Hiring Criminals is no cure for complacency

First published: 23rd March 2012

In your Leader, "Complacency puts websites in danger" (March 23) you say that criminal hackers should be thanked and are being hired for their criminal skills.

I think it is deplorable that a respected newspaper is advising hiring known criminals for their criminal knowledge. How is this different to paying the extortion? There are people who specialise in breaking into systems that have never committed a crime, sometimes they are called Penetration Testers, or White Hat Hackers, or Ethical Hackers, but they need a broader range of skills than a criminal hacker. A criminal hacker merely needs to find a single hole in the defences to make a successful attack, and some know less than that, merely being 'script kiddies' that can run tools created by more skilled people. A diligent penetration tester will try to find every possible hole in the target's defences, identifying them so that they can be fixed. If you are burgled, do you buy new locks from your burglar?


Share