If the FBI Hired A Hacker, Why Shouldn’t You?

-
By Charles Cooper
After Apple rebuffed an FBI request for help cracking a San Bernardino terrorist’s iPhone earlier this year, the agency sought out assistance from professional hackers. And that decision isn’t unique.
Over the years, companies and government agencies have often hired former hackers - including some with checkered pasts - to test the security of their IT infrastructure.
Mining for talent
This underground talent pool consists of hackers known as “white hats,” “grey hats,” and “black hats.” The boundaries are often fluid, but they break down along these general lines:
  • White hat hackers, often referred to as ethical hackers, work to raise the general level of cybersecurity. After finding vulnerabilities, they alert the companies that originally developed the software so they can fix the problem.
  • Black hats act out of malicious motives, using their skills to break into computer networks and steal personal or corporate information.
  • Folks in between constitute a category described as “grey hats.” They don’t easily fit into one camp or the other. For instance, it’s believed that at least one of the people who helped the FBI was a grey-hat hacker.
Critics who discourage the practice argue that hiring a hacker is akin to bringing in Bernie Madoff to manage your money. So why turn to programmers with uncertain backgrounds in the first place? Here are two big reasons:
  1. The worsening skills shortage: Many companies are scrambling to hire skilled network security professionals. Despite repeated pledges by industry and political leaders to ameliorate the situation, cybersecurity job postings take 24% longer to fill than other IT job postings and 36% longer than all job postings, according to a database of online job postings compiled by the site Burning Glass.
  2. These folks are usually very good at what they do: In the San Bernardino case, for example, the FBI was stumped how to neutralize an iPhone security feature. But it didn’t take the hired hackers long to produce a tool that bypassed Apple’s protections.
Trust but verify
In the end, the decision to hire a former hacker boils down to a matter of trust, and so requires closer-than-normal vetting. Even if the candidate has amazing talents and can fill a vital need, this is a buyer-beware situation, where the onus will be on the organization to get it right on the first try. If you decide there’s a potential fit, then craft policies and procedures that will protect the organization in case there’s later cause for regret.
Apply proper restrictions governing network access. Spell out in the employment contract the areas of the network that are off limits and the penalties for violating those boundaries.
Former hackers should receive only the access they need to do their jobs and common sense dictates that they never receive administrative passwords. 
IT should also regularly monitor the former hacker’s network access patterns and be alert to any suspicious activity. 
Lastly, companies should change passwords when employees leave as a matter of policy. That’s even more true when the exiting employee is a former hacker. It’s just common sense.

Charles Cooper has covered technology and business for the past three decades. All opinions expressed are his own. AT&T has sponsored this blog post.
Source: CSO

Comments

Post a Comment

Popular posts from this blog

US says Russian jet flew 10ft from plane over Black Sea

-
Image
REUTERS Image caption Russia says its SU-27 fighter jets were trying to identify the US plane The Pentagon says a Russian fighter plane flew within about 10ft (3m) of one of its reconnaissance aircraft operating over the Black Sea. US officials described the intercept by the SU-27 jet on Wednesday as "dangerous and unprofessional". Russia's defence ministry said the US plane had been approaching Russian territory and the SU-27 pilots had adhered to international rules. Russia is currently carrying out military exercises in the Black Sea. Pentagon spokesman Capt Jeff Davis said the US Navy P-8A Poseidon aircraft had been conducting routine operations in international airspace when the Russian fighter made the unsafe manoeuvre. "These actions have the potential to unnecessarily escalate tensions, and could result in a miscalculation or accident," he said. A US defence official quoted by AFP news agency said the Russian plane had f...
Read more

Entertainment week in pictures: 28 August - 3 September

-
Image
A look at some of the best images from the world of entertainment and arts over the past week, including Justin Bieber breaking records, Newzoids' Strictly puppets and Simon Cowell's surprise kiss. The America's Got Talent semi-final was eventful for head judge Simon Cowell as model Heidi Klum surprised him with a few brightly coloured kisses. REUTERS/JIM URQUHAR A "mutant vehicle" shot flames into the air at the 30th annual Burning Man festival in the Black Rock Desert, Nevada. AFP The Venice Film Festival kicked off, with this year's jury posing for photographers. Bond director Sam Mendes (centre) heads the jury, which also features (from left) Italian writer Giancarlo De Cataldo, French actress Chiara Mastroianni, US artist Laurie Anderson, Venezuelan director Lorenzo Vigas, German actress Nina Hoss, Chinese actress Zhao Wei, British actress Gemma Arterton and US director Joshua Oppenheimer. Festival director Albe...
Read more

Best Marketing tool that exist, Discover it N you won't regret it!

-
Image
Thousands and thousands of people are trying to convince online marketers with many apps and software online with promises that their product would get a lot off traffic by using their software and ad and promotion strategies and got frustrated after realizing most of them do not work as promised. But i am about to direct you to is a miracle of Ads and promotion software. It is an automated software that even you sleep it keep pushing your product Ad. to the population, destination and the market niche you are targeting. If you think that that avoiding scammers and false promises that you get caught up with and saying i want to work with legitimate software that will bring your business known every where and will generate a lot of sales. Why don't you try this one the ADCARDZ Viral Advertising eBz link!  https://cutt.ly/nwOu43w
Read more