What are your morals on this one? Guy wants to pay me $3k to hack a competitor.

Discussion in 'Black Hat SEO' started by wasted, May 11, 2011.

  1. wasted

    wasted Regular Member

    Mar 30, 2011
    Likes Received:
    The Dream
    New York City
    Hey Guys,

    So here is the short and sweet edition to this story. I'm no where near a good programmer, but I know a good bit about SQL injections to gain control of a site. I use to do it for fun, never did anything harmful.

    I'm currently doing some web design for a client, it is a decent paying client. One of his competitors "f-ed" his life up at some point and he holds this grudge against the guy. Over coffee the topic of hacking came up, and he told me he would pay me $3,000 in cash to give him the access details to this guys site. I kind of nudged it out of conversation, but last night I was playing around and the guys site is in fact vulnerable to a SQL injection.

    I'm weighing out this decision, my moral beliefs are to steer away and just finish the web work and be gone with this guy. The $3,000 cash wallet is pushing me another way. Money is a bit tight.

    The way this guy said it made me believe he was going to down right ruin this guys site, I don't think I want to be apart of that. So my answer is leading more towards no, but I thought it would be interesting hearing your thoughts on the dilemma.


    So on the phone today with the original client he mentioned the hacking again. I told him that I did not feel comfortable with it, and turnover his site to him (I finished it this morning so I can get out of this). Told him that he had 7 days to pay the outstanding balance. I was assertive. He did agree with no problem.

    We ended on good terms, he was a little shocked that I wouldn't do it, I'm 25 and he is 48, so he figured that was a lot of money for me. He came back with $3500.

    He actually paid me today (so I was really happy about this).


    I actually went ahead and called the competitor and briefly stated,

    "I was designing a website for a client and they gave me your site as an example of something they would want. while browsing your site I noticed that it was vulnerable to hackers."

    He said, "ummm, ok , who are you with?"

    Me: "I'm just a web developer and security is something I'm proficient with."

    He said, "So what can a hacker do to my site"

    Me: "Well sir, I'm going to be honest with you. A hacker can gain full control of your site and spam it, delete it, pretty much do what ever they want with it."

    He said, "Ok I'll look into it"

    Me: "Yea definitely do, I can secure it up for you"

    He said, "No, i'm not interested"

    Me: " No problem, but before you go, just so you know you should change your password from XXXXXXXXX to something I don't know"

    He said, (slight pause), "wait...what? How the f--- did you know that".

    Me: "I told you, your site is vulnerable to attacks"

    He said, "How much does it cost to secure it"

    Me: $1000

    He said, "Call me in a couple hours".


    Pretty hilarious turnout, I don't know if I will close on the job, but the security is pretty basic for his site.

    Regardless I feel good about my decision, may even make some money.

    thanks for all your opinions, I pretty much made up mind before the post but I thought it was an interesting scenario.
    • Thanks Thanks x 11
    Last edited: May 11, 2011
  2. joshweaver9

    joshweaver9 Senior Member

    Nov 23, 2010
    Likes Received:
    Marketing Consultant
    I wouldn't do it. Times may be tough but if you are still debating it over 3,000, then that tells me you're not ok with it.
  3. Randy569

    Randy569 Junior Member

    Feb 3, 2009
    Likes Received:
    Missouri, USA
    I'd string the guy along until you get paid for the work you are doing for him now, so you don't get stiffed.

    Then, I'd get the hell away from the guy.

    If he's willing to take steps to screw someone over like that, he would damn sure stiff you if you tell him you won't do it.

    On the other hand, if you can live with yourself for screwing up someone else's hard work for $3k, well, just remember...

    What goes around, comes around.
    • Thanks Thanks x 6
  4. flaw3d

    flaw3d Regular Member

    Feb 10, 2011
    Likes Received:
    I agree with randy569 just work with the guy intill he pays you in full for the web work and then just walk.

    $3k is a nice chunk of change but not worth it overall
    • Thanks Thanks x 1
  5. jheyslow

    jheyslow Senior Member

    May 11, 2010
    Likes Received:
    trying new things
    I were you I won't do it.
  6. brutang

    brutang Junior Member

    Nov 5, 2009
    Likes Received:
    Karma :)
    • Thanks Thanks x 1
  7. roamer

    roamer Power Member

    Dec 2, 2008
    Likes Received:
    Gfx designer, vfx and mgfx
    plɹoʍ ǝɥʇ punoɹɐ ƃuıɯɐoɹ
    I also believe in the good ole' goes around comes around thing, but even if you set that aside, who's butt do you think will be on the line if worse comes to worst?. Such persons are ruthless and vindictive, and also will do anything necessary to avoid their responsability in such a matter. If he's somehow suspected, you can rest assured he'll serve you in a silver platter if he feels that helps him in the least.

    tl;dr: Don't do it. Tell the guy his competitor's website is well secured, blah blah.
  8. srb888

    srb888 Elite Member

    Jul 30, 2008
    Likes Received:
    Need some cleaning up done here...

    1. You both were having coffee.
    2. You both then discussed about hacking in general
    3. Then out of the blue, he offered you a contract of $3,000

    • How did he knew that you had the "capability"?


