Just reading the latest thread here in the Forum. It’s a fair point raised. Something we’ve talked about for a while…..
In my opinion, it [hiring convicted hackers] demonstrates something deeper than just the face-value story of convicted hacker being hired and the ethical issues associated with that. (I’ll leave discussion on that part as it’s been done to death before).
What it really demonstrates in my opinion is seriously dumb senior management who seem to have a belief that rogue “hackers” bring to the table something special…..something they have no idea that they can already get in the scores in the mainstream professional Information Security industry. (eg; As I have said before, I believe pound for pound NZ has some of the best IT Security researchers in the world….If I was TelstraClear, I’d have about 20 others on the list before hiring the kid they did). Look, good luck to the guys being hired. You have to make a living and if someone wants to offer you money/job etc well….
I’m not judging the skills of these hackers – they may well be really good at what they do. Or, they may just be script-kiddies with no exceptional skills whatsoever, which brings me to my next point. Hacking a good deal of stuff on the Net is not hard work and exceptional skills are not required. But, to many in even IT, outside of our Information Security industry, it’s all still dark magic and anyone doing it must be exceptional talents! WTF?
Even in 2009 it really highlights the perception of our industry – moreso scary than anything else, that perception from the broader IT industry.
Precedents have long been set now and stuff like this will continue to happen…..companies will think they’re getting something special and the opportunists will see there’s a potential lucrative future in playing on the dark side for a while (aside from the fun/interest factor). Has much changed in the last 20 years?
I don’t feel that a company hiring a known/convicted ‘hacker’ must mean their only concern is tapping into the dark magic knowledge they know about hacking.
It may be possible that some companies aren’t going to let a mistake made when a tween hold them back from hiring someone who actually does demonstrate skill and enthusiasm for the position they want to fill.
I agree, just because someone is caught doesn’t mean they have some dark magic that we can tap into. And yes, it is a risk that the hiring company is obviously having to deal with.
In general, I think any generalizations made on a topic like this are bound to not stand up over every situation.
Hiring some convicted ‘hackers’ may prove to be an extremely valuable and worthwhile endeavor; while others may just end up screwing the company that hired them…
Case by case.
There are plenty of people who are clean (both in actions and convictions) that I would not hire EVER and vice versa. Its all case by case, and just another thing (however big) to consider when looking at bringing people on.
Especially in the early days it was easy for people to land themselves in hot water without any real malicious intent – especially when people were ‘young and stupid’ (or is that young and too smart for their own good ??). I’m not making excuses though, to take on the potential brand damage they would have to be able to add a hell of a lot to the mix.
Good points raised MD and Dec. “Conviction”? Intent? Not all is black and white hey? Personally I agree it is on a case by case basis dependent upon the individual and their previous actions.
@Dec,
I don’t mean to sound too prudish here or to moralise (too much!). But you’ve said it was easy in the early days for people to land themselves in hot water without “any real malicious intent”.
I’m curious about that comment. Surely most adults, even young & dumb-f&ck stupid ones, know the difference between right and wrong, especially those with perceived ‘higher’ skills associated with technology and hence, human intelligence.
It’s been said before, but I’ll say it again: In most States & Territories of Australia (& other countries), if someone is caught testing the locks on your house, or your car, without your permission, in most circumstances, these actions are against the law, and rightly so. The “intent” is irrelevant, as the mere actions of testing the locks is unlawful. In other words, society has said this is a bad thing. Similar laws exist in relation to people caught “testing” (hacking) computers & networks without permission, for any reason.
You often read & hear some people run the old argument that, as so-called white hats, and having no permission from the owner, they merely ‘test’ others’ systems, gaining access etc, and without any real malicious intent. Baloney. Try telling that to the Courts, you’ll quickly find they don’t accept this logic, and nor should they.
Having said all that, and from my own ethical perspective, I have no problem whatsoever with people who ‘test’ others systems, without permission, but only if that is the full extent of their activities. I do however have a problem with those who then boast about it, like they’ve won a trophy or for ‘cred’. But I digress, my ethics are irrelevant.
The moral is, if you get caught, be prepared to face the music, and don’t run the b-s line that you didn’t know it was wrong. Yes you did.
Reviewing intent and awareness – valid comments Knuckle. Aside from the criminal elements, there is still a lot of people doing it, getting away with it and working on the pretense of community service. Which community I ask? Also;
http://beastorbuddha.com/2009/02/24/randon-vuln-testing-security-vendor-websites/
@the knucke
I agree. Well put!
So much for TelstraClear having a hiring policy that includes police clearance huh?
If TC were ever involved in a due diligence and asked “do you require all employees to have police clearance?” wouldn’t this fail?
Keep in mind some criminal ‘hacking’ activity is akin to a kid tagging someone’s fence with graffiti, or simply making a bad move because they were bored. They may have known the right and wrong about it, but have no concept of the ramifications of such childish antics, especially if no one is physically or financially burdened to excess.
For instance, what damage did the Twitter worm actually cause? It probably spent more collective money on the media attention than on anyone directly.
Nonetheless, there are situations where a kid does something relatively easy that simply results from being a kid. I don’t believe doing something wrong, no matter what it is or what age you are, means we can punish them for the rest of their life. If so, every offender may as well become a repeat/chronic offender.
(My stance is largely just a devil’s advocate stance, as I fall quite comfortably on both sides of this fence!)
Personally if I was hiring I wouldn’t go there, but that’s just me.
… But many steal from the companies that they work for every day by compromising systems, stealing information, beefing up the expense report and just wasting resources that are not convicted criminals. Companies need to put in place what ever procedures they need to minimise internal risks. I guess this is one risk TelstraClear are comfortable with. At least if you know they are a criminal you know what your getting and there are no surprises – bet they don’t put it in their application for crime fidelity insurance though.
childish antics aside (yes redemption bla bla ). Starting a good solid career can come discretely with out all the media attention – should that be what was wanted on both sides. If doing something you know is wrong for cocked up glory and self gratification is what you want than the quiet achiever path wouldn’t be the way to take right.
Bah.
Someone flogged this debate topic from the back-end borb forum, posted it here on the front pages & effectively threw the blanket over any potential responses to *my* original debate. Talk about ripped off.
From bad to worse, then you get this bloke calling himself “The Knuckle” (above) who said everything I wanted to say, but he got in before I did (I reckon he stole my notes). There are egos to massage here, ya know. My writers union in Upper Botobolar will be made aware of these developments.
BG.
I did link the source BG. And Knuckle has approached me to do guest posts. With you over at Pat’s site now, I thought there was an opening for some fresh new opinions. Since you’ve become a famous media celebrity you’ve become a bit precious and we rarely get a “Diatribe” anymore…I suppose you’re now expecting some dollars per post!?
So, there was an opening for fresh new opinions, eh ?
Opinions are like r-soles. Everyone’s got one.
