Slashdot Mirror
Would You Hire A Hacker?
theodp writes "A German security company has divided opinion in the IT industry by offering a job to the teen charged with creating Sasser. Silicon.com asks its CIO Jury: Would you hire a hacker? and finds the jury split down the middle, with one IT Director saying doing so would be like hiring serial-killing doctor Harold Shipman to treat your ailing and aged mother."
It'd be more like hiring a doctor who was convicted of illegal cloning experiments to work on alternatives to organ transplants.
doing so would be like hiring serial-killing doctor
Well, if he's good with a knife..
Honestly though, if a hacker has payed his debt to society and now wants to help businesses prevent what he was doing(Kevin Mitnick), why not let them? Having the most knowledgeable person for the job might just save you from being hacked by someone else--as long as you can trust the person.
Boxing Equipment Reviews
What a loaded question?
Would I hire a worm-writing kid? No.
Would I hire a gray-hat security genius? Absolutely.
A security company might benefit from his experience, or even just the marketting angle "the best hackers work for us!"
In the field I'm in, he'd be a liability. We do government stuff, relating to law enforcement, and while we're not a bunch of angels, we don't want any skeletons in our closet either.
I don't need no instructions to know how to rock!!!!
Yeah, I don't think this kid is all too bright compared to a lot of other hackers. I mean, for one, he got caught.
Note: I'm not saying that this chump is the best programmer around, I'm sure he's not. But if he's a great man for the job and can think of things that you and I won't, then I'm on.
Berto
There are PLENTY of information security white hats that are just as talented, if not more talented, than the black hats. If we are truly talking about hiring a "black hat cracker". Even if they were exceptionally skilled it would depend on the individual.
:)
They commited a computer crime. That is a liability, not an asset. All in all their benefits as a skilled IT professional would have to outweigh their liabilities (being busted for a computer crime). It is a factor that goes into the equation. I would say that in most cases it would be enough to lean me towards not hiring them. I think its a pretty serious thing to hack someone elses system. There are PLENTY of ways to make a name for yourself in a white hat way. Writing papers, studying info sec and staying on top of the field and becoming a noted voice in the communities is one. Ultimately if you need negative publicity to be known (and or hired) your just being lazy
Jeremy
I can see three potential problems with this.
1) The possibility that this might motivate other crackers to unleash the next big worm to find a job.
2) What about the poor shmuck that does nothing wrong and gets passed up for a job.
3) Say you hire him and he goes back to his old ways. Wouldn't you be somewhat liable for damages caused to you clients.
As I said potential and possibly extreme situations.
500 dollar reward for tip(s) leading to the arrest of the person(s) who stole my sig.
The FBI hired Frank Abagnale Jr. as a counterfeit specialist and it turned out to be a good thing. Why? Because he was just a freaking teenage KID that happened to be misguided through lack of maturity. If this teen hacker was given a little direction and purpose with his life then he could steer everything completely around.
I can't believe that comment about hiring him being similar to hiring a serial killer as a doctor. The director that spoke that comment is an idiot.
I think I would look at what type of hacker they are.
Is it someone who knows systems inside and out and enjoys toying with them? Then definitely yes.
Is it a script kiddie who just took someone elses work and capitalized on it? Definitely not.
The issue is not about elitism, it's about attitude, someone who has gone to the effort to learn something and apply it is in a whole different world than someone who is so socially mal-adjusted they feel the need to tweak the latest worm to say "I RULEZ" and sends it back out.
Never underestimate the power of human stupidity -RAH
Hackers create, crackers destroy.
And while you are busy trying to make this assertion to a hiring manager, somebody else who doesn't deal with pedantic stuff like "hacker vs cracker" is taking your job.
I don't respond to AC's.
I read a couple or articles on this case by the time it hit /. So here is what I have to say.
First, I think that this kid has been punished pretty severely already. His *dad* got fired over it, and he has recieved his share of death threats. This is not something you can just take lightly, especially when one's actions affect those close to the perpetrator. BTW I do think that firing the guy's dad is a little severe. Indeed these actions were what motivated the German security firm to offer a job to the kid.
Secondly, the comparison to the serial-killing doctor is quite misguided. In this case, it is more like hiring the serial-killing doctor as a pathologist. He *might* make a really good pathologist. But there are no guarantees.
