Strategic CIO // Team Building & Staffing
News
6/28/2012
01:15 PM
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

How To Hire A Hacker

Hackers might have shady pasts, but they can also bring a lot of IT expertise to the table. Should you consider hiring one?

Who Is Anonymous: 10 Key Facts
Who Is Anonymous: 10 Key Facts
(click image for larger view and for slideshow)
They're the bane of the IT security professional's existence when they're on the wrong side of the law, but the truth is, hackers often understand the nuances of network security better than your average CSO. So is it safe to bring a hacker into your IT team?

According to Shane MacDougall, there are pros and cons to hiring a hacker. MacDougall is a partner at Canadian security consultancy Tactical Intelligence, a hacker at the DEFCON Hacking Conference, and last year's winner of Social-Engineer.org's The Schmooze Strikes Back hacking contest.

"Every IT department needs to hire an ethical hacker," says MacDougall. But his advice comes with a warning: "You really do need to check the background on who these people are, who they've been hanging with, and who their crews are." MacDougall offers these tips for hiring a hacker that's right for your IT shop:

Ensure a good fit. No two hackers' skill sets are exactly the same. For this reason, MacDougall recommends that you carefully consider why you need to hire someone in the first place.

For example, if your company is focused on programming, MacDougall says, "Somebody who has a lot of background in breaking applications is a desired skill." On the other hand, a network operations center might look for a network ninja who is handy with lots of network sniffing tools. Finally, if your company needs a systems administrator, a hacker who has broken into systems and who knows how to find the holes within various servers and where vulnerabilities exist might be the best bet. "They're all very unique jobs and they all take very unique skill sets," says MacDougall.

[ Read more about the government's use of malware for security purposes. See Was U.S. Government's Stuxnet Brag A Mistake? ]

Be prepared to embrace open source. Most hackers are open source enthusiasts--a plus for companies who need to stretch IT resources. "It's advantageous to have someone who is familiar with open source tools because they're a lot easier to deploy in a lot of organizations, and it can make a company a lot more agile in terms of software development and network administration," says MacDougall.

Still, for hackers to put their open source skills to good use, MacDougall says, "It's critical that senior management has bought into open source or that you have a visionary CTO or CIO who says open source is the way we want to go." Without this leap of faith on the part of an IT leader, according to MacDougall, a hacker's open source prowess will simply go to waste.

Limit time spent underground. One of the most impressive things a hacker can bring to the table is access to an elite--and often underground--network of IT whiz kids. But while this brain trust can prove useful, MacDougall warns, "If the hacker is involved in the underground scene and frequents a lot of forums and IRC chats, you still need to be very cautious. You can get a lot of blowback."

For example, MacDougall points to the hacker who spends hours plumbing forums for tidbits on "zero-day" attacks. "I have to seriously question the value of spending all that time underground," he says. Rather, simply paying for services that track traffic and monitor data logs frees up a hacker for more important tasks.

Revel in the D.I.Y. spirit. Years spent breaking down systems and cracking passwords teach hackers a thing or two about being resourceful. This is just the type of scrappiness that cost-conscious IT shops will appreciate. After all, says MacDougall, "A lot of freeware and open source programs can let small IT teams do a lot on a fairly small budget."

Test for authenticity. Checking references isn't always an option when it comes to hiring a hacker. "It's a judgement call," warns MacDougall. "You have to tread very carefully, especially if that someone professes to be a hacker--a good hacker is never going to tell you that they're a hacker. How many bank robbers introduce themselves as a bank robber?" Instead, MacDougall advises using online hacker challenges to test a prospect's breaking and cracking skills.

Black Hat USA Las Vegas, the premiere conference on information security, features four days of deep technical training followed by two days of presentations from speakers discussing their latest research around a broad range of security topics. At Caesars Palace in Las Vegas, July 21-26. Register today.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
nonakopp
50%
50%
nonakopp,
User Rank: Apprentice
12/19/2013 | 2:23:44 PM
Reply to post about Winnonna Kopp
My name is Winnonna Kopp and I am not involved in any type of scam(s) not knowingly, I have talked to a Larry Stone, who told me he was from Newark Ohio, his email address is lovinglarrystone@yahoo.com. He told me that he is working on an oil rig and he needed me to pick up money and send to a person/coworker or his employee in Ghana, his name is Ejiro Zeb Elo. He is not at this address and I would greatly appreciate if you would remove my information from this site. I am willing to work with you and give any information that I have on this person, which isn't much and the phone number I had for him, which was an Ohio number, I called today and it belongs to a female. I really need to have my name cleared, I am not a bad person and I would have never knowingly or intentionally hurt anyone. I am so sorry for the problems that this has caused not only other people apparently but myself. I do have a picture of the person.

