A Deeper Look at Hacking Laws

A deeper look into the german hacking laws to see what kind of actions are illegal. There are some surprising edge cases and lots of room for debates. Obviously this video is not legal advice. I forgot about StGB 263a “Computer Fraud“ in this video. It’s also interesting to speculate about interpretations, however it focuses on financial losses and your intention to enrich yourself. So as security researchers it’s less applicable, because we don’t look for financial gains. Useful links: Translated German Criminal Law: Der Hahn erklärt Cyber-Strafrecht: 00:00 - Intro and Motivation 01:15 - German Criminal Law 02:57 - StGB 202b - Phishing/MITM 03:55 - StGB 202c - Collecting Credentials 04:33 - StGB 202a - Hacking 04:59 - Example #1: Basic IDOR 06:20 - Example #2: Path Traversal 07:01 - OPTAIN ACCESS to Data 08:25 - Example #3: Minecraft log4shell Scanning 09:30 - Example #4: Technical Limitations? 10:44 - “Vulnerability“ or “Exploit“ not part of the Law 11:38 - Hacking Attempt is NOT Punishable 12:41 - StGB 202c - Hacking Tools 13:50 - Interpretation by German Federal Court 15:49 - StGB 303a - Data Manipulation 16:50 - StGB 303b = Computer Sabotage 17:13 - Example #5: Hacking a Bank! 18:41 - Hacking with Permissions? 19:50 - Conclusion -=[ ❤️ Support ]=- → per Video: → per Month: -=[ 🐕 Social ]=- → Twitter: → Instagram: → Blog: → Subreddit: → Facebook: