Hacker recruitment: When it is safe to have a hacker on your IT staff

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1Anonymous writes, "Our goal wasn't to hurt someone or cause damage. We justwanted to learn about something we couldn't possible afford to buy."Eric Corley was in a panel discussion at an NCSA (National ComputerSecurity Association) conference in the mid-1990s. He said something like"I don't know why you security guys are getting your shorts in a knot --we're just breaking in to look around. We're not doing any harm."I stood up in the middle of the room of security experts and shouted,"BULLSHIT" just like "Anonymous." However, I continued (loudly), "If youdon't understand the concept of the TCB (Trusted Computing Base) thenyou're an idiot. If you do, then you're a liar."Any unauthorized access to a system poses a potential corruption of theoperating environment. If someone broke into your house and opened thebottles of baby food in your fridge, would you smile and agree that theyhad caused no harm because they were just looking around? Or would youthrow out the baby food on the grounds that they were potentiallycontaminated?System managers _must_ respond to unauthorized access to any productionsystem by verifying the integrity of _all_ the software and data on thepotentially-contaminated system. Failing to do so is a breach of due careand diligence in carrying out one's fiduciary responsibilities forsafeguarding data and system integrity.So breaking in and looking around without authorization have _never_ beenharmless exercises in self-education. They have _always_ been inexcusableethical breaches and later, explicit crimes in exactly the same way thatbreaking into someone's house or office without permission has been anethical and legal breach.For other discussions of criminal-hacker propaganda, distortions, lies, andillogic, see the articles at< http://www.mekabay.com/ethics/index.htm >.For a discussion of anonymity and pseudonymity, see the paper "Anonymityand Pseudonymity in Cyberspace" at Best wishes,MichM. E. Kabay, PhD, CISSP-ISSMP* Assoc Chair of Computing* Assoc Prof of Information AssuranceSchool of Business & ManagementNorwich UniversityExpect Challenge. Achieve Distinction.W: http://www.mekabay.com* Network World Security Strategies Newslettershttp://www.networkworld.com/newsletters/sec/=>o ASCII ribbon campaign against HTML e-mail o<=-----BEGIN PGP SIGNATURE-----Version: PGP Desktop 9.8.3 (Build 4028)Charset: utf-8wj8DBQFKqlSdUbF73uXqlJ8RAmFoAKCUX0+QlO9AszYf8wmGXvCDIAJyfgCgkSDwkhWXA3uKH9jdq8A73J6iwMI==nZaN-----END PGP SIGNATURE-----

I think he means you are looking for people that feel empathetic and are less likely to do something disruptive because it would negatively affect people.

That is a stereotype. Like all walks of people there are all different types of hackers from overly empathetic to totally selfish.

Believe it or not, most employers don't want to hire emotionless drones. Emotion-deficient employees develop no sense of ownership over their work, they don't integrate well with co-workers, they are unwilling to mentor and train, they often display low adaptability to changing conditions and they are very poor team leaders. The real working world is full of miscommunication, differing skill levels, and conflict. An employee who can't deal with those factors is a liability. Most of us who were typing alone on our 6502 machines back in the 80s eventually grew up and learned to play well with others, and today's top tech people will need to do the same or they're going to be replaced by the next crop of college superstars before they turn 40.