If you work in the cyber security field, chances are you've run into current or former black hats. But some of these hackers have put their dark pasts behind them and are doing great things in the world cyber security research today. The big question is should an individual's dark past define their future?
Just a few weeks ago the hero who stopped WannaCry, Marcus Hutchins, pleaded guilty to several charges relating to past dealings with creating a banking trojan called Kronos.
Subsequently, this caused the security researcher community to go into a frenzy. Marcus’ case has been clouded by the fact that he is known in the cybersecurity community as a prominent security researcher who has helped many in the field by sharing his knowledge. He is praised by many for his extensive security research, but others aren’t as convinced, the US government and FBI being some of them.
Can Former Blackhats Be Trusted?
The problem stems from some shady things he did in his past. Specifically, when he was a minor just starting out in cybersecurity. You can get a more detailed version of the dark history of Marcus Hutchins by Krebs on Security who did a fantastic job untangling the web that Marcus sowed over several years.
However, there is prominent evidence that Marcus changed for the better in recent years and was adamant about leaving that past behind. Additionally, if he had never garnered the fame of stopping WannaCry which was wreaking havoc on the NHS in the UK, would he have been charged in the first place? Call it wrong place-wrong time, but there is definitely something unfortunate about his story.
But Marcus’ case aside, there are plenty of cyber security researchers who have had similar run ins with the law. Kevin Mitnick is another one who comes to mind. Nowadays, Mitnick is trying to help protect businesses from falling for the same traps he laid himself years ago. That's not to say he still doesn't get a lot of flak for his past dealings. And maybe he shouldn't, but he is still doing well on the white hat side of things these days regardless. Maybe Marcus will have similar success after his jail sentence is served. Time will tell.
What Do the Cybersecurity Pros Think?
I got a chance to speak with two security experts to get their take on it. Scott Foote who is a Cybersecurity Executive and Consultant and Founder of Phenomenati, as well as Joe DePlato who is Co-Founder and CTO of Bluestone Analytics, a cybersecurity company serving Virginia and the US East Coast.
Joe and Scott both seemed to agree that each case needs to be taken into context. With Marcus’ case, he was found guilty of creating malicious code that was later found in banking trojan called Kronos. Of course, this is much more serious than say a kid downloading video games on a school computer. Joe and Scott believe that Marcus should be held accountable for his actions, and jail time is probably necessary in his case.
It seems that everyone has their own opinion on how black hat hackers should be treated when they get caught. Some believe they should be barred from cybersecurity forever. Others think they are valuable resources that can help protect people, governments, and businesses in the future.
What do you think? Sound off below.