UPDATE: Can You Ever Trust A Hacker? UBS Trial Puts It To A Test - InformationWeek
IoT
IoT
News

UPDATE: Can You Ever Trust A Hacker? UBS Trial Puts It To A Test

The defense cast doubt on the role that a one-time famous hacker played in the investigation.

After 20 years in computer security, including 11 in the financial services industry, Karl Kasper is being vilified as a dangerous man.

Over the past month, in the trial of former UBS PaineWebber system admin Roger Duronio, Kasper has been attacked by the defense because of his background as a computer hacker and his role in UBS's investigation of the attack. The lawyer for Duronio, defending him against charges that he sabotaged UBS PaineWebber's trading network four years ago, asserted that hackers can't be trusted to do a credible investigation. Kasper says the defense team is just desperate. (A verdict is expected this week.)

Regardless of the outcome, Kasper's involvement in the case raises anew important questions about whether ex-hackers should be hired for their information security expertise.

Kasper got involved with UBS PaineWebber days after the "logic bomb" was detonated. UBS hired his company, @Stake, to conduct the initial forensic analysis. Kasper has impressive security credentials. He helped found @Stake and has testified in front of a Senate committee about security issues; he's since left @Stake and works as a VP in IT security at JPMorgan Chase, not the first financial services firm at which he's worked. Still, he's being haunted by his time as a member of the L0pht, a hacker group that achieved star status in the 1990s.

The defense in the Duronio trial made much of the fact that in the computer industry, Kasper goes by the pseudonym John Tan. Is that akin to a writer using a pen name--Kasper treats it as more of a marketing brand name--or is it a sign of something devious below the surface of business suits and board meetings?

It's a question that has been asked before as hackers left their black T-shirts and ponytails behind and entered the mainstream to cash in on their technical savvy. As they worked away in their cubicles, many people forgot they had once poked at systems and applications, looking for flaws that would leave people and companies open to attack. Many still do those same kinds of penetration tests, only now they do it for a regular paycheck and a 401(k).

Back in their hacker days, did any of them ever use the holes they found to break into systems, peek at private information, or even cause damage? In some cases, yes. But it's unfair and inaccurate to say they all did.

Having hackers work at computer security companies or as IT consultants generally elicits one of two responses: It's the smartest thing you can do, or what the hell are you thinking?

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
News
Don't Collect Biometric Data Without Providing Notice
Lisa Morgan, Freelance Writer,  2/1/2019
Commentary
AI and the Next Recession
Guest Commentary, Guest Commentary,  1/24/2019
Commentary
The Title Machine Learning Engineer Will Start to Disappear
Guest Commentary, Guest Commentary,  2/7/2019
Register for InformationWeek Newsletters
Video
Current Issue
Security and Privacy vs. Innovation: The Great Balancing Act
This InformationWeek IT Trend Report will help you better understand and address the growing challenge of balancing the need for innovation with the real-world threats and regulations.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll