hacker vs hacker ...

Hire hackers to catch other hackers? | ZDNet

i already thought it was like that

its the new spy vs spy (ahh mad magazine)

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

the_Grinch

I feel this has been proven not to be a successful strategy. Ask the Secret Service how well hiring hackers they caught has worked out for them. Stuff like this shows how little people truly understand information assurance. When companies choose to not follow effective policies and guidelines they open themselves to attack. Also, you can only mitigate risk not eliminate it, unless you just choose to unplug. So go ahead and hire the hackers, you will see the same results. Implement a system of least privilege, enforce effective password policy, follow established guidelines for resource deployment, and setup end user security awareness training. Use that method and you will see better results....

Everyone

The greatest threat is always from within. So bringing your biggest external threats inside seems insane.

Devilsbane

Ever seen the movie catch me if you can? Its based on a true story of a guy who made $2.5 million doing check fraud over a 5 year period. After less than 5 years in prison, guess where he was working.... FBI

Frank Abagnale - Wikipedia, the free encyclopedia

MrRyte

Imagine the scenario: hacker(s) gets arrested for his actions. The company or some official then makes a deal with the guilty party to use his/her/their talents for good in exchange for a reduced sentence. So instead of being punished, they're now being rewarded with even GREATER access to the places that they were trying to break into.....hmmm.....

Everyone wrote: »

The greatest threat is always from within. So bringing your biggest external threats inside seems insane.

Couldn't agree more. That's like hiring an alcholic to guard a liquor store.

Michael2

It might seem like a pretty logical choice to someone who doesn't know anything about network security. To someone who knows about system security though, the flaw in this reasoning is obvious. Why would you hire someone to work for you if you don't have any idea what they're doing, no way to monitor them, and if they can make more money than you would ever dream of paying them by not working for you?

Everyone

Devilsbane wrote: »

Ever seen the movie catch me if you can? Its based on a true story of a guy who made $2.5 million doing check fraud over a 5 year period. After less than 5 years in prison, guess where he was working.... FBI

Frank Abagnale - Wikipedia, the free encyclopedia

Great movie. Difference here is he was under close watch while working for the FBI, and worked without pay. It was an alternate means of paying his debt it lieu of serving the rest of his prison sentence. He was a rather brilliant man, that turned his misguided youth into a legitimate career, eventually using his talents for good.

DevilWAH

In my youth, some of my friends where "hackers", they didn't steal, didn't wreck system. Just loved working out the system and finding out how they worked and ways around the blocks. One of them was stunning in how he could deal with IRC servers and clients. I thought I knew a bit but he jsut attacked like a knife though butter.
Would I hire him, knowing what he was like? Like a shot I would.

This is very different from a politicaly motivated or self gain motivated "Hacker", that is a much more dificult question to answer, some criminals still do it for the primary reason of the challange, While others do do it for more malicious reasons.

For "Hackers" who really do it just for the challange, then they are generaly happy working either side of the law and will walk the line if given the optunity. It's that area, Black hackers are nasty, white hackers are a bit of a waste of space (bit like asking a paintballer to go to war with real guns), then there are the "Grey" hackers, Most often this is where the real skilled ones fall.