An ethical dilema?

[msbachman]

And I won't be offering ANY information I'm sorry, this wasn't a post that was meant to turn into a social engineering practice session for people to see if they could find the website/check it for themselves. Needless to say I felt discomforted enough reading them.

Back up your claims with some modicum of technical knowledge or don't make them.

Maybe you did some 31337 hax to gain secret documents. Personally, I doubt it. If you re-read what I wrote, you might find more than a slight amount of disbelief in your claims scattered throughout.

The fact that you follow up these questions over the authenticity of your initial claims with "NO! Not going to give no info, might somehow be identifiable!" goes to show just how clueless you are.

You're saying you don't want the site identified, right after you came here contemplating exposing it.

In any sense, I wasn't even asking for any details about the company. Re-read my prior post and you will see that it is not asking for any detail that would not be common among several hundred businesses of the same sort.

More to the point, I was hoping to get a sense of your technical skills: WHAT you exploited, HOW you exploited, and more into WHY you exploited it.

As to the last of the three, you've given me no sense of whether or not you have much of a clue as to what you are doing. No details whatsoever about what sort of attack vectors were used at all: physical access? Malware? Web vulnerability? NONE OF THIS INFO WAS PROVIDED!

And so, I guess as a member of some months here, I should just buy into whatever claims you make of yourself without substantiation? Absolutely not. As far as I am concerned, you did and know nothing, because when I ask simple questions about WHAT and HOW you did it, you dodge the questions with the seemingly clever retort of not wanting to expose the client (hypocritical in and of itself, since the OP was about selling them out).

[sanddbox]

Wow. I've been staying out of this discussion just because it's so entertaining watching msbachman pwn the OP into nooblivion.

Seriously, I haven't found a single point of his I haven't agreed with.

[f1r3flie]

The fact that you follow up these questions over the authenticity of your initial claims with "NO! Not going to give no info, might somehow be identifiable!" goes to show just how clueless you are.

I don't think your argument is valid. He could, of course, say how he obtained these secrets, and you are right that he was posting about ratting them out to the government, but that's a whole different ballpark to ratting them out to some forum on the internet. I believe he should tell the government anonymously and no more. There's a chance he's just some skiddie trying to mess with us, but that's neither here nor there. This is a valid discussion for future reference, and if a charitable organisation is stealing money then the government should know.

[insomaniacal]

Not to take sides, but it really doesn't even matter if OP is legit, or just some guy who wants to spark a discussion on ethics. Sure, it'd be 1000x more interesting if it's true, and juicy technical details are nice, but this is a thread about ethics, not computers.

Now, if I was in this position, I'd anonymously report it. Like msbachman said, unless you know the organization very closely, its hard to determine what is or isn't appropriate. That's why I'd report it quietly to someone with the power to go in, take a look, and determine if any fraud has occurred. Obviously, reporting this to a media outlet is downright stupid, you could very well destroy the reputation of a legitimate charity, as well as increase your chances of being discovered.

[d3v11]

First off, know your employer's policies. Most importantly, know your nation's policies and laws. If you are absolutely certain that the information you obtained is proof of an actual crime, and not something you just consider immoral, unethical, or just shady, then there are a few things to consider:

How will this effect your career, family, and your own life?

If I don't report this within the confines of the law can I be held as an accessory to a crime or obstruction of justice?

If by reporting this information can I be given a subpoena to court?

Last but not least, my own personal opinion: If they're doing something both illegal and screwing over innocent people then let the dirtbags hang.

[brainiac3397]

Get paid for a job well done, then get a copy of those financial documents and report them to the appropriate authorities. Unless it's the mafia/mob or the cover of a top secret organization, you should be fine.

*Pardon the unintentional necro*

[anarchy420x]

I'm glad you brought up this topic because I thouroughly enjoyed reading it. This happened during one of my many breaks. However, did you not read the dates? This topic is close to 2 years old and closed, please don't necro.