A Deeper Look at Hacking Laws

2022-07-03

[public] 13.8K views, 5.42K likes, dislikes audio only

A deeper look into the german hacking laws to see what kind of actions are illegal. There are some surprising edge cases and lots of room for debates.

Obviously this video is not legal advice.

I forgot about StGB 263a "Computer Fraud" in this video. It's also interesting to speculate about interpretations, however it focuses on financial losses and your intention to enrich yourself. So as security researchers it's less applicable, because we don't look for financial gains.

Useful links:

Translated German Criminal Law: https://www.gesetze-im-internet.de/englisch_stgb/

Der Hahn erklärt Cyber-Strafrecht: https://www.youtube.com/watch?v=EDqOCxdJSPE

00:00 - Intro and Motivation

01:15 - German Criminal Law

02:57 - StGB 202b - Phishing/MITM

03:55 - StGB 202c - Collecting Credentials

04:33 - StGB 202a - Hacking

04:59 - Example #1: Basic IDOR

06:20 - Example #2: Path Traversal

07:01 - OPTAIN ACCESS to Data

08:25 - Example #3: Minecraft log4shell Scanning

09:30 - Example #4: Technical Limitations?

10:44 - "Vulnerability" or "Exploit" not part of the Law

11:38 - Hacking Attempt is NOT Punishable

12:41 - StGB 202c - Hacking Tools

13:50 - Interpretation by German Federal Court

15:49 - StGB 303a - Data Manipulation

16:50 - StGB 303b - Computer Sabotage

17:13 - Example #5: Hacking a Bank!

18:41 - Hacking with Permissions?

19:50 - Conclusion

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Instagram: https://instagram.com/LiveOverflow/

→ Blog: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/