Hiring a hacker? Think again, experts warn

Posted by: Digital Geek

Hiring a hacker? Think again, experts warn - 05/23/05 12:23 PM

While a hacker may sound like the perfect person to hire to spot flaws in a company's network security system, these computer whizzes do not actually make for good employees in the industry, experts warn.

Hackers, who illegally access and tamper with computer network systems, often have ethics and values that contrast sharply with those of most companies, even after they try to "go straight". They can therefore have a hard time learning to play by corporate rules, Louise Yngstroem, a professor of security informatics at Stockholm's University, told AFP.

"These people have yet to take a stand with regard to their own integrity, which is not necessarily in line with that of the company. Normally you want an employee to share the company's values," she said.

"It's naturally a big plus to have someone who can spot all the weaknesses (in a network), and the hackers' knowledge is valuable. But nonetheless it is important that employees in key positions share the same ethics," Yngstroem said.

She said it can be "really hard to get hackers to change their attitudes".

Hackers can also have a hard time working as part of a team striving towards a common goal.

"Hackers are often mavericks, who sit alone at home" for hours in front of the computer, she added.

That is likely the case with a 16-year-old Swedish teen whom authorities suspect of breaking into US tech giant Cisco Systems' network and stealing source codes, which were then used to attack computer systems serving the US military, NASA and research organizations.

More than ever before, companies are seeking out expertise to bolster their security systems as hacker attacks become more frequent and more advanced.

"Attackers are launching increasingly sophisticated attacks in an effort to compromise the integrity of corporate and personal information," US security software goliath Symantec's vice president Arthur Wong said recently.

Yngstroem urged companies to be cautious when hiring programmers, stressing that employees' ethics can be crucial when their judgment is called upon, for example when deciding whether to report problems to law enforcement authorities.

"Internet security can border on police and security work. So you have to be extremely careful about the people you hire," she said.

Yet hackers themselves sometimes have a romantic view of their cyberspace actions. They may claim that they are doing something altruistic -- such as testing a company's security system or sending out an anti-virus programme through an Internet worm -- and therefore hope to get hired as programmers.

Usually, it does not work.

But in the case of Sven Jaschan, an 18-year-old from Germany, it did.

Jaschan is accused of writing the Sasser worm that last year affected thousands of companies and as many as 18 million computers worldwide, forcing some businesses to shut temporarily in order to debug their systems.

He has since been hired by German computer security software vendor Securepoint to create firewalls, which stop suspect files from entering computer systems.

"He has a certain know-how in this field," a company spokesman said after Jaschan was hired.

Yet security experts remain sceptical.

"There are several cases where people with shady backgrounds have gone straight and gotten hired. But we would never hire a guy like that," Mikko Hyppoenen, head of anti-virus research at Finnish computer security firm F-Secure, said.

"Our customers would be uneasy about the thought of virus writers running codes on their system. We don't need the grief, no matter how good he might be," he said.

Also, hiring hackers gives the wrong image of the industry, Hyppoenen said.

"It gives the wrong impression to kids who are in school. We should be giving the impression that virus writing is bad. If virus writers get hired it defeats the whole concept we are trying to get across," he said.

He said that his company, which has 340 employees in 10 countries, thoroughly screens all potential hires, doing background checks with authorities.

One hacker who tried to attract the attention of the corporate world ended up making a not-so-wise career move.

A 26-year-old Hungarian computer whiz who dreamt of working for Swedish telecom giant
Ericsson discovered security flaws in the company's network and hacked into the system in 2002 in a bid to show off his talents.

The following year, source codes to a number of Ericsson mobile phone models turned up on the Internet.

Ericsson took the man to court, and instead of a job offer the Hungarian was given three years in jail for corporate espionage.

SOURCE