312-50V11 · Question #404
A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him
The correct answer is A. Say no; the friend is not the owner of the account.. A CEH must refuse any engagement involving unauthorized access to accounts, regardless of the requestor's personal relationship to the account holder or stated justification.
Question
A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response?
Options
- ASay no; the friend is not the owner of the account.
- BSay yes; the friend needs help to gather evidence.
- CSay yes; do the job for free.
- DSay no; make sure that the friend knows the risk she's asking the CEH to take.
How the community answered
(36 responses)- A86% (31)
- B3% (1)
- C3% (1)
- D8% (3)
Why each option
A CEH must refuse any engagement involving unauthorized access to accounts, regardless of the requestor's personal relationship to the account holder or stated justification.
The friend has no legal ownership or authorized access rights to her husband's email account, meaning any access would violate the Computer Fraud and Abuse Act (CFAA) and similar laws that prohibit unauthorized access to computer systems. A CEH's ethical code strictly limits work to authorized engagements, and personal motivation or relationship does not create legal authorization. Performing the access would expose the CEH to criminal prosecution.
Gathering evidence through unauthorized access is illegal and inadmissible in court; the stated legal goal does not justify the unlawful means.
Performing the unauthorized access for free does not eliminate criminal liability - the act itself is illegal regardless of compensation.
While the CEH's personal risk is a valid concern, the primary and sufficient reason to refuse is that the account owner has not authorized the access, making it illegal.
Concept tested: CEH ethical obligations and unauthorized access prohibition
Source: https://www.eccouncil.org/code-of-ethics/
Topics
Community Discussion
No community discussion yet for this question.