Some companies knowingly hire convicted computer criminals to uncover security holes, in the hopes of reaping benefits from their expertise. This is a big mistake. As our espionage simulation shows, we gained access to just about all the information inside the company. This included data that could be valuable in a wide variety of crimes, such as industrial espionage and insider trading, as well as data that could cost people their lives, such as the CEO's aircraft tail number and flight itineraries into hostile environments. You must assume that any security assessment will give similar access.
To knowingly provide felons with the opportunity to access this kind of information would be grossly negligent on the part of any security professional or other company executive. In fact, you should insist that your vendors perform background checks or only use people with clearance to do such work. This security requirement should be included in your company's requests for proposals and contracts.
Return to main story, Anatomy Of A Break-In
Illustration by Michael Morgenstern