UPDATE: Can You Ever Trust A Hacker? UBS Trial Puts It To A Test - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


UPDATE: Can You Ever Trust A Hacker? UBS Trial Puts It To A Test

The defense cast doubt on the role that a one-time famous hacker played in the investigation.

After 20 years in computer security, including 11 in the financial services industry, Karl Kasper is being vilified as a dangerous man.

Over the past month, in the trial of former UBS PaineWebber system admin Roger Duronio, Kasper has been attacked by the defense because of his background as a computer hacker and his role in UBS's investigation of the attack. The lawyer for Duronio, defending him against charges that he sabotaged UBS PaineWebber's trading network four years ago, asserted that hackers can't be trusted to do a credible investigation. Kasper says the defense team is just desperate. (A verdict is expected this week.)

Regardless of the outcome, Kasper's involvement in the case raises anew important questions about whether ex-hackers should be hired for their information security expertise.

Kasper got involved with UBS PaineWebber days after the "logic bomb" was detonated. UBS hired his company, @Stake, to conduct the initial forensic analysis. Kasper has impressive security credentials. He helped found @Stake and has testified in front of a Senate committee about security issues; he's since left @Stake and works as a VP in IT security at JPMorgan Chase, not the first financial services firm at which he's worked. Still, he's being haunted by his time as a member of the L0pht, a hacker group that achieved star status in the 1990s.

The defense in the Duronio trial made much of the fact that in the computer industry, Kasper goes by the pseudonym John Tan. Is that akin to a writer using a pen name--Kasper treats it as more of a marketing brand name--or is it a sign of something devious below the surface of business suits and board meetings?

It's a question that has been asked before as hackers left their black T-shirts and ponytails behind and entered the mainstream to cash in on their technical savvy. As they worked away in their cubicles, many people forgot they had once poked at systems and applications, looking for flaws that would leave people and companies open to attack. Many still do those same kinds of penetration tests, only now they do it for a regular paycheck and a 401(k).

Back in their hacker days, did any of them ever use the holes they found to break into systems, peek at private information, or even cause damage? In some cases, yes. But it's unfair and inaccurate to say they all did.

Having hackers work at computer security companies or as IT consultants generally elicits one of two responses: It's the smartest thing you can do, or what the hell are you thinking?

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 3
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll