Security researchers at this week's Usenix conference in Boston believe this is a danger, and that ethical hackers have to develop a uniform code of ethics for themselves before the federal government decides to take action on its own.

One such researcher introduced himself by saying "Hi, I'm Dave Dittrich, and I'm a computer criminal." Dittrich, senior security engineer and researcher at the s Information School, has not been unlucky enough to be prosecuted. But ten years ago, he took actions to disrupt distributed denial-of-service which he says could have been construed as criminal, he says.

Working within the University of Washington network, Dittrich accessed other people's computers to identify and clean up infected machines, and shut down malicious accounts.

While Dittrich was figuratively wearing the white hat, his actions could potentially have been seen as unauthorized intrusions, he says. Dittrich notified government authorities -- as well as the DDOS attack's innocent victims - of his actions and findings, but he says relying totally upon bureaucratic processes could have taken one or two years.

"In a situation where there are ongoing attacks, and there is no understanding of what is going on, time becomes critical," Dittrich said.