Employing Ex Hackers
Many companies hire ex hackers to help them with their information security risk management efforts. Although experienced and dedicated system hackers have very good technical skill sets when it comes to penetrating a corporate system in an attempt to identify security vulnerabilities for management, they also sometimes pose a great business risk due to their creativity, curiosity and competitiveness. While both companies and computer hobbyist as I’d like to call them can greatly benefit from each other, these highly technical and sophisticated individuals must not be left unmanaged while they remain on the companies' payroll.
Most recently, there was a $US 900 million corporate espionage lawsuit against a company alleging that the company purposely hired a professional hacker to spy on its competitor and post confidential information pertaining to the competition on the Internet. Although, the company denied any wrongdoing, the allegations pose serious questions regarding the company’s hiring practices and monitoring of expert activities while officially working for the company. These types of allegations should not be taken lightly which could have not only devastating financial consequences but also raise questions of integrity and unethical business practices that the company must very quickly address.
I'm unsure of all the details of this particular case and whether the company knew about the hacker's extra curriculum activities, however, a lot of things can go wrong any time a company places computer security hobbyists, especially ex hackers on its payroll for sensitive projects without monitoring them. Whether a company knows about illegal activities of its employees or not, the fact of the matter is that this security expert was not properly managed while working for the company, and what makes it even worse is that the company knew of the expert’s past unethical activities and failed to properly monitor his activities. Because corporate espionage is so common, I will not be surprised to learn that select company management members who hired the computer expert potentially instructed this person to commit illegal acts while rewarding him with extra bonus without the knowledge of other management members such as the Chief Ethics Officer, however, the risk to the company remains the same whether management knew about his actions or not. However, if a company resorts to illegal activities on purpose such as using ex hackers to penetrate a competitor’s system in order to spy and steal confidential information, the company deserves even more punishment. I can understand that these highly skilled ex computer hackers can return from the dark side and actually contribute to rather than harm the society, but, they must not be blindly trusted and left alone without proper monitoring and oversight. After all, hacking is exactly what they used to do for hobby.
The best lesson we can all learn from such cases is that "key" employees’ activities must be monitored, inside and outside systems, to detect suspicious behavior that would potentially be damaging to the company’s integrity, reputation and bottom line such as in this case.
Return to workplace information protection from "ex hackers" for other related articles.
Identity Protection Insights Newsletter
Effective identity protection requires dynamic and integrated solutions. This site provides awareness, education and many solutions to address the growing problem of identity theft. Please sign up for the Identity Protection Insights newsletter to receive periodic notification of important articles and solutions, major identity theft news analysis, fraud alerts, and other service announcements.