Login | Register   
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

Foxes in the Henhouse: Can Hackers Be Trusted to Defend Computer Systems? : Page 2

Should convicted hackers be hired as information security professionals? Can they reform? Do they have skills that only a hacker can provide? A recent panel discussion addressed these questions from four distinct points of view.


advertisement
Can hackers really reform?
Mitnick: My position now is any type of unauthorized access is completely wrong, and it's illegal and unethical.

Painter: One of the things that hackers have demonstrated is not justas defense attorneys like to put itintellectual curiosity, but a disregard for other people's rights and property and a way to minimize that conduct and say 'this is not that illegal, this is not that problematic.'

Winkler: Why not use people [with no criminal past] instead of hiring someone with a criminal record and putting yourself and your customers at risk? There's the issue of recidivism. There's a high rate of recidivism in just about all crimes.



Granick: It's incredibly presumptuous to say every person who has a criminal record cannot be rehabilitated, cannot change, is immoral, is untrustworthy and is not worth the risk.

It's incredibly presumptuous to say every person who has a criminal record cannot be rehabilitated.
What about the careers of reformed hackers who never got caught?
Granick: I'm the only one up here who's qualified to say what hackers think, because I've defended so many of them. Hackers think 'I will not get caught.' Period.

Mitnick: I can think of several individuals who've started very successful computer companies who were hackers, crossing the line into unauthorized access. A lot of respected people in the industry who've started companies that many people use as vendors were actually hacking before. I was actually trading vulnerabilities with a lot of these people.

Winkler: My definition of what he's saying is 'you can't trust anybody, so you might as well trust the crooks.'

So should companies hire them or not?
Mitnick: The truth is in the industry hackers are used. A lot of companies—to save their brand or save their image—don't like to admit it but that's what's really going on. My clients are happy with the skill set I bring despite my criminal background.

Painter: People can be rehabilitated, but it's a risk factor. Look at other industries. If someone gets convicted of bank fraud or embezzlement, they don't get rehired in the banking industry. People convicted of insurance fraud don't get hired in the insurance industry.



Glen Kunene can be reached at gkunene@devx.com.
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap