The life of a white hat hacker isn't one I envy. They do an amazing job of uncovering security exploits that threaten us all, but whistle blowers who come forward too often seem to get the cold shoulder, or worse yet, labeled as criminals. This is the situation allegedly facing Goatse security , the firm that first reported on the iPad data leak that exposed over 114,000 iPad email accounts last week.
According to a Goatse spokesman known only as "Weev", "We did this as niceguy as we could. The Wall Street Journal wrote an article that implies pretty strongly that we are criminals. We did not publically release the dataset, we waited until we confirmed the system was secured before we went public with technical details. I hope they don't try to get charges pressed but if charges are pressed we will fight it and win".
A similar situation is facing a Google employee who recently exposed a vulnerability in Windows XP and was labeled by Microsoft as "irresponsible". It can sometimes be difficult to gage the intention of those who bring these exploits to light, and at least in this case, Google insists the employee in question was acting alone. Regardless of how you feel about each of the individual cases listed above, it raises interesting concerns about how to deal with situations like this in the future.
Are these guys criminals or heroes? Let us know what you think.