RSA Conference: Is hiring hackers a new thing?

Once considered outlaws and trouble makers, hackers have now gone mainstream. And not just mainstream, but actively sought for employment by leading intelligence and law enforcement agencies globally. 

As discussed during the recent RSA Conference, experts are recommending that the United States hire at least 10,000 experts over the next several years. The same experts believe that private enterprise will need more. Many of the jobs are in defense but there is a growing need for people who can hack into complicated networks used by governments and major corporations.

NSA 

Enter the National Security Agency (NSA). The very agency which exposed by Edward Snowden, a hacker, is now offering a new “cyber-ops” program in selected colleges in the nation. Attracting hackers, which is part of President Obama’s national initiative to improve cyber security, aims to prep students for careers within the NSA’s SIGINT (signals intelligence) operations center as well as law enforcement agencies tasked with investigating cybercrimes.

The philosophy behind the NSA practice makes sense to many observers within the cyber world. It takes a hacker to catch a hacker and the things that sophisticated hackers know can’t be taught at MIT or formal law enforcement training. 

FBI 

The Federal Bureau of Investigation is also jumping on the employment bandwagon and is seeking college students who want to join the agency and become “cyber special agents.” An article posted on the FBI website describes the kind of role it’s looking to fill. The organization seeks people with experience in programming, malware analytics and even something called “ethical hacking.” 

The agency’s website holds a list of preferred degrees and work experience desired. The list shows that the FBI is looking for people with experience working with Apple and Microsoft equipment. 

Knowing computer programming though isn’t enough to satisfy the FBI’s requirement. Applicants have to be over 23, but less than 37 and they have to pass a background check.  Maybe something hard to do for a computer hacker. 

Even with screening, there have been some problems and drawbacks.

Iceman 

Take the story of Max Ray Butler, aka “Iceman.” Convicted in 2009 on two counts of wire fraud, Iceman was caught stealing millions of credit card numbers and selling them online.

Iceman was finally captured, and then employed, by the Federal Bureau of Investigation as an informant assigned the task of identifying other hackers. While still working, undercover, for the FBI, Iceman started giving up all kinds of names. When the agency began looking into the names, the federal agents couldn’t find anyone named by Iceman. 

Turns out Iceman was doing all the hacks himself. 

Christopher Rouland

Rouland, caught hacking into the Pentagon was recruited by federal authorities to work as a member of the Pentagon’s cyber security division. In 2008, Rouland started his company, Endgame Systems. Publicly, Endgame Systems provided a service that allowed security professionals to monitor known threats in real-time. However, Endgame was also busy providing cyber capabilities to other hackers that could take down entire regions of online infrastructure including airports. 

Bloomberg Business, in a 2011 article, stated that Endgame even provided package deals to hackers who wanted to take out multiple parts of the world.

If a person wants to hire a hacker privately though, and not part of a government agency, are there options?  Turns out there are. 

Hired Gun 

Manpower, Labor Ready and Kelly’s are just a few of the well-known temporary employment agencies in America. They’re great for short term warehouse help or administrative assistance, but if you want to hire a hacker, you’ll have to look elsewhere. 

Enter “Hacker’s List.” 

According to the New York Times, Hacker’s List has been available since November and more than 500 hacking jobs have been recorded. The notion behind Hacker’s List is that people with pertinent experience can bid on jobs they want to perform, complete the milestones and get paid when the gig is finished. The site collects a percentage of the payment when the job is completed.

The site claims, “Hiring a hacker shouldn’t be a complicated process.”

The site goes on to claim a belief that finding a “trustworthy, professional hacker for hire,” should be a worry free experience. It’s a compelling pitch that has attracted both hackers seeking work and people wanting to hire hackers — even the seemingly oxymoronic part about a “trustworthy professional hacker” doesn’t stop anyone. 

Hacker’s List isn’t the only site available.  Arkady Bukh – New York defense lawyer and cyber crime expert – says that others like “Hacker for Hire” and “Neighborhood Hacker” present a balance between offering both “professional” and “ethical” hackers. 

Low-profile hacking such as provided by these sites is becoming the latest challenge for law enforcement. 

With government agencies hiring the very individuals they used to pursue and hackers being hired online, many people may wonder if we’ve gone through the looking glass where right is wrong and wrong is right, Bukh adds. 

As cybersecurity demands grow, there probably will be more hackers hired within 24-hours of their capture. 

That reality is now.