Would you employ a hacker or malware writer?

Microsoft has pointed the figure at a Russian antivirus outfit's former technical expert, claiming he was the brains behind the Kelihos spam botnet. Davey Winder is prompted to ponder whether it's ever advisable to hire a former hacker or malware author...

(DISCLAIMER: Neither IT Pro nor Davey Winder is suggesting that the technical expert allegedly behind the Kelihos. botnet was working for the Russian antivirus company while operating the botnet, nor that the company knew of his criminal interests)

COMMENT:I was in Eastern Europe recently, visiting the HQ and research labs of security vendor ESET. While there I asked some awkward questions of the ESET CEO and CIO. Thankfully, I had them in a Bratislavan board room from which they could not easily escape.

I never hacked for money, just for fun and out of curiosity.

My line of questioning included one about whether they thought that being from that part of the world presented a perceived trust issue amongst Western European customers some of whom may associate the area more with security problems than security solutions.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The answer was - quite correctly in my opinion - that the Eastern Europe association hadn't appeared to have done one Mr Eugene Kaspersky any harm. The answer to my other awkward question 'would you employ a hacker or malware writer?' was met with an equally straightforward 'no.'

However, I am not convinced that this is always the correct answer.

First things first, the AA moment... My name is Davey Winder and I used to be a hacker. Yep, it's true. Although I am now a fairly well respected security journalist and small business consultant, back in the day (and the day in question would have been 20 years ago now) I used to hack into mainframes and networks that didn't belong to me in order to find out how they worked. I never hacked for money, just for fun and out of curiosity.

It was, if we are to be completely honest here, my education as far as IT security was concerned. Not that 20 years ago there was much in the way of security to overcome, especially if we are talking about the online world.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020