Issues: Hiring hackers, the fine line between cult and criminal
by Thejian - for Help Net Security
Obviously there are a lot of technically talented individuals running around in the hacking scene nowadays. There always have, it's the root of its existence. This has given birth to another interesting issue. Besides hacking being marketable and trendy, the underground today has the full attention of the corporate world where the skills are recognized (in some) and could be put to good use as well. In short, hiring hackers, if not good for profits at least is the trendy thing to do. And looking at the security problems some companies are having that definately is a good thing. However, it also raises the question of trust.

Altough there are no vast figures on it, computer intrusions are claimed to cost companies "hundreds of millions of dollars" internationally. This of course has created quite a demand for the various services of security companies. "Know your enemy" is a big issue here, causing quite a demand for the skills of hackers to stay on the edge of things. The idea of hackers running around their systems has (for a large part thanks to the media) proven not to be that big of an incentive for the hiring of a certain company however. Trust is a key issue here and it's an unfortunate fact that certain stereotypes do not inspire this trust in people. It's an ven sadder fact that the people who actually could help in situations get sidetracked because of this stereotype. This is why you won't find many people in the industry all that eager to come clean about their past and probably even less companies admitting to hiring hackers. However, since hacking has become "the next big thing on Madison Avenue" this attitude is changing.

The L0pht Heavy Industries, a group referred to with terms like hacker think-tank, made the headlines a few months ago by announcing its merger into a company called @Stake. This company, which secured a $10 million backing from Battery Ventures, has recently made headlines again, with something else than it's products and services.

Mark Abene, also known under the alias of "Phiber Optik", cried foul after @Stake withdrew their offer of hiring him, based on his past. Mr Abene was convicted for unauthorized access to various systems in 1993. During the hiring procedure at @Stake, this fact came up again and @Stake decided not to procede with the process. This has caused a lot of people to scold the company as hypocrits, because since above mentioned merger @Stake's own Research and Development vice-president and various other staff members are known hackers. It actually is a logical point of view, weren't it for the fact that Abene wasn't convicted for being a hacker.

In the public's eye, being a hacker pretty much equals being a malicious, irresponsible person "out to get them". Mr Abene's hiring by @Stake did not richochet because he was a hacker though, he was convicted for a (computer-related) crime. Thanks to all the media-hysteria on the topic, hiring hackers is already something a company should consider thrice before openly doing so. Hiring people convicted for computer-crimes must be something that is even lower on the list of things a company would like to participate in.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th