn to hack - plus, it’s a lot of fun, and these skills can open up incredible opportunities! Let’s discuss hacking.

What is hacking?

Hacking is simply the breach of computer systems' defences to gain unauthorised access. It is associated with cyber criminals and illegal activity, often with critical drivers being theft, financial gains, fraud, or blackmail.

Any individual, business, or government is at risk of being hacked. Frequent hacking techniques include phishing scams - where messages that guise as a trusted party contain malicious links or attachments, malware, ransomware, and denial of service attacks - which aim to make a network unavailable to users by disrupting host services.

Is hacking illegal?

In short - yes. Without permission, gaining access to data stored on a computer is illegal. For example, the Computer Misuse Act 1990 (in the UK) protects personal data from unauthorised access; even scanning a system without permission - whatever the intent - can be referred to as hacking. Using this data for unlawful activity such as fraud or money laundering can have serious consequences, although it can be challenging for businesses and governments to track down. Depending on the severity of the breach, sentences for hacking can be anything from an alternative sentence (such as community service) to life imprisonment.

However, learning how to hack is not illegal and should be a vital consideration to protect businesses and networks worldwide. In order to protect your websites from attack, finding vulnerabilities across networks allows them to be patched. Testing, or attempting to hack into your own systems like this (with permission,) is legal and can protect you from real-world malicious attacks.

The TryHackMe Offensive Pentesting learning path teaches essential technologies and methods to exploit them, industry-standard tools, and evaluation of systems to patch and protect.

Our ethics

TryHackMe was built to enable and empower anyone, anywhere, to learn cyber security. We make our services as accessible as possible, requiring only a browser for access. A part of this accessibility pillar is our minimal pricing. We are the most affordable cyber security learning platform on the market and offer over 350 free training labs. We also make learning cyber security fun - with gamified labs and challenges that users actively enjoy using. Our labs are suited to beginners with no prior experience through to seasoned hackers. We're the learning platform that grows with our users.

We understand that anyone can leverage training to boost their cyber security knowledge with these factors in mind. It wouldn’t be possible (or ethical) to screen every user and their intent. However, we support the development and protection of the industry with our services. We have hundreds of partners ranging across governments, schools, and businesses and regularly run workshops and CTFs to encourage learners into the market. With over one million users, we know TryHackMe is a brilliant tool to improve cyber security standards across regions.

We also support many initiatives that encourage and assist underrepresented groups in entering the industry. For example, we work with TechVets to support service leavers entering cyber and achieving jobs, and CyberGirls - who work with African girls in poverty to upskill and achieve well-paid careers.

How to learn to hack safely

The other element of learning to hack is the learner's safety and security. Based in the cloud, TryHackMe has over 500 rooms covering all aspects of cyber security. By utilising virtual machines in the cloud within our private infrastructure, there’s minimal risk of learners accidentally impacting live systems. Since these virtual environments are only accessible via our VPN or in the browser attack box, these vulnerable machines are not exposed to the public. Our red team rooms cover attack techniques and threat mitigation through penetration testing, and our blue team rooms explore system analysis and discovering vulnerabilities for defence.

We teach cyber security and hacking in practice - where you hack virtual machines in a real-world environment to get realistic, transferable skills in entirely safe surroundings. If you’re wondering how to get into cyber security or you want to try your hand at hacking into networks, TryHackMe can kickstart your learning journey and help you achieve high paying careers with your new-found skills.