Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers in the Henhouse

Posted by chrisd on from the today-is-opposite-day dept.

strucker writes "A good story on SecurityFocus from the RSA Conference. Kevin Mitnick debated his former prosecutor, DOJ attorney Christopher Painter, on the whether ex-hackers could be trusted as computer security professionals. Mitnick says hackers bring special skills to the job, while Painter says a criminal is a criminal."

21 comments

  1. Ever hear of Frank Abagnale? by Asmandeus · · Score: 1

    He was a master at Identity Theft and forgery over 35 years ago, cashing in around $2.5 million dollars worth of fraudulent checks in every state and 26 foreign countries in a period of 5 years.

    So what?

    Well now he works for the FBI lecturing at their academy. Not only that, over 14,000 financial institutions, corporations and law enforcement agencies use his knowledge and prevention programs.

    Well isn't that funny? Seems like the best person for the job is the one that actually spent time doing the crime. After all, they know how it works first hand.

    1. Re:Ever hear of Frank Abagnale? by silverbax · · Score: 1

      Not to mention having Leonardo Dicaprio play him in a movie loosely based on his crimes.

  2. A criminal is not a criminal by aphor · · Score: 1

    Law Enforcement people can't mentally handle the shades of gray, so their struggle is to paint everything in black and white, goodguy vs. badguy colors.

    If a criminal were a criminal and that was that we wouldn't need juries and judges or even trials. Ask yourself what kind of world they're really trying to sell you when they say "a criminal is a criminal." What is happening to all the criminals at Enron, or the other dot-bomb scams, or any other company bilking the ma-and-pa investors with their snobbier-than-thug-life white collar crime?

    If you need a simpler life, just sit there. The more you try to do, the more complicated it gets. If you're a Cop, you need special appreciation for moral quandaries. If you don't have it SIT DOWN AND SHUT UP!

    --
    --- Nothing clever here: move along now...
  3. or you could write the OS by Anonymous Coward · · Score: 0

    Regardless of whether or not a hacker with a record has reformed, the bottom line, said Painter, is that paying former criminals big bucks sends the wrong message to the young, up-and-coming technology workforce. He added, "That's like saying the best way to a high pay check is to go out and be a criminal hacker." ...Or writing the operating system code for 90% of computers, calling that code proprietary, and making billions of dollars.

  4. there is a way to have trust, sort-a . . . by LifesABeach · · Score: 0

    if one is bonded, then trust is a added convience.

  5. They should make a musical.... by nmtratman · · Score: 1

    Editors Note: The pipe symbol (|) delimits lines, to get around the lameness filter.

    [Opening Scene. Mr Mitnick stands before Mr Painter. In the background, various prisoners work the salt mines.]

    HARDWARE HACKER PRISONER
    The sun is strong | It's hot as hell below

    COLLEGE MP3 PIRATE PRISONER
    Look down, look down, | There's twenty years to go

    ENCRYPTION PROFESSOR PRISONER
    I've done no wrong! | Sweet Jesus, hear my prayer!

    COLLEGE STUDENTS
    Look down look down, | Sweet Jesus doesn't care

    MR. PAINTER
    Now bring me prisoner 24601 | Your time is up | And your parole's begun | You know what that means.

    MR. MITNICK
    Yes, it means I'm free.

    MR. PAINTER
    No! | It means you get | Your yellow ticket-of-leave | You are a hacker

    MR. MITNICK
    I made an unpaid call.

    MR. PAINTER
    You stole from a company!

    MR. MITNICK
    I broke a phone security. | The security system was close to death | And we were starving.

    MR. PAINTER
    You will starve again | Unless you learn the meaning of the law.

    MR. MITNICK
    I know the meaning of those 6 years | A slave of the law

    MR. PAINTER
    Five years for what you did | The rest because you tried to run | Yes, 24601.

    MR. MITNICK
    From here I am done!

    MR. PAINTER
    I am Chris Painter | Do not forget my name! | Do not forget me, | 24601.

