Would you employ a hacker or malware writer?

Microsoft has pointed the figure at a Russian antivirus outfit's former technical expert, claiming he was the brains behind the Kelihos spam botnet. Davey Winder is prompted to ponder whether it's ever advisable to hire a former hacker or malware author...

With maturity comes the ability to resist the kind of vengeful attack that employers worry might be unleashed when the ex-hacker becomes an ex-employee.

There is a secondary truth attached to this, which is that they are also likely to be a lot younger than my contemporaries and I were back in the day. When I started hacking I was in my late twenties, not my mid-teens. Which throws the not so small matter of maturity into the hacker employment argument. With maturity comes the ability to resist the kind of vengeful attack that employers worry might be unleashed when the ex-hacker becomes an ex-employee.

You have probably noticed by now that I have exclusively concentrated on the ex-hacker here, not only because it is the example I am best acquainted with but also because it's the more contentious part of the employment debate.

Hackers for hire

George Hotz, aka geohot, the hacker behind jailbreaking the PlayStation 3, was employed by Facebook as a software engineer.

Nicholas Allegra, aka Comex, the man behind the JailbreakMe site for hacking iPhones, was hired by Apple as an intern.

Kevin Mitnick, aka Condor, was jailed for various hacking offences and at one point made the FBI 'most wanted' list as a supposed cyber terrorist but is now a respected IT security consultant.

John Draper, aka Cap'n Crunch, the hacker who invented phone phreaking and served time in the 70's, worked for Apple and helped develop the EasyWriter word processor.

There are many industry sectors where employing someone with proven strengths in the IT security space - albeit from the wrong side of the tracks - could feasibly be contemplated. There are none that I can think of where a former malware writer would be an asset. And that certainly includes the most obvious of all, the security vendors and malware research labs.

Why so? Why the differentiation between malware author and hacker? Simply because a hacker can have plied a trade without malicious intent, whereas, by definition, the malware author cannot. This strains the trust relationship to the point where it has to snap, where it cannot ever be said to be a sensible move, where the risk will always outweigh the potential reward.

Yes, a reformed malware author may be able to bring an understanding of the malware mind-set to the security research table but that mind-set can be taught and security vendors are more than capable of taking on clever coders who can learn and adapt without ever actually venturing into The Dark Side.

IT Pro would like to hear your opinion. Would you hire, or have you hired, a hacker? Let us know at comments@itpro.co.uk.

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
UK exploring plans to launch its own digital currency
digital currency

UK exploring plans to launch its own digital currency

19 Apr 2021