    What was the need to tell your client, in the first place, about your hacking ability? Without you telling him, he wouldn't offer you $3,000 to kill off the competitor's site.
  9. howard_hughes

    howard_hughes Elite Member

    Jul 23, 2009
    Likes Received:
    Just Another Digital Marketer!
    "Insta Rank"
    Home Page:
    Tell him you'd try to do it. Tell him you'll check out competitors site and let him know. After 2-3 days, tell him you couldn't find any exploit to gain access and you don't have the kind of skills to get into competitors site.

    Case closed. This way, you won't have to do a wrong thing and also, you won't piss off your client:)
    • Thanks Thanks x 1
  10. SahL

    SahL Elite Member

    Jan 8, 2011
    Likes Received:
    ★SEO Expert ★Blogger ★Web Developer
    Home Page:
    we'll this is great advice Randy ,

    btw IMHO ,i wudnt ..even if for 3k , Takes ages to get on top.

    ^Tell him to get on top by himself :p
  11. redden123

    redden123 Registered Member

    Mar 6, 2011
    Likes Received:
    If theres one thing I've learned in 2.5 years of wrecking IM's vage, is what goes around comes around, when I first started I did some shady shit and yeah I've gotten fucked around in return, its better to just keep your rep good if you plan to become rich from IM
  12. Chaskiboom

    Chaskiboom Registered Member

    Apr 22, 2011
    Likes Received:
    Hey, Why EVERYBODY is being hypocritical with the OP and not saying what they would truly do for 3K if they have the knowledge or the need for the money?

    Just take the job, man.. you can hire a killer in Honduras for a fraction of that price, so your moral can sleep well for sure. You are only giving him the access after all, what he do with that is his responsability..

    And ss you all said: "what goes around, comes around" -> Sure, the website owner should have probably done something nasty to gain his client's remorse, so...
  13. Cloaks

    Cloaks Regular Member

    Mar 20, 2010
    Likes Received:
    If your client still has this need, feel free to redirect him to me. 3k for a simple job like this is an opportunity you shouldn't let slip away..
  14. llewopsnimajneb

    llewopsnimajneb Regular Member

    Jan 10, 2011
    Likes Received:
    SEO, Affiliate marketer, Online marketing lecturer
    You could clone his site,

    post under a similar url and insert a noindex

    Tell the guy that he has to do some random stuff and access the site through ths altered domain...

    take his money, let him do what he wants, then if if complains that nothing happened, say well you might not be doing it right, and that while you can give him access, you cant ethically take the site down.

    everyone wins.

    he gets his revenge
    you get your cash
    no one gets harmed.
    • Thanks Thanks x 1
  15. kayzne

    kayzne Power Member

    Dec 26, 2007
    Likes Received:
    Don't be a pussy. Business is Business it's not personal to you. Take is $3,000, give him the access details. It's up to HIM what he wants to do with it.

    Or, turn it around, and email the guy, and say "listen buddy, a client is going to pay me $3k to hack your site, can you pay me more not too? lol :)
    • Thanks Thanks x 9
  16. pilgrim

    pilgrim Junior Member

    Apr 10, 2010
    Likes Received:
    Hilbert's Hotel
    Morals and ethics, morals and ethics....

    I'd be more inclined to worry about what happens if it all goes horribly wrong.

    Sure as hell your clinet's not going to take the blame, - he'll just deny all knowledge and let you take the consequences.

    Just me thinking out loud....
  17. shadowedsniper

    shadowedsniper Junior Member

    Aug 15, 2008
    Likes Received:
    Shit I would do it but you should let your buddy know that the guys site will probably be back online within a week if he has database backups.

    And if the competitor's website is making a ton of money, they'll no doubt seek litigation so if you tested the SQL injections last night without using a proxy, you'd be taking a major risk by moving forward.

    Side note: you'd have to be damn good at SQL injections to actually carry out any worthwhile hacks other than dropping tables, deleting rows, etc.
  18. Velvet

    Velvet Junior Member

    Feb 18, 2009
    Likes Received:
    contact the competitor and ask $5k to make his site more secure ;)

    maybe the $3k is high enough amount to start thinking about inmoral things, but the price is depends on the niche I guess.

    just offer a copy of every data, but not access to the database..btw if he can access to the database and dont what does he do, can couse a lot of problem to you also

    the $3k can be very-very low amount compared to the result in moral and law view also
  19. th1221

    th1221 Registered Member

    Mar 2, 2011
    Likes Received:
    You don't know what this guy's planning on doing with the info, so why be the enabler? The website could be the other guy's livelihood. He could be trying to feed his family of 13 children. You just never know, and you don't want to be the guy that's responsible for potentially ruining someone else.

    3000 bucks is not worth the moral cost, IMO.
  20. Virus1

    Virus1 Supreme Member

    Dec 13, 2010
    Likes Received:
    destroyer of worlds...
    Welcome to Black Hat World........................
    This guy has a grudge with someone...
    do not get involved...
    if he gets busted.... and he will...
    your name will be the first thing this lil bitch spits out at the
    first sign of a cop talking to him....

    and he will claim that he was told by YOU that
    it was absolutely legal...
    after all he is just ignorant of all this hacking stuff...
    you are the EXPERT....
    and you bet they will believe him...

    tell him you will try....
    you will check and see if the exploit is present...
    then.... wait several days...
    and tell him.. no.. its not present..
    they use a new system... that is not breakable...

    that way... you keep your diginity...
    you keep your customer...
    and most of all..
    you keep your freedom

    good luck..
    • Thanks Thanks x 1
    Last edited: May 11, 2011