UPDATE: Can You Ever Trust A Hacker? UBS Trial Puts It To A Test - InformationWeek
IoT
IoT
News
News
7/14/2006
04:45 PM
50%
50%

UPDATE: Can You Ever Trust A Hacker? UBS Trial Puts It To A Test

The defense cast doubt on the role that a one-time famous hacker played in the investigation.

After 20 years in computer security, including 11 in the financial services industry, Karl Kasper is being vilified as a dangerous man.

Over the past month, in the trial of former UBS PaineWebber system admin Roger Duronio, Kasper has been attacked by the defense because of his background as a computer hacker and his role in UBS's investigation of the attack. The lawyer for Duronio, defending him against charges that he sabotaged UBS PaineWebber's trading network four years ago, asserted that hackers can't be trusted to do a credible investigation. Kasper says the defense team is just desperate. (A verdict is expected this week.)

Regardless of the outcome, Kasper's involvement in the case raises anew important questions about whether ex-hackers should be hired for their information security expertise.

Kasper got involved with UBS PaineWebber days after the "logic bomb" was detonated. UBS hired his company, @Stake, to conduct the initial forensic analysis. Kasper has impressive security credentials. He helped found @Stake and has testified in front of a Senate committee about security issues; he's since left @Stake and works as a VP in IT security at JPMorgan Chase, not the first financial services firm at which he's worked. Still, he's being haunted by his time as a member of the L0pht, a hacker group that achieved star status in the 1990s.

The defense in the Duronio trial made much of the fact that in the computer industry, Kasper goes by the pseudonym John Tan. Is that akin to a writer using a pen name--Kasper treats it as more of a marketing brand name--or is it a sign of something devious below the surface of business suits and board meetings?

It's a question that has been asked before as hackers left their black T-shirts and ponytails behind and entered the mainstream to cash in on their technical savvy. As they worked away in their cubicles, many people forgot they had once poked at systems and applications, looking for flaws that would leave people and companies open to attack. Many still do those same kinds of penetration tests, only now they do it for a regular paycheck and a 401(k).

Back in their hacker days, did any of them ever use the holes they found to break into systems, peek at private information, or even cause damage? In some cases, yes. But it's unfair and inaccurate to say they all did.

Having hackers work at computer security companies or as IT consultants generally elicits one of two responses: It's the smartest thing you can do, or what the hell are you thinking?

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Commentary
AI & Machine Learning: An Enterprise Guide
James M. Connolly, Executive Managing Editor, InformationWeekEditor in Chief,  9/27/2018
Commentary
How to Retain Your Best IT Workers
John Edwards, Technology Journalist & Author,  9/26/2018
Slideshows
10 Highest-Paying IT Job Skills
Cynthia Harvey, Contributor, NetworkComputing,  9/12/2018
Register for InformationWeek Newsletters
Video
Current Issue
The Next Generation of IT Support
The workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll