Would you employ a hacker or malware writer?

(DISCLAIMER: Neither IT Pro nor Davey Winder is suggesting that the technical expert allegedly behind the Kelihos. botnet was working for the Russian antivirus company while operating the botnet, nor that the company knew of his criminal interests)

COMMENT:I was in Eastern Europe recently, visiting the HQ and research labs of security vendor ESET. While there I asked some awkward questions of the ESET CEO and CIO. Thankfully, I had them in a Bratislavan board room from which they could not easily escape.

I never hacked for money, just for fun and out of curiosity.

My line of questioning included one about whether they thought that being from that part of the world presented a perceived trust issue amongst Western European customers some of whom may associate the area more with security problems than security solutions.

The answer was - quite correctly in my opinion - that the Eastern Europe association hadn't appeared to have done one Mr Eugene Kaspersky any harm. The answer to my other awkward question 'would you employ a hacker or malware writer?' was met with an equally straightforward 'no.'

However, I am not convinced that this is always the correct answer.

First things first, the AA moment... My name is Davey Winder and I used to be a hacker. Yep, it's true. Although I am now a fairly well respected security journalist and small business consultant, back in the day (and the day in question would have been 20 years ago now) I used to hack into mainframes and networks that didn't belong to me in order to find out how they worked. I never hacked for money, just for fun and out of curiosity.

It was, if we are to be completely honest here, my education as far as IT security was concerned. Not that 20 years ago there was much in the way of security to overcome, especially if we are talking about the online world.