    [The musical continues as Mr Painter tries to prevent the eventually successful Mr Mitnick from working as a security consultant.

    As the years pass, unstability and unrest forment within the country. The coorporate elite patents everything in sight. Copyrights are retroactively passed to include anything written at any time, to last for the next millennium. Many servers are hacked, and the hackers executed publicly, but the holes are not patched: discussing, learning, or exploring possible security flaws are considered breaches of the EDMCA law.

    A large body of rebellion starts to grow. Mr Painter and Mr Mitnick get caught in the unrest. After a fierce legal battle where Mr Painter uses his servers as honeypots, Mr Painter is left unconscious after a severe security violation. Mr Mitnick, unsure of what to do, fights off the script kiddies from killing Mr Painter and his servers.

    As Mr Painter regains consciousness, Mr Mitnick panics and flees back to his home server, cossette.fontaine.gnu.org.]

    MR. PAINTER
    Who is this man? | What sort of hacker is he
    To have my data caught in a trap | And choose to let it go free?
    It was his hour at last | To put a seal on my port
    Wipe out the FAT | And make eggdrop and fork!
    All it would take | Was a bit of his byte.
    Vengeance was his | And he gave me back my site!

    Damned if I'll live in the debt of a thief! | Damned if I'll yield at the end of the chase. | I am the Law and the Law is not mocked | I'll spit his pity right back in his face | There is nothing on earth that we share | It is either Mitnick or Painter!

    [Painter rips out his cable model, and throws it into a ditch.

    More stuff happens, including advanced AI, which automates the legal battles and keeps the webservers up to date. Cossette.fontaine.gnu.org sings and servers webpages as Mitnick dies of old age. Mitnick journeys to heaven with all the other coders, intellectuals, and college students, to a brave gnu world.]

    [Close of curtain.]

    --
    Car analogies work about as well as a Ford Pinto with a keg of beer in the passenger seat.
  6. Locksmith by naubol · · Score: 1

    Is a locksmith a criminal? Ie: does knowing how locks work and how they can be broken make a locksmith a criminal? Having an ability to do something evil, does not necessarily translate into malice. Often, those abilities can be used for good, too. Hackers know how computers work and how to break into them using a combination of social engineering and tech skills. It is comparable to hiring a locksmith to design a lock, they know how to break into them, so they have a better idea how to make them unbreakable. N, Whose locked his keys in his car too many times. PS: it sounds like this guy is just buying the stigma of "hackerdom" that some people have.

    --
    Reality is a slackware box running on a 386 tucked away in god's sock drawer.
  7. Christopher Painter by PD · · Score: 1

    aka. Inspector Javert

    --
    If tits were wings it'd be flying around.
  8. The Real Issue by j_zero · · Score: 1

    Mitnick was held for quite some time without being formally charged: This is not right. However, he did commit a crime, and was punished for it: This is right. A law is a law regardless of how you feel about it. Don't agree with the law? Quit whining and work to change or rescind the law. Having the knowledge to commit a crime is very different from actually committing the crime. Remember, everyone is responsible for their own actions, and the consequences that arise from those actions.

  9. If a criminal is a criminal and can't be trusted.. by Pont · · Score: 1

    ...then why do we have so many criminals in the .gov?

  10. Vegas business model by forkboy · · Score: 1

    Ask the casinos in Nevada how they used to catch thieves and cheaters (and probably still do). They use cheaters themselves. The cheaters know all the little tricks of the trade and understand the mentality of other cheaters, why they do what they do and what they will probably do next, as well as probable future cheats.

    Now replace the word 'cheat' above with 'hack' and you'll see just why government and coporations that are serious about security should hire at least a few former hackers. Of course, you WILL need trustworthy folks watching them closely. (Just the same way the anti-cheaters in vegas are heavily scrutinized by the casino owners to make sure they're not in on a scam)

    --
    This message brought to you by the Council of People Who Are Sick of Seeing More People.
  11. in a nutshell: the problem with the justice system by g4dget · · Score: 1
    Our justice system is supposed to rehabilitate people, not put a scarlet letter on their forehead for life. Having a DOJ official brand offenders as criminals-for-life is just evil, and it speaks volumes about what is wrong with the US justice system.

