posted on Apr, 25 2003 @ 08:12 PM
Debate: Should You Hire a Hacker?
By Deborah Radcliff, SecurityFocus Apr 15 2003 9:19PM
SAN FRANCISCO--Should corporations hire known hackers with criminal records to test and secure their networks?
The question, posed to four panelists at the RSA Security Conference held at the Moscone Center today, pitted hacker Kevin Mitnick against Christopher
Painter, who prosecuted Mitnick in 1995.
Mitnick argued that hackers, if reformed, make excellent security consultants because of their nature of pushing technology to the limits and their
skills in penetrating computer systems.
Painter, now the deputy chief of the Computer Crime Section of the Department of Justice, disagreed. Criminals are criminals, he explained. And paying
known ex-criminals to safeguard a company's intellectual property is like having the fox guard the henhouse, which was the title of the session.
Ira Winkler, the outspoken chief security strategist for Hewlett-Packard agreed vociferously with Painter. Winkler last week squashed an internal H-P
proposal to bring Mitnick in as a paid guest speaker.
"If you were a Fortune 500 company and you hired a hacker with a criminal record to test your systems, what would you tell your shareholders?" he
asked. "Besides, what specialty skills do criminal hackers bring to the table that security experts without records don't already have?"
Breaking into a computer is easy, Winkler continued. Closing up security holes is the more difficult task -- a skill most hackers lack, he argued.