Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
The Internet

Convicted Hackers Snubbed by Security Firms? 130

Esqueleto sent us an interesting story from Security Focus on convincted hackers and employment in the security field. When you get past the zillions of obnoxious frames, you'll read an article about a wierd problem: the guys who have a criminal record are tougher to hire... in this case they're talking about Mark Abene (Phiber Optik) being snubbed by @Stake, the guys who merged with L0pht. Of course this makes total sense from a corporate perspective, but considering many of the folks in the industry will admit freely to doing the same things, the conviction on your record makes all the difference.
This discussion has been archived. No new comments can be posted.

Convicted Hackers Snubbed by Security Firms?

Comments Filter:
  • this is wrong. doens't matter what type of hacker it is, be it black hat, grey hat, or white

    LOpht is made of hackers, and @stake merged with LOpht. @stake shouldn't have done the merge if they wouldn't hire hackers. and besides, now that they have merged, space rogue has left HNN, and HNN has gotten less news.
    @Stake, HIRE him. He is smarter than you people.
  • "Your points are completely invalid. The crimes are as close as your perspective makes them. 'Hacking' into a computer can often be a trivial task involving not much more skill than being able to click a button twice. Robbery can be a practiced skill, and those who posess those skills can be of great value, often at a much lower risk."

    I could argue that one involves the potential of physical danger and the other involves someone in front of a computer, but I will not.

    "Should a delivery person not lose their job if they lose their drivers licesce? What if it is for to many speeding tickets? Even if You speed every day and never get caught? "

    I could also argue that if someone loses their job due to having too many traffic (or speeding) tickets, that after a duration of time they could continue their chosen vocation. But I will not.

    "Many of the best learned a great deal through their 'stunts', but were never caught. Why wern't they caught? In some cases they better then everyone else, in others they did less damage, but they did not get caught."

    I could say that everyone is clumsy and awkward to begin with and that they improve eventually, but I will not.

    If someone is caught doing something illegal, then, according to our own laws, they are to repay their debt to society. I have no argument in this, after all, I am no lawyer.

    But the point I tried to make, one that you glossed completely over, is that one mistake does not define a person. We, as a species not just a nation, learn from our mistakes.

    If you were caught for, let us use your example, speeding and were told that you could never drive for a living again, even if you believed you were justified. How would you react?

    I will make no arguments about the feasibility of my examples; after all, everyone views everything a little bit differently. What some consider as an "invalid" point, others see as very valid. I will not begrudge you your opinion.

    And as for any legal discussion, I would advise you to talk to a REAL lawyer before you enter any court room anywhere with that as your defense.

    And before you retort, READ what I said. Think about it. That is all I ask.

  • WHAT? A corporation would be irresponsible to not hire someone who's also irresponsible? You can look at their background check and know for a fact that you can't trust them... Computer criminals have name recongition, yes, but is that good? Maybe for some one like Kevin Mitnick, but for the most part the people getting caught these days are little wannabe's that got caught. Remember, if you're a criminal, you don't want name recognition, because that means they're on to you...

    Point 2: yeah, they might have valuable knowledge about computer security, but who's to say you can't find a "white hat" hacker that has the same knowledge? Or maybe you're really lucky and you hire someone who often finds exploits to troubleshoot your products. He's got a past of posting apps to exploit them prior to even letting the companies that created the products know so that they can ready a patch. Is this who you want auditing your source code? I think a corp would be irresponsible to put someone like that in that position. It's like hiring a career alcoholic to tend the bar. Sure you could do it, but would that really be the wisest thing you can do?

    Your line about loyalty springs just a little to mind. Yes, most /.'ers will jump ship to a better job, but in most cases that's all they'll do. With a convict, though, you know they don't respect the laws, so there's a much greater likelyhood that when they jump ship, they'll take something with them, if for nothing else, then as a souveneir.
  • by Anonymous Coward
    Today's society however seems to want to punish "criminals" and criminals forever.

    Not really.

    When high ranking corporate officers commit white collar crimes, they hardly ever do jail. It also doesn't affect their future employability like common crime does.

    And white collar crimes frequently have wider ranging effects than common crimes.

  • Because they are a KNIFE consulting firm. they deal with KNIFES. now, who knows more about KNIVES, a butcher from your local grocery store or a surgian?

    Whom would you rather have operate on you?

  • What part of the recording/movie industry's arguments do you think have merit? I think I've been exposed to many of their opinions and I don't think their fears are important enough to justify rewriting the intellectual property balance that was in the U.S. Constitution. What makes you think otherwise?

    Personally, I think they're making a collosal business as well as public relations mistake. Improving technology is making their products more interesting and more valuable to their consumers. Instead of trying to get rich by working with that changing technology (Re: cassette and VCR) they're trying to destroy it to preserve their old ways of doing business. If they weren't trampling over our rights in the process it would almost be funny to watch them work so hard to make less money.
  • Once he's done his time, will you trust a child molester to babysit your daughter?

    It's a more drastic example, I know, but it goes a long way in this discussion of "well once he's done his time, he's paid his debt to society".
  • Tell me, you say it is your right to dislike someone, right

    Yes, just as it is your right "to think that you really need to wake up and smell the coffee brewing."

    So you are telling me that you would like to have most of the talented individuals in the industry out of work?

    Hell, I don't care if convicted hackers are employed or not, I do not work at a security firm, I am not an HR person at such a place. Personally I could care less if they are hired or not. I was just arguing that it is the employer's choice. Would the person have a better chance to be employed had they not been convicted of committing a crime? Yes, I'd wager. That was also what I said, if employability is important to you, don't break the law. Doing so will not prevent you from getting a job but it will likely make it tougher.

    And no, I am not telling you what to do; I'm simply requesting that you think about the situation a little more

    Your earlier statements sure made it seem like you were telling me what to think. The beauty with the situation as is, is that I don't have to think about it extensively since it doesn't effect me. Should a security firm hire someone who's been convicted of a crime. I DON'T CARE. If they want to, sure, OK, cool; if not, fine, that's their call. What I am saying is that: first, just because someone serves their time, my view is a bit slanted on them still (past behavior is the strongest indicator of future behavior); and if you are concerned about your employability, try your best to refrain from committing crimes.

  • Stealing cable TV is a felony too. That doesn't mean it is more severe than, say, aggrevated assault, a misdemeanor.

    ~ Signal 11

  • Take an hour or two to read the Communist Manifesto [anu.edu.au]. It is interesting, Marx and Engels argue that the bourgeois are (or were) constantly trying to improve technology to increase the efficiency of their production and reduce the effort and input needed by man in the production queue. Such a movement, the Manifesto argues, pushes those lower middle class individuals into the proletariat. In any case, it's interesting, because it seems the opposite of what the big corporations are doing today. Rather than embracing the new technologies like the bourgeois described by Marx and Engels, the bourgeois of today are trying to keep the status quo. Interesting....
  • As a convicted felon (from something stupid when I was younger, but technology related), it is harder to get a job with most hi-tech companies. This has, in turn, forced me to do unsavory things to pay my bills...it sometimes feels like an unending cycle, that I can only hope (by letting the conviction