Would you employ a hacker or malware writer?

Microsoft has pointed the figure at a Russian antivirus outfit's former technical expert, claiming he was the brains behind the Kelihos spam botnet. Davey Winder is prompted to ponder whether it's ever advisable to hire a former hacker or malware author...

With maturity comes the ability to resist the kind of vengeful attack that employers worry might be unleashed when the ex-hacker becomes an ex-employee.

There is a secondary truth attached to this, which is that they are also likely to be a lot younger than my contemporaries and I were back in the day. When I started hacking I was in my late twenties, not my mid-teens. Which throws the not so small matter of maturity into the hacker employment argument. With maturity comes the ability to resist the kind of vengeful attack that employers worry might be unleashed when the ex-hacker becomes an ex-employee.

You have probably noticed by now that I have exclusively concentrated on the ex-hacker here, not only because it is the example I am best acquainted with but also because it's the more contentious part of the employment debate.

Hackers for hire

George Hotz, aka geohot, the hacker behind jailbreaking the PlayStation 3, was employed by Facebook as a software engineer.

Nicholas Allegra, aka Comex, the man behind the JailbreakMe site for hacking iPhones, was hired by Apple as an intern.

Kevin Mitnick, aka Condor, was jailed for various hacking offences and at one point made the FBI 'most wanted' list as a supposed cyber terrorist but is now a respected IT security consultant.

John Draper, aka Cap'n Crunch, the hacker who invented phone phreaking and served time in the 70's, worked for Apple and helped develop the EasyWriter word processor.

There are many industry sectors where employing someone with proven strengths in the IT security space - albeit from the wrong side of the tracks - could feasibly be contemplated. There are none that I can think of where a former malware writer would be an asset. And that certainly includes the most obvious of all, the security vendors and malware research labs.

Why so? Why the differentiation between malware author and hacker? Simply because a hacker can have plied a trade without malicious intent, whereas, by definition, the malware author cannot. This strains the trust relationship to the point where it has to snap, where it cannot ever be said to be a sensible move, where the risk will always outweigh the potential reward.

Yes, a reformed malware author may be able to bring an understanding of the malware mind-set to the security research table but that mind-set can be taught and security vendors are more than capable of taking on clever coders who can learn and adapt without ever actually venturing into The Dark Side.

IT Pro would like to hear your opinion. Would you hire, or have you hired, a hacker? Let us know at comments@itpro.co.uk.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Researchers send “unhackable” quantum data over 370-mile optical fiber
data protection

Researchers send “unhackable” quantum data over 370-mile optical fiber

11 Jun 2021
New study shows global privacy investments increasing
data protection

New study shows global privacy investments increasing

2 Jun 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Barracuda Backup Vx review: Hassle-free hybrid backup
backup

Barracuda Backup Vx review: Hassle-free hybrid backup

20 May 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021