    Those kinds of attitudes are probably one of the reasons why the US is so remarkably ineffective in controlling crime: our crime fighters deep down assume that people are intrinsically good or evil and that their job is to discover which is which. That keeps them from pursuing policies that actually reduce crime by helping people remain in the mainstream of society.

    Mitnick probably wants what most people want: respect, a certain degree of admiration, and a reasonable income. If he gets that out of a security-related job, he will not become a criminal. If he can't get good work in the area where he is good, he probably will become a criminal again.

  12. You only hear about the bad hackers ... by Dossy · · Score: 1

    Why hire a convicted criminal? They got caught.

    It's the /good/ hackers you want to hire. The ones that are good enough not to get caught.

    (I'm not saying Kevin wasn't good, but there are obviously people who are better. We just don't know about them, for exactly this reason -- they haven't gotten caught.)

    It's an interesting thought. I don't think Painter was saying "don't hire hackers to do security audits" -- he's saying "don't hire convicted criminals." Really good hackers don't get caught. If you're going to pay top dollar, you might as well get the best.

    -- Dossy

    --
    Dossy's Blog
  13. the hard part by dfj225 · · Score: 1

    Mitnick argued that hackers, if reformed, make excellent security consultants because of their nature of pushing technology to the limits and their skills in penetrating computer systems.

    The hard part is trying to figure out if the hacker is really reformed. After all, these are people who spent the majority of their time decieving, cracking, and evading detection. Given proper access to a system, it would be overly easy for them to cover their steps.

    --
    SIGFAULT
  14. a horse is a horse, of course, of course...or not! by Anonymous Coward · · Score: 0

    Maybe someone should inform this schmuck that our President, you know, the Commander and Chief of the U.S. arms forces was a draft dodger.

    Talking about a leopard changing it's spots.

  15. Change the word computer to something else! by mabhatter654 · · Score: 1

    Will a crooked acountant [Enron] find another accounting job? Absolutely!

    Will the CEO [enron again] find another job? Absolutely!

    Will a crooked cop/ prosecutor find another legal job? Absolutely!

    It happens all the time, particulary in business/ legal circles. It's either an "indescression" [oops! I won't do it/get caught again] or "enthusiastic" [...but I got the bad guy didn't I] There's far more crooked cops/ prosectors [and yes, speeding, jaywalking, b### j## is a crime! -they are criminals too!] working the streets locking people in jail against their will than there are computer consultants--probably 100-to-1!

  16. Requirements by Anonymous Coward · · Score: 0

    There are two important requirements for a security expert:

    1. He must be trusted.
    2. He must be technically able.

    While most of the discussion here revolves around the first requirement i.e. can a hacker be trusted, the very simple fact is that only hackers can fulfill the second requirement.

    If your guiding principle when hiring security experts is to "sends the right message to the young", prepare to see your network trashed on a daily basis.

  17. Bullsnocky! by 7dragon · · Score: 1

    If a person has ostensibly "paid" for the crime of failing to successfully defend themself from prosecution and sentencing, it is illegal to then discriminate against them for having been punished for the crime.

    The real criminals are the ones who get away with the crap and never pay for it...

  18. Guess we're gonna be awfully short .. by Anonymous Coward · · Score: 0

    Most security analysts have, to an extent at least hacked. Hacking is most definately an excellent method for obtaining skills, and it would be hard for someone to truly be good at a security related job without hacking.

  19. hackers in charge of security ... by h4x0r-3l337 · · Score: 1

    ... isn't that a bit like putting a former DoubleClick exec in charge of privacy?

  20. The Tragically Hip. by hearingaid · · Score: 1

    Am I the only one who looked at the title on this story and thought of this?

    --

    my old sig used to be funny, but then slashcode ate it and now it's not funny anymore