 
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
10/17/2013 | 2:55:37 PM
re: How To Hire A Hacker
i was helped by a hacker to check if my girl friend was cheating , i visited their website www.ihacc4u.com and her email and facebook where hacked in about 30 hours , i was indeed pleased , so you can check them out , i think they would be able to help you

here is their email too ihacc4u@yahoo.com.au
Dj2013
50%
50%
Dj2013,
User Rank: Apprentice
7/6/2013 | 1:44:42 PM
re: How To Hire A Hacker
If you need to find a credible hacker visit http://hackerforhirereview.com...
surfingdude
50%
50%
surfingdude,
User Rank: Apprentice
5/12/2013 | 10:11:45 PM
re: How To Hire A Hacker
Bradwanker is a scammer and an idiot. this is where he resides and he gets his money but never sends anything:

Name : Winnonna Lynn Kopp
location : 4128 Cloverdale Rd
Anniston, Alabama 36207

save your money and stay away.. he has been reported to the authorities
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
4/11/2013 | 7:00:03 AM
re: How To Hire A Hacker
helo there ,for your general online security consultations,contact us on this email ----> UNLOCKKKIT@YAHOO.COM <-----we offer various services,ranging from hacking of various email (YAHOO,GMAIL,AOL,HOTMAIL,GMX,REDDIT , .... etc) and also private domain emails,we also hack various social networking sites (FACEBOOK,TWITTER,INSTAGRAM,SKYPE ,MYSPACE ,...etc) make and deploy KEYLOGGERScant mention them all,we also hack websites via sql injection,xss scripting.... etc ,if a fraudulent websites steals from you ,we can get your money back too,we perform various security checks on your wesbites too (pentration testing,audit ...etc) ,so we hope to hear from you as we are ready to give you proofs of job well done,contact us anytime
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
4/11/2013 | 6:59:48 AM
re: How To Hire A Hacker


helo there ,for your general online security consultations,contact us on this email ----> UNLOCKKKIT@YAHOO.COM <-----we offer various WHITE HAT AND GREY HAT hacker services,ranging from hacking of various email (aol,yahoo,gmail etc) to website hack ,server hack ,result upgrades and website testing and a host of others,contact us now
hackhelp
50%
50%
hackhelp,
User Rank: Apprentice
10/11/2012 | 1:26:19 AM
re: How To Hire A Hacker
for HACKing. if you need help with dail HACKING problem please contact BRADHACCER@AOL.COM for you EMAIL,WEBSITES,social networking sites,keylogger installation and sale of other goods and rendering of personalized hacker services like upgrades and server hack
Aumnayan
50%
50%
Aumnayan,
User Rank: Apprentice
7/3/2012 | 6:42:52 PM
re: How To Hire A Hacker
There are enough security experts (aka "white hat hackers") out there who know the drill that companies shouldn't have to tap anyone with questionable histories. It's really no different then every other discipline out there. Want to take a risk on the guy who broke into someones network and published their confidential data? Go for it. But I sure wouldn't recommend it.
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Strategist
7/3/2012 | 1:29:46 PM
re: How To Hire A Hacker
I would add a couple of caveats that I think should be obvious, but I have seen ignored. First, know the difference between ethical hackers and non and even though you may accept the risk of their past respect the principle of division of responsibility. If they push for uncontrolled and unmonitored network access, you've accepted too much risk. Secondly, some social engineering skills are not equivalent to being a hacker. A bully is simply a bully even if they present their intimidation skills to elicit passwords from others or colleagues as hacking.
rcrouch850
50%
50%
rcrouch850,
User Rank: Apprentice
7/3/2012 | 4:03:21 AM
re: How To Hire A Hacker
Every BS computer scientist in America must hack his professor's grade book, or some similar data, before he can graduate.
2014 US Salary Survey: 10 Stats
2014 US Salary Survey: 10 Stats
InformationWeek surveyed 11,662 IT pros across 30 industries about their pay, benefits, job satisfaction, outsourcing, and more. Some of the results will surprise you.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.