What if you pentest someone who unkowingly to you lies that they have authority?

[thelaw82134]

Client A signs a contract stating that he owns or is authorized to represent the owner of a Network. He asks a penetration testing company to crack it. After they crack it, recover the pass, tell him how to make it more secure; they find out it's not actually his network and now he has the password. Who is liable?


The contract they signed, says , among other things:

The client does hereby retain the provider for the purpose of providing Penetration Testing services on the client's computers and/or Networks.

The client has provided the provider with certain required information regarding the scope and range of the tests and the client hereby warrants that all information provided is true and accurate and that the client owns or is authorized to represent the owners of the computers systems and networks described in Form A. The client further warrants and represents that he/she is authorized to enter into binding legal agreements.

 

[army judge]

Your contract doesn't automatically protect YOU from liability.

You may have unknowingly aided someone in violating the law.


You would be wise to consult with YOUR attorney before proceeding further.

You could be at risk for large civil damages and/or criminal prosecution.

You'd be smart to stop taking snout this and admit nothing to anyone.

You need a lawyer.

You relied on an erroneous (if not fraudulent) representation, you failed you due diligence.

You are now at some risk.

That piece of paper is probably useless.

 

[mightymoose]

Unless the owner of the network claims some kind of damages then there is nothing to worry about.