Cyberterrorism expert Tony Valletta said, “Yes.” Tim Landgrave said, “No, oh, well, maybe.” The question: Would you hire a hacker? We discovered there’s a tremendous range of opinions on the issue, so we posed the question to you in our recent article “Would you risk hiring a hacker?” . We weren’t prepared for how strongly you felt about it, or how much some IT managers wrestle with the pros and cons of hiring a hacker.
Here’s how TechRepublic members responded to the question of hiring a hacker: 57 percent said Yes, 25 percent said No, and 2 percent said Maybe.
First, a clarification in terms
While most of you had no problem with the word “hacker,” a handful of readers took issue with us for using that word instead of “cracker” to refer to a malicious hacker. MarkB said, “Please get it straight. Hackers are the good guys. Crackers are the bad guys. You should have used cracker everywhere you used hacker.” Bodebliss took it more personally: “You wound me, sir. I consider myself a hack and have never perpetrated any harm.”
Cozzine talked about “ethical hacking,” and said, “I have been deep into what makes computers tick for a long time. To me, a hacker is someone who digs deep; a criminal is someone who wrecks things (computers, systems, etc.) along the way. Never done that, never will.” Msmith thought we needed a new word to describe those “who gave themselves over to the dark side.” He suggested “Darth Hacker.”
Bmeyer said, “The folks you are referring to are called ‘crackers.’” He added, “Only script kiddie wannabes and the media refer to them as ‘hackers.’” According to Datacrime2, “We can banter all day with useless diatribe trying to differentiate between hackers, crackers, coders, script kiddies, keyboard kiddies, and now my new personal favorite: ‘packet monkeys.’”
Jgowin is frustrated by what he believes is our misuse of the terms. He said, “What you described…is a cracker. Not a hacker. And I wish, for once, that journalists would get this right.” Others concurred that the media has it wrong. However, Timber blamed it on the government: “Thanks to the government, the term ‘hackers’ has gotten a very bad rap!” Pksengupta said, “You need to distinguish between a ‘hacker’ and a ‘cracker.’ If you read hacker documents, you will see that the true hacker is a maverick and an expert IT pro. He is clever, but not malicious. As they say, hackers built UNIX, the Internet, Linux, etc. They are not into deleting someone’s files. The cracker is a sociopath who wants to hurt people…We need to protect the names of good people and not brand every low-life goon as a hacker. He does not deserve the honor of such an appellation.”
Others don’t differentiate between cracker and hacker at all. Instead, HerbKolodny said, “The difference between a good hacker and a bad one is often a measure of maturity.” King Sevin said, “Not everybody who is called a ‘hacker’ breaks into secured areas. Most of them (including me) are just harmless programmers that like to ‘hack’ around for fun, not for corruption.”
We’re actually talking about hackers, not crackers
So who were we talking about when we posed our question? Well, we were really talking about hackers, the people that Pksengupta called “maverick IT experts.” The people with the skill, the background, and the experience to break into systems without leaving a trace.
Regardless of any harm caused, however, it’s still like breaking into a house, walking around, and then leaving without disturbing anything. Hackers have the knowledge to go to what some of you called “the dark side” anytime they’re really ticked off. Or maybe they wander around others’ property just because they want information, and they believe all information should be free—even a company’s proprietary information. Maybe the hackers you’re talking to do this. Maybe they don’t. But that’s the risk you take if you hire a hacker. And that’s what our question, “Would you risk hiring a hacker,” was really about. Many of you took it that way, and therefore said “yes” to our informal survey. You were prepared to deal with this threat. Those of you who said “no” were—generally speaking—saying “no” to hiring a cracker, a malicious criminal. But the line between hacker and cracker can sometimes be rather fuzzy. And how will you know, for sure, which is which? At the base of the hiring decision is the issue of trust.
How do you hire/fire a hacker?
When you hire a hacker, FGLENN wants to know: “How do you test a hacker to see if that person is a hacker?” Wjbean especially questioned the ability of the human resources department to tell the difference between a cracker and a hacker. He also wondered, “What perks can one possibly offer such a person? ‘You be good and we won’t bust you…Screw up and we contact the FBI…CIA?’” DPoole said he wouldn’t hire a hacker because “I could not trust him/her. Especially if I had to lay off or fire that person. I would feel uncomfortable knowing that the hacker could try to get revenge.”
Maybe I would hire a hacker
Kthan said, “It depends upon many criteria. I would not close the door on hiring one, though.” Wwellman said, “I would try to learn as much about the hacker’s background as possible, which could be very difficult. If, however, after interviews, I felt the risk was minimized as opposed to the potential gain, I would hire, but with stipulations. Bottom line: Maybe.”
No, definitely not!
Analogies ran rampant throughout your “no” votes. Dtoland asks, “Would you hire an accountant that has a history or tendency toward embezzlement?” AgaveAnejo said, “Would arsonists make good firefighters? Would murderers make good doctors?” Ddougherty likened the situation of “hiring a hacker to prevent hacking” as a protection racket. “I seem to remember Al Capone as one of the major proponents of this game.” 71Stingray compared it to hiring “a child molester to babysit my kids.” Mrussell said, “Hiring hackers is like hiring a wolf to guard the chicken coop.” He added, “Hackers are people who are mostly obsessed with playing, showing off, and getting a reputation rather than getting work done. The results of the hackers’ play are convoluted, undocumented features in just about everything they touch. This does not substitute for security.” His recommendation was to “find a person with real technical skills, allow them to keep their training current, and you will be much better off.” Ifc said, “I believe that those who would hire hackers are as morally bankrupt as the hackers themselves! A hacker is no different from a terrorist who would hijack an airplane full of innocent people.”
Others expressed their opinions in a more direct way. Dcoudert said, “No way. Hiring a hacker only encourages other hackers. Do something rotten and you get rewarded with a job,” he added, tongue-in-cheek. Tscrogh said, “No. I would not hire a hacker. These people are criminals. Hackers should be processed through our justice system first, then they can be given a ‘second chance.’ I would much rather pay a respectable consulting firm for their expertise than take a chance on someone. Good technical skills can be bought through consultants and training; good ethics and morality can’t.”
Other readers were also direct and to the point: “No way,” said lhawk. “It’s a matter of trust and vulnerability for the life of your environment.” Jalws said, “Definitely not. These people should not be rewarded.” Progrock2 summarized the “No’s” with: “I think the people who are using their computer knowledge for unethical purposes are giving all programmers and the industry a bad name and reputation.”
Dmattingly said, “Hackers like to tinker with systems and explore the limits of what they can and cannot do. There’s nothing wrong with that; it’s learning by doing. For hackers, the systems are a passion. It’s the love of learning that drives them. Crackers, though, have similar skill sets as hackers, but have a malicious intent. They are the ones who write viruses, wipe out systems, etc.”
Yes, I would hire a hacker
There were so many thoughtful reasons given in favor of hiring a hacker that we will save them for a follow-up article. But here’s a preview. According to DPIOTROWSKI, “If it came down to it, yes, I would hire a hacker to give us the hands-on training that can’t just be taught anywhere. The things that they know, you don’t get out of PC Magazine.”
Thanks for your responses
We were pleased with the many responses to our informal survey about hiring a hacker.
If you have something to add to the debate, we’d like to hear from you. Post a comment below, or send us an e-mail.