Ethics Aside, Should You Hire A Known Black Hat Hacker To Protect Your Corporate Network?

Every day more and more computer networks are coming under attack and day by day those attacks are getting stronger.

When most companies try to defend their networks they are always on the defensive side of the pitch.

Although defense wins Superbowls, it does not cut it in the world of cyber security – it is the equivalent of putting a band aid on the person instead of them getting surgery.

There needs to be new ways that a company can defend their networks from outside attacks.

Power And Money

One way that is proving to be successful is to hire reformed (and possibly criminal) black hat hackers to defend the company’s networks.

Yes, there is a level of danger when someone does this but when it works, it really does seem to be the right solution.

Back in the days, when a hacker would cross the dark line and become a black hat hacker, it would be because of the problem sets that were on the illegal side of the line.

The problem sets on the dark side would seem more interesting to the person but they also got to feel a level of power as well.

Now when a black hat hacker steps over that same line they do it for financial motivation for the most part.

Due to the rise of interesting open source projects and more people hiring for software jobs, there are interesting legal problems that they can conquer.

But the allure of quick money is just too much for many of these people to pass up.

Black hat hackers used to have a code like many other criminals.

Now, for many, there is no code and it is all about how much money they can get.

Jobs For Hackers

But the first time that a lot of these people get into trouble with the law as an adult, they suddenly decide to change their ways.

Not all of them of course, but most of them that participate in this activity.

Most people did it as a youth and they saw that they could make easy money but easy money doesn’t look too good when you have a possibility of facing prison.

So your company can use this to your advantage and hire one of these smart young adults to work for you.

Who would know the mind of a hacker better than them?

Somebody who has the natural skills to be a world class hacker and someone who has to be trained to be one are in two different leagues.

Having one who has turned away from the dark side to be with the good guys might be a good catch.

Hiring someone like this should not be done lightly.

There should be someone watching this person for a long probationary period.

Even though you are giving this person a second chance does not mean that you should give them one hundred percent trust just yet.

There is no reason to be foolish about this.

If they keep clean for a long time and they do good work, then you might have really found a winner.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Comments

  1. Outkaster says:

    I think this “don’t hire a black hat” attitude is what keeps a lot of us out of the regular fields of employment.

    Let me tell you a short story and decide for yourself. Outkaster spent many years of his younger life learning to hack / program / become a hardware & software expert, telecommunications expert & generally learned anything he could pickup via self study. Now Outkaster decided one day “What the hell, I’m going to try and make a living at something I enjoy”. So he goes out and applies himself at several different companies who all respond “you need to get certified”. So Outkaster looks at compTIA’s A+, Networking and other certs and after a while writing mock exams / etc he realized the vast majority of their requirements are 5 – 10 years out of date. Honestly SIMM memory and CRT monitors ?? Don’t get my wrong, but those belong in a computer history class, not practical application. And studying the history of firewire? No one gives a shit execpt which model is available now, clients want fast, affordable & reliable hardware. Forcing people to memorize things they aren’t going to use is meaningless. It just creates a thinker course syllabus which looks impressive (however outdated it may be) and they charge more money because it’s a longer course. What a racket!

    So now we have a half educated computer tech who can preform hacks, cracks, write C++ xHTML, PHP & JAVA (learned to hack security features in those as well), WiFi expert *both securing / hacking into ) Hardware and software upgrades, has a working knowledge of Linux as well as Windows Operating systems & some versions of MAC OS all without ever stepping foot into a class room. And just like the rest of you, he needs to make a living.

    After he’s told by every company he applies for that an A+ is required, and doesn’t have the cash to run the course.

    So long story short our hero goes out and makes money from clients who have need of such a skill,but has to get the clients himself. He does this well, but admittedly he works most of the time for a lot less then he’s worth because he spends an hours just trying to get clients for which he makes nothing.

    Now is Outkaster a Black Hat because he needs to supplement his income via taking the occasional illegal contracts? Would you hire someone who knew what they were doing (or at least had the brains to study a new topic before attempting repair)?

    I would.

    Seriously folks, I would hire an ex hitman for a job which required a good marksman because I know he can do the job. Pay him fairly and monitor his progress from time to time (building some trust is good) and I doubt he’s going to maim you for it.

  2. Putting ethics aside hiring one could be a big problem down the road.
    If you add ethics into the mix – hire him/her , if they have ethics.
    How do you teach hacking in a short amount of time, if you have a 19 yr old who has been doing it since age 14, odds are you will never catch up with him/her, not in a few months anyway, nor will you be able to teach anyone all the tricks needed to stop the ‘kid’, depending on his/her level of skill.

    I include ‘her’ cause there are girls out there that hack.

    • True – if a 14 year old has been hacking for 5 years and is still only 19 then I think the temptation to carry on doing as before will be rather large and hard to ignore.

      I’m glad you mention female hackers – most of the hackers reading this blog, at least the ones I’ve had contact with, go to great pains to point out that they are of the fairer sex!

  3. Lee Maybe its better to learn our staff about hacking better than hireing a Black Hat Hacker.

    • I actually agree with that Mourad but took the opposite stance in the post in order to play devil’s advocate.

      If a company hire an ex-black hat hacker then I think the risks of them going rogue again are, for the most part, too high.

Trackbacks

  1. […] This post was mentioned on Twitter by david schekaiban, Joe Burton. Joe Burton said: internetcrimes.net Ethics Aside, Should You Hire A Known Black Hat Hacker To Protect … http://bit.ly/ddkOec computer forensics […]

Speak Your Mind

*