However, if you want to prevent criminals from hijacking your systems then perhaps a hacker is exactly the person you need for the job. At AlienVault, we pride ourselves in working with hackers and having them as part of our team.
If you need a flat head screwdriver to remove a screw, would you use a cross head? Of course you wouldn’t – it wouldn’t work for one reason. Similarly, if you needed to dig a hole would you use a spoon? While you’d get the job done the time wasted could be better invested elsewhere. It’s only natural to use the tool that’s been perfectly designed for the job yet, for some reason, when it comes to securing the corporate infrastructure, many are frightened by the idea of hiring a hacker. I believe they’re missing out.
I believe you should call a spade a spade and a hacker a hacker – ethics is irrelevant. I also define a hacker as ‘someone who thinks a certain way about technology’. For that reason, if you want to make sure your systems are secure then the best way is to test their strength and that would be best done by someone ‘who thinks a certain way about technology’.
That said, not all hackers are the same so here are the skills, I believe, a hacker should display:
Out of the box
My hacker definition sums this up perfectly. Rather than looking at how something should work, a hacker will approach it from a different angle. He won’t try your ‘security doors’ to make sure they’re locked, but instead push on the wall around it to see if the bricks hold up and if the windows have glass -- does the putty hold them in place.
‘No’ isn’t in his vocabulary
Tenacity is another key skill a hacker must possess – someone who doesn’t take ‘no’ for an answer. Take a locked door – there are a number of ways of ‘opening’ it and a hacker will keep trying until he manages it. Of course the easiest way is to locate the key but, if one isn’t on hand, then can the lock be picked? Can it be drilled? What about cutting the lock out altogether? I think the phrase from a legendary film - ‘You’re only supposed to blow the bloody doors off’ perfectly encapsulates a hacker’s enthusiasm to get the job done.
Morals of an alley cat
Now, before everyone starts baying for my blood, I don’t for one minute advocate paying a criminal for his services – unless they’re rehabilitated and you’re into second chances. However, a hacker needs to think and act like a criminal or what’s the point. Criminals don’t play by the rules and being afraid to push the boundaries is why a lot of companies end up experiencing breaches.
Porridge for breakfast
While I’ve said there’s no reason why a rehabilitated hacker shouldn’t be employed, it does raise serious concerns – primarily, why did they get caught? Professional hackers will pride themselves on their skill at infiltrating systems, undetected, and will certainly not want to leave an electronic ‘fingerprint’. A criminal conviction shouldn’t be seen as a ‘qualification’ but rather testament that perhaps they’re not up to the job!
A big head
An egotistical hacker isn’t necessarily a brilliant hacker – in fact quite the reverse is often true. I’ve sat and listened to far too many people claiming responsibility for something that I’ve known they didn’t do - often because I was in fact responsible, but that’s for another time.