UK.gov open to hiring EX-CON hackers for cyber reserves
Justice League or Rogues Gallery?
The UK army of cyber reservists is open to the idea of hiring convicted hackers into its ranks.
The new head of the Joint Cyber Reserve Unit, Lieutenant Colonel Michael White, told BBC Newsnight that applicants would be assessed on their skills and capabilities, rather than personality traits or past histories.
Asked whether he would be open to hiring criminally convicted hackers who had the right skills he responded positively. "If they could get through the security process, if they had the capability that we would like, and if the vetting authority was happy, then why not," Lieutenant Colonel White said.
Defence Secretary Philip Hammond said that Britain that simply building defences was not enough and "Britain would build a dedicated ability to counterattack and if necessary to strike in cyberspace" at the launch of the Joint Cyber Reserve Unit. The armed forces as a whole did not have an “absolute bar” on recruiting former criminals. Hammond said that "former hackers would be assessed on a case-by-case basis," The Independent reports.
David Emm, senior security researcher at Kaspersky Lab, said that the openness to hire hackers to the ranks of a kind of a geek version of the territorial army might address a short term skills shortage but said that hitting people who had proved themselves to be "motivated by money and misplaced ideals" was a risky strategy, at best. Emm emphasised the importance of training up a next generation of cyber fighters, starting in schools.
“The news that the UK Cyber Defence Unit is considering hiring convicted hackers has caused many people to voice their concerns about the ethical and security implications of employing those with a criminal past to protect the country’s most sensitive information. Those who have previously worked for the ‘dark side’ of the code-breaking fraternity are often motivated by money and misplaced ideals, and therefore expecting them to switch sides, and remain there is unrealistic.”
Emm added: “However, this development does highlight the problem of a skills shortage and the lack of talent outside the criminal community to tackle serious cyber-attacks facing the country. This is why it is so important to encourage the next generation to study, and become expert on, security-related issues so they can be the ones to fight sophisticated cyber-threats in the future.
"The government has recognised this and it is why it wants to make significant changes to the Computing element of the new National Curriculum: a move away from simply using the technology to understanding how it works.”
“As attempts to undermine governments and attack national infrastructure increasingly move online, it is imperative that the National defences are prepared to face these attacks head on, employing people with the necessary skills to block them.”
However hackers are often anti-establishment and have an antipathy towards the authorities that's only growing because of the Snowden controversy. They may no have any desire to work for the government. Asked whether he'd be interested in preventing threats to the national security, former LulzSec member Mustafa Al-Bassam (Tflow) told the BBC Newsnight team he wouldn't be keen on such a job.
"For me that would be in poor taste," Al-Bassam sad. "I can understand the need for a government to protect itself… but when you go ahead and stamp on people's civil liberties as we've seen with all the stories about mass surveillance we've seen in the past year then you can rest assured that you're going to repel tonnes of people."
Agents of SHIELD
Ross Brewer, vice president at security tools firm LogRhythm, said the openness to hire hackers could be based on the previously stated intention for the UK to have a cyber offensive capability, a move he reckons is going in the wrong direction.
“Previous warnings about the dangers of blindly attacking the networks of 'enemy' states still stand, and employing convicted hackers to carry out such pre-emptive strikes could lead the government, and the country, into dangerous waters if not managed correctly," Brewer said.
“Modern cyber criminals are experts in their own right, so it makes sense to build an army of highly specialist reserves to combat them. While we know that there is a dangerous dearth of skilled individuals in the cyber arena, the government needs to tread very carefully if looking to employ convicted criminals and ensure no blurring of the lines of morality. Ask yourself, for instance, whether it would be logical to hire ex-bank robbers as security guards for the banks that they robbed!"
Despite these criticisms, Brewer did see some potential benefits in hiring ex-hackers.
"That said, convicted hackers are likely to be some of the best in the business and therefore employing them would allow the government to tap into skills it may otherwise not have access to."
"While White has stated that each applicant will be assessed on a case-by-case basis, taking into account the severity of convictions, the unit will need to ensure it does not become a body of outlaws deployed to attack others. What’s more, it will be absolutely critical to ensure that powers are not abused and citizens’ information is safeguarded against rogue hackers permitted into this privileged position."
Brewer concluded: “Giving convicted hackers a chance is one thing, trusting them implicitly is quite another,” he concluded. ®