Christopher Painter, deputy chief for the Computer Crimes and Intellectual Property section at the US Department of Justice and another member of the panel, agreed that hackers convicted of cybercrimes haven't shown responsible behaviour and thus should be suspect. "What hackers have shown is a disrespect for others' rights and property," he said. "What does that mean, especially if I am going to give them the keys to the kingdom?" Painter, who prosecuted Mitnick's case, stressed that hiring hackers adds a risk to the security equation that companies may not want to take. Yet hackers, who have learned by doing, frequently have skills and knowledge that others don't have, said Jennifer Granick, the clinical director for Stanford University's Center for Internet and Society and an attorney who has represented those convicted of cybercrimes. Granick argued that some activities in security require a person to have a hacker's mindset. "There is something about computer security that requires you to think about how to circumvent protections," she said. "You have to anticipate those uses to protect against them." She stressed that hiring people who have committed a cybercrime is not rewarding the crime. "Hackers think just like other people think when they commit crimes, which is, 'I will not get caught,'" she said. Even Winkler admitted to hiring members of the Ghetto Hackers, a so-called ethical hacking group, but he said the group doesn't promote illegal hacking and has real-world credentials. "I hire people based on résumés, not on criminal records," he said. While many people admit to being an old-school hacker -- that is, someone who simply likes to play around with technology -- hackers are now generally thought of as those who break into systems. Mitnick said that even criminal hackers can change their ways and want to help foster security, not hurt it, in the same way that many drug addicts recover and go on to counsel others. But the Justice Department's Painter said that Mitnick's analogy missed the mark. "It's asking the drug addict, not to be the counsellor, but the pharmacist," he said.
For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.
Let the editors know what you think in the Mailroom.