Finally, at least in the US, our legal system recognizes that teenagers are not as capable of considering consequences of their actions as adults,and there are some scientific studies which have been published in the last few years that may provide a solid scientific case for challenging those states which allow the death penalty for individuals under the age of 18 who commit capital crimes. If you say that "we will never allow anyone in this field to ever hire a teenager who commits this crime" then you are placing, IMO, unbalanced consequences for the misguided and even criminal actions of such individuals.
LedgerSMB: Open source Accounting/ERP
Completely agreed. The meaning of words is determined by their use and context, and sadly, "hacker" is one of those words that has taken a negative context in the eye of the greater public...
"Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
if you could create a machine that he didn't have skills to crack... why would you need to hire him in the first place?
2 1337 4 u!
It doesn't necessarily prove any talent at all.
It proves they go to their favorite hacker website, download some proof of concept code, and wrap some VBScript around it.
I wouldn't call Sasser a work of genious, but a work of pure assholery. He didn't invent something, or do it to prove a point. The point was proven, the exploit was known. He did it to be a 1337 h4x0r.
I think the fact that these teens exist is a result of their own stupidity. Guess what, you want to commit crimes for attention, it just might fuck your entire life up.
Try and get a job in retail with a shoplifting conviction. Try and get a job as a kindergarten teacher with an assault conviction. Try and get anywhere in politics with virually any conviction greater than a traffic violation.
Boo hoo for teens too stupid to realize actions have consequences, sometimes life long consequences. And I'm sick of people blaming "the education system" or "society".
This kid was mentally developed enough to know what he was doing was wrong, and did it anyways. He's lucky to be offered a job doing anything more technical than digging holes in the dirt.
I don't need no instructions to know how to rock!!!!
If a company's entire basis is the fact that their employees do not (or did not, if truly grey hat...) have integrity, they're sunk before they leave dock.
In the same breath, I will just state what I have seen someone else on /. state, and I found humorous: black hats are good hackers, white hats are good fakers, and grey hats are good liars.
Linux: The world's best text-adventure game.
That'd be nice if you have the manpower or spare time to babysit all your employees.
I don't and nor does anyone in this office, if theres any question of trust around here, you're out on your ass.
I don't need no instructions to know how to rock!!!!
I'm sorry, but at least the person you didn't make an offer to was willing to come forth about it, let people know that he found that sort of behavior acceptable, and give a chance to lay down a set of rules that are perhaps more fitting to his particular morals. He was decent enough to give that opportunity.
I wonder how many people you've worked with have ever done the same things as this individual but haven't owned up to it. I wonder if anybody you've worked with monitored mail for their own amusement and just never set off warning flags during the interview process.
It's one thing to catch somebody doing something after giving them a chance (because of not being told about certain behaviors or not). It's another entirely to deny them a chance after they're trying to be out in the open with you.
Why would a spy come out and say they're a spy? It sets off alarms and unless you're just that damn good, blows any future chance of spying you have. Why would a cracker come out and declare they're a cracker unless they're willing to change their tune while on the job? I guess, unless you're looking for feints within feints.
If not now, when?
Hmmm... clearly if this kid has any brains he would know that he is under scrutiny. So what's he going to do? Spend all day looking for where the logs are kept and trying to get into the machine that stores them. It would be trivial to find out which machine is storing them because a connection has to be opened to his computer at some point and not only that since the logs would be generated on the machine and downloaded, assuming there wasn't a persistent connection for continual download which would also be blatantly obvious, the log file itself would be the perfect vector for malicious code.
For most crackers it is the thrill of defeating someone in power that gets them going. Trying to control him would only encourage him. No, if you can't trust him, then don't hire him, and someone that consistently has moral lapses is clearly not trustworthy.
The IT Director who made the Shipman comparison should be fucking fired. Just what kind of values does a man have when he equates a mass murderer with a teenage computer virus writer? My god, the kid is exactly that, a kid! He isn't a violent drug crazed sociopath, he's doing what many kids do, i.e. messing around to see what he can do and how far he can go, with the exception that he got caught.
This kind of fanatic mentality, where a stupid fucking computer (or a song or movie on the internet) becomes more valuable than people's lives, is a sad testament to the state of our society.
You think I'm over the top? Why is it that people who download songs from the internet get punished harder than the executives of corrupt and failing corporations?
If you give someone a chance, after he or she has messed up, especially as a teen, they might or might not do something useful with their lives. But if you dismiss them outright, you are condemning them for the rest of their lives.
Way to go fuckers.