Business Brains

Hackers should be hired, TED speaker urges: is this the best path to online security?

Posting in Government

Hackers play a game of 'Catch Me if You Can.' But, like the movie, can they be turned into valuable security assets?

In recent times, "Anonymous" hackers have been wreaking havoc with corporate and government systems. So, should corporations hire these guys?

Leading tech companies have long used "ethical hackers" to help probe vulnerabilities in their systems and software. Should some of the not-so-ethical hackers be added to payrolls as well?

One journalist, Misha Glenny, says there is a solid case to be made for hiring hackers. Delivering his remarks at a recent TED event, Glenny pointed out that groups such as Anonymous tend to be idealistic, and "are providing a service by demonstrating how useless companies are at protecting our data."  As he put it:

"Despite the fact that we are beginning to pour billions, hundreds of billions of dollars, into cybersecurity -- for the most extraordinary technical solutions -- no one wants to talk to these guys, the hackers, who are doing everything. Instead, we prefer these really dazzling technological solutions, which cost a huge amount of money...  Where we have a surplus of technology in the cybersecurity industry, we have a definite lack of -- call me old-fashioned -- human intelligence."

There's obvious moral hazard in rewarding people who try to tear down companies' operations. But police and spy agencies often employ nefarious types to help with investigations, part of that "human intelligence" on the ground that helps catch even more bad guys. And remember how the brilliant but misguided con artist Frank Abagnale -- pursued by the FBI for years because of his scams, highlighted in the movie Catch Me If You Can -- eventually sided with the feds to become a valuable resource in catching other bad guys. Abagnale also provides security consulting to many large corporations as well, by the way.


The typical hacker is a person with a lot of talent and passion, Glenny says. Trying to catch and prosecute these individuals is the wrong way to spend our resources, he adds. "We need to engage and find ways of offering guidance to these young people, because they are a remarkable breed. And if we rely, as we do at the moment, solely on the criminal justice system and the threat of punitive sentences, we will be nurturing a monster we cannot tame."

Is Glenny right?  Should more efforts be made to engage hackers, and bring them into the fold?  Should bad behavior be rewarded?

Share this

Joe McKendrick

Contributing Editor

Joe McKendrick is an independent analyst who tracks the impact of information technology on management and markets. He is a co-author of the SOA Manifesto and has written for Forbes, ZDNet and Database Trends & Applications. He holds a degree from Temple University. He is based in Pennsylvania. Follow him on Twitter. Disclosure