Kevin Mitnick is a perfect example of Paul Graham's “unruly” hacker who breaks into
things not out of malicious intent but simple curiosity. Or so
Mitnick claims. Before he was arrested, he was the most wanted
“cyber-criminal” on the FBI list. After his release, he has
authored several books and become a world-famous consultant. In a
recent Twitter update looking back on his incarceration, he says
“Glad
that nightmare is far behind me. How things have changed.” [0]
Apollo
Robbins (a theatrical pickpocket in Vegas who some consider to be the
best in the trade[1]) also had dreams of creating a team of ex-cons
turned good consulting with security forces around the world. Apollo
found that his teammates were “nervous” when working with law
enforcement and both members of the team with a criminal record had
relapsed.
There
are many other examples of criminals turning the tables and working
in the same field, this time as law-abiding citizens. Some relapse,
some don't. Most people are reluctant to hire an ex-con which
contributes to the relapse rate. The potential downside is so strong
that many don't consider the statistics.
Back
in the days of Mitnick, cybersecurity wasn't nearly as understood as
it is today. (Heck, they still used “cyber” as a prefix). One
didn't go into “Information Security” as a profession. Even tech
companies dropped the ball on security. The lack of employment
opportunities combined with the social “hacker” stigma and
corporate resistance to change meant that most security opportunities
lay outside the law. This is not to say that everyone working in
security was malicious. Many were initially motivated by simple
curiosity – there was a whole new world to be explored. Some, like
Kevin Poulsen started using newfound skills for material gain.
(Poulsen manipulated the phone lines of a radio station to win a
Porsche [2].)
As
rogue crackers exposed the need for technical security, large
organizations found that these very crackers were the ones who were
the best at what they did. It suddenly became advantageous for
hackers like Mitnick and Poulsen to consult. A new breed of hacker
emerged: the reformed criminal. Suddenly, having a criminal record
meant that you knew what you were doing, rather than being a
liability.
Technology
continued its explosion across the world, leaving little untouched.
With this explosion came new security opportunities, and the field
flourished. Security workers began to be able to learn the tricks of
their trade without illegal activity. Once able-bodied workers sans
criminal record were available, the industry turned to them, shunning
most crackers.
Today,
if anyone wants to enter the world of information security, they
would do well to stay well within the confines of the law. It's
incredibly cheap to set up a test system (thanks OSS and FSF!)
You might find this interesting (and amazing):
ReplyDeletehttp://andrewsullivan.thedailybeast.com/2013/01/a-philanthropic-forgerer.html
Our need to 'protect' our stuff gets to be pretty ridiculous after a while, whether the 'stuff' is your server, or the 'original' Picasso, or your nice blank ugly wall.