Feeds

UK.gov open to hiring EX-CON hackers for cyber reserves

Justice League or Rogues Gallery?

SANS - Survey on application security programs

The UK army of cyber reservists is open to the idea of hiring convicted hackers into its ranks.

The new head of the Joint Cyber Reserve Unit, Lieutenant Colonel Michael White, told BBC Newsnight that applicants would be assessed on their skills and capabilities, rather than personality traits or past histories.

Asked whether he would be open to hiring criminally convicted hackers who had the right skills he responded positively. "If they could get through the security process, if they had the capability that we would like, and if the vetting authority was happy, then why not," Lieutenant Colonel White said.

Defence Secretary Philip Hammond said that Britain that simply building defences was not enough and "Britain would build a dedicated ability to counterattack and if necessary to strike in cyberspace" at the launch of the Joint Cyber Reserve Unit. The armed forces as a whole did not have an “absolute bar” on recruiting former criminals. Hammond said that "former hackers would be assessed on a case-by-case basis," The Independent reports.

David Emm, senior security researcher at Kaspersky Lab, said that the openness to hire hackers to the ranks of a kind of a geek version of the territorial army might address a short term skills shortage but said that hitting people who had proved themselves to be "motivated by money and misplaced ideals" was a risky strategy, at best. Emm emphasised the importance of training up a next generation of cyber fighters, starting in schools.

“The news that the UK Cyber Defence Unit is considering hiring convicted hackers has caused many people to voice their concerns about the ethical and security implications of employing those with a criminal past to protect the country’s most sensitive information. Those who have previously worked for the ‘dark side’ of the code-breaking fraternity are often motivated by money and misplaced ideals, and therefore expecting them to switch sides, and remain there is unrealistic.”

Emm added: “However, this development does highlight the problem of a skills shortage and the lack of talent outside the criminal community to tackle serious cyber-attacks facing the country. This is why it is so important to encourage the next generation to study, and become expert on, security-related issues so they can be the ones to fight sophisticated cyber-threats in the future.

"The government has recognised this and it is why it wants to make significant changes to the Computing element of the new National Curriculum: a move away from simply using the technology to understanding how it works.”

“As attempts to undermine governments and attack national infrastructure increasingly move online, it is imperative that the National defences are prepared to face these attacks head on, employing people with the necessary skills to block them.”

However hackers are often anti-establishment and have an antipathy towards the authorities that's only growing because of the Snowden controversy. They may no have any desire to work for the government. Asked whether he'd be interested in preventing threats to the national security, former LulzSec member Mustafa Al-Bassam (Tflow) told the BBC Newsnight team he wouldn't be keen on such a job.

"For me that would be in poor taste," Al-Bassam sad. "I can understand the need for a government to protect itself… but when you go ahead and stamp on people's civil liberties as we've seen with all the stories about mass surveillance we've seen in the past year then you can rest assured that you're going to repel tonnes of people."

High performance access to file storage

Next page: Agents of SHIELD

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.