"These guys obviously have the ability to be effective," said Peter Rya, security manager for ITNET, an outsourcing firm. "But it's almost encouraging youngsters to write viruses so they can get a job. I can understand the short-term business benefits, but it's a bit worrying when you think that there's nothing to stop them doing it again."
The managing director of security firm Utimaco said she would not employ an ex-virus writer: It wouldn't be our policy to recruit ex-hackers," she said.
"If they had written malicious code, how could you ensure that they didn't do it again? It certainly wouldn't be for us."
But other security experts seemed to think it was good business sense to hire ex-virus writers.
"This is an issue that relies on ethics," said Claudia Aguire, security specialist for SAP Switzerland. "But the company has to take into account that these people know where to be focused to see problems. And if they know that, they know how to protect you. Functionally, it would not be such a bad thing."
Peter Higginson, security executive for Coors Brewers, agreed: "It's better to have them on the inside than on the outside. I think it's a good thing, but you'd have to keep them happy to stop them doing what they might have done before. It comes down to how much you trust your employees. But it could put HR in a tough spot for not employing someone on the basis of their background."
Firewall company Securepoint has offered Sven Jaschan, who is reported to be responsible for more than 70 percent of viruses in the first half of this year, a position because of his abilities, according to press reports.
Gartner's IT Security Summit ends today.
Talkback
Hire a hacker? Yes.
Hire a cracker? Not without a very good reason.
Hire a virus writer? Again, not without a very good reason.
The media's use of the term "hacker" is often, even usually, incorrect.
See The Jargon File for details.
Yeah, my entire team would be full of the people only seeking to advance technology on their own. I mean if they can do it and my current employees can't or couldn't have prevented it, who better to be part of a company? Someone with vision? Someone with ideas? Someone not afraid to take action? It's all about talent, ethics and risks involved, I'd favor this idea.
My whole team is full of them.
If they can pass rigourous security checks for current activities and affiliations, can demonstrate that their attitude is now a bit more mature etc.. and they can fulfill a useful role because of their technical skills, will fit in to and work with the rest of the team etc,. why not? We have plenty of ex-poachers turned game keepers that don't go bad again. And plenty of disaffected employees who had clean records but take secrets with them when they leave, sell to competitors, get revenge on the asshole company that just got rid of them etc.
Hiring a hacker is like paying ransom to a kidnapper... you are rewarding the very behaviour you seek to diminish.
But then again, why would anti-virus companies want to diminish the growing number of exploits. It is in their self-interest to actively encourage virus writers... including rewarding them with lucrative job offers.
Perhaps I could get a job protecting a Bank, by first robbing it. If the banks adopted the same mentality, we shouldn't be suprised if robbery was a daily occurance.
I think you are probably well aware now that your terminology is in fact incorrect - I would actually hire a HACKER and be proud of it (kinda afterall theyre a strange beast). Its unfortunate that you used hacker where you shouldve used CRACKER.
HACKER is a bonafide term with positive connotations within the industry and amounts to anyone who can in fact edit code ie legitimate programmers???.
A CRACKER is the nasty little bugger that cracks and penetrates others websites and does all the weird stuff we dont like exactly like the silly immature little shit your article kindly details.