Issues: Hiring hackers, the fine line between cult and criminal

Obviously there are a lot of technically talented individuals running around in the hacking scene nowadays. There always have, it’s the root of its existence. This has given birth to another interesting issue. Besides hacking being marketable and trendy, the underground today has the full attention of the corporate world where the skills are recognized (in some) and could be put to good use as well. In short, hiring hackers, if not good for profits at least is the trendy thing to do. And looking at the security problems some companies are having that definately is a good thing. However, it also raises the question of trust.

Altough there are no vast figures on it, computer intrusions are claimed to cost companies “hundreds of millions of dollars” internationally. This of course has created quite a demand for the various services of security companies. “Know your enemy” is a big issue here, causing quite a demand for the skills of hackers to stay on the edge of things. The idea of hackers running around their systems has (for a large part thanks to the media) proven not to be that big of an incentive for the hiring of a certain company however. Trust is a key issue here and it’s an unfortunate fact that certain stereotypes do not inspire this trust in people. It’s an ven sadder fact that the people who actually could help in situations get sidetracked because of this stereotype. This is why you won’t find many people in the industry all that eager to come clean about their past and probably even less companies admitting to hiring hackers. However, since hacking has become “the next big thing on Madison Avenue” this attitude is changing.

The L0pht Heavy Industries, a group referred to with terms like hacker think-tank, made the headlines a few months ago by announcing its merger into a company called @Stake. This company, which secured a $10 million backing from Battery Ventures, has recently made headlines again, with something else than it’s products and services.

Mark Abene, also known under the alias of “Phiber Optik”, cried foul after @Stake withdrew their offer of hiring him, based on his past. Mr Abene was convicted for unauthorized access to various systems in 1993. During the hiring procedure at @Stake, this fact came up again and @Stake decided not to procede with the process. This has caused a lot of people to scold the company as hypocrits, because since above mentioned merger @Stake’s own Research and Development vice-president and various other staff members are known hackers. It actually is a logical point of view, weren’t it for the fact that Abene wasn’t convicted for being a hacker.

In the public’s eye, being a hacker pretty much equals being a malicious, irresponsible person “out to get them”. Mr Abene’s hiring by @Stake did not richochet because he was a hacker though, he was convicted for a (computer-related) crime. Thanks to all the media-hysteria on the topic, hiring hackers is already something a company should consider thrice before openly doing so. Hiring people convicted for computer-crimes must be something that is even lower on the list of things a company would like to participate in.

Wether this is fair is a completely different question, but it shouldn’t be put with @Stake but with the US judicial system. We all know of someone else who’d want to have a say in that. To say however that @Stake balked at his hacker past altough they’re known to have hired hackers is pretty ridiculous though. Not all hackers are convicted for their actions you know. Most hackers don’t even participate in things that could land them behind bars. There’s a big difference between being a hacker and eing a hacker convicted for computer crimes, isn’t there? Saying things like: “People who have been able to escape their teenage years unscathed have this elitism. They consider themselves better than other hackers who were unlucky enough to be prosecuted for whatever reason, or for whatever mistakes they made” doesn’t help either.

It’s not the question wether any L0pht member might have once committed a computer crime. It’s not the question of the pros and cons of hiring hackers. It’s not even the question wether Mark Abene’s conviction was fair. But there are already enough stereotypes and in that field hackers didn’t exactly come out on top. Disappointment sucks, but putting all hackers on the same line doesn’t help anyone.