Slashdot Mirror

← Back to Stories (view on slashdot.org)

Would You Hire A Hacker?

Posted by timothy on from the depends-on-circumstances dept.

theodp writes "A German security company has divided opinion in the IT industry by offering a job to the teen charged with creating Sasser. Silicon.com asks its CIO Jury: Would you hire a hacker? and finds the jury split down the middle, with one IT Director saying doing so would be like hiring serial-killing doctor Harold Shipman to treat your ailing and aged mother."

18 of 466 comments (clear)

  1. No, no, no! by Anonymous Coward · · Score: 5, Informative

    That's not hacker! It's cracker. Hackers create, crackers destroy.

    -ESR (fake)

    Hacker != Cracker. How-to.

    1. Re:No, no, no! by Dr+Reducto · · Score: 5, Insightful

      Yeah, I don't think this kid is all too bright compared to a lot of other hackers. I mean, for one, he got caught.

    2. Re:No, no, no! by DogDude · · Score: 5, Insightful

      Hackers create, crackers destroy.

      And while you are busy trying to make this assertion to a hiring manager, somebody else who doesn't deal with pedantic stuff like "hacker vs cracker" is taking your job.

      --
      I don't respond to AC's.
    3. Re:No, no, no! by ePhil_One · · Score: 5, Informative
      Yeah, I don't think this kid is all too bright compared to a lot of other hackers. I mean, for one, he got caught.

      For another, he's clearly subject to certain moral lapses.

      I've been given this opportunity before, an applicant admited to hacking into a company to demonstrate his abilities and knowledge; they hired him. While I recognized his potential to help secure our network, could I trust him not to monitor peoples mail for his own amusement, access private data like salaries, "attack" computers of folks he didn't like, or otherwise cause trouble?

      It took a slam dunk "Hire him" to a long debate, we wound up not making an offer.

      --
      You are in a maze of twisted little posts, all alike.
    4. Re:No, no, no! by jhoffoss · · Score: 5, Insightful
      This would fail even more quickly. Most of my clients are stressed out as it is when they bring my firm in. The one thing we have that they take comfort in is our integrity. Without that, we would be out of a job.

      If a company's entire basis is the fact that their employees do not (or did not, if truly grey hat...) have integrity, they're sunk before they leave dock.

      In the same breath, I will just state what I have seen someone else on /. state, and I found humorous: black hats are good hackers, white hats are good fakers, and grey hats are good liars.

      --
      Linux: The world's best text-adventure game.
    5. Re:No, no, no! by divisionbyzero · · Score: 5, Insightful

      Hmmm... clearly if this kid has any brains he would know that he is under scrutiny. So what's he going to do? Spend all day looking for where the logs are kept and trying to get into the machine that stores them. It would be trivial to find out which machine is storing them because a connection has to be opened to his computer at some point and not only that since the logs would be generated on the machine and downloaded, assuming there wasn't a persistent connection for continual download which would also be blatantly obvious, the log file itself would be the perfect vector for malicious code.

      For most crackers it is the thrill of defeating someone in power that gets them going. Trying to control him would only encourage him. No, if you can't trust him, then don't hire him, and someone that consistently has moral lapses is clearly not trustworthy.

    6. Re:No, no, no! by sunjin · · Score: 5, Interesting

      An important point to consider is that by hiring him you are sending a message to others that cracking is a good way to get a job. Do we really want a bunch of script kiddies trying to make a name a for themselves thinking it will turn into a career?

  2. Bad analogy by Anonymous Coward · · Score: 5, Insightful

    It'd be more like hiring a doctor who was convicted of illegal cloning experiments to work on alternatives to organ transplants.

  3. hacker? by BoldAC · · Score: 5, Insightful

    What a loaded question?

    Would I hire a worm-writing kid? No.

    Would I hire a gray-hat security genius? Absolutely.

  4. Depends on what you do by stratjakt · · Score: 5, Insightful

    A security company might benefit from his experience, or even just the marketting angle "the best hackers work for us!"

    In the field I'm in, he'd be a liability. We do government stuff, relating to law enforcement, and while we're not a bunch of angels, we don't want any skeletons in our closet either.

    --
    I don't need no instructions to know how to rock!!!!
  5. definitely not by staticdaze · · Score: 5, Funny

    Fear the day that you ever have to let him go.

  6. Hackers and Hiring by Archangel+Michael · · Score: 5, Interesting

    I think it would depend on the QUALITY of the hack. A poorly written hack that breaks out in the wild, that causes unintended results would prevent me from hiring said person.

    However, if the hack is an elegant piece of code, that does exactly and only what the author indended would be something I would consider.

    Originality also would count. The creative nature of the hack would also weigh in. This prevents script kiddies from modifying existing hacks from the "application" for the job.

    In otherwords, I would evaluate each hack and make judgements on the over all skill, novelty and execution of the hack, all skills needed for any programming job.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  7. Akin to a serial killer - moronic statement. by Anonymous Coward · · Score: 5, Insightful

    The FBI hired Frank Abagnale Jr. as a counterfeit specialist and it turned out to be a good thing. Why? Because he was just a freaking teenage KID that happened to be misguided through lack of maturity. If this teen hacker was given a little direction and purpose with his life then he could steer everything completely around.

    I can't believe that comment about hiring him being similar to hiring a serial killer as a doctor. The director that spoke that comment is an idiot.

  8. Nope. by captnitro · · Score: 5, Interesting

    Use of the term 'hacker' here is a misnomer. Would I hire someone who has a broad technical ability and excels in why things do and don't work? Absolutely. But allow me to go on a little old-man rant here (and hell, I'm in my 20s): viruses these days aren't what they used to be.

    In the 1980s-1990s, you could pick up a copy of 2600 and read the code for a relatively complicated polymorphing boot sector virus -- complicated because it took a good knowledge of assembler, specific system calls, the boot process on a PC, etc., among other things. With a few tweaks, it would be slow-incubating, but deadly.

    The internet has changed the way we deal with security, because no longer is the question "How clever is the virus?" so much as it is "How cautious is the user?" Example: the "Microsoft Office 2004 Beta" for Mac appeared on P2P networks a few months ago. When run, it deleted the contents of your user folder. Devastating, yes, but nothing I couldn't do myself without programming knowledge. So the 'virus' wasn't clever, tricky, or even unique in function, except for the method of delivery, which was social in nature -- not technical.

    The same applies to security holes in your OS. Whether the hole should be patched is another discussion, but taking the obvious routes through those holes to bring down computers isn't particularly noteworthy. If everyone at my office has VNC installed without a password, and I go delete their My Documents folder at noon today, am I a hacker? No. I'm just a prick.

    So when you ask, "would I hire a hacker?" Yes.

    But when you ask, "would I hire someone who creates/uses something annoying and not that special; requiring a moderate level of programming skill if at all; that relies on the user to activate it or a major security flaw in the OS?" Absolutely not. These kids' salaries should be going to sociologists who can better analyze group behavior, and real coders, not scr1pt k1dd13z.

  9. Re:My employer does... by friendscallmelenny · · Score: 5, Funny
    They put computers online in honeypot setups

    mmm honey

    I give up, what sort of stuff do you do at National Endowment for the Arts?

  10. Amen! by PCM2 · · Score: 5, Funny

    Hear hear! I can't stand how many people keep making this simple mistake. By calling destructive computer criminals "hackers," you're bringing down everybody who codes for the love of it. Lots of us have been calling ourselves hackers for years, only now to get painted with this negative brush.

    I don't expect the mainstream press to know any better, but this is Slashdot. Can we please try to keep our definitions straight?

    A hacker is a skilled, passionate computer programmer -- nothing more.

    A person who commits malicious computer crimes is a biscuit. Like those evil software pirates who walk around with those parrots on their shoulders: "Polly want a biscuit!" Get it right, people.

    --
    Breakfast served all day!
  11. Re:My employer does... by SpyPlane · · Score: 5, Interesting

    All you script kiddies out there who are drooling, be warned that you probably wouldn't have a chance in hell of getting a TS/SCI security clearance.

    Move along, certainly nothing to see here. BTW I second the post that the Mod's are gullible today. Of all days that I have no points.

    --
    "We need a fourth law of Robotics: Stop Fingering My Wife"
  12. Re:Extreme comparisons by stratjakt · · Score: 5, Insightful

    It doesn't necessarily prove any talent at all.

    It proves they go to their favorite hacker website, download some proof of concept code, and wrap some VBScript around it.

    I wouldn't call Sasser a work of genious, but a work of pure assholery. He didn't invent something, or do it to prove a point. The point was proven, the exploit was known. He did it to be a 1337 h4x0r.

    I think the fact that these teens exist is a result of their own stupidity. Guess what, you want to commit crimes for attention, it just might fuck your entire life up.

    Try and get a job in retail with a shoplifting conviction. Try and get a job as a kindergarten teacher with an assault conviction. Try and get anywhere in politics with virually any conviction greater than a traffic violation.

    Boo hoo for teens too stupid to realize actions have consequences, sometimes life long consequences. And I'm sick of people blaming "the education system" or "society".

    This kid was mentally developed enough to know what he was doing was wrong, and did it anyways. He's lucky to be offered a job doing anything more technical than digging holes in the dirt.

    --
    I don't need no instructions to know how to rock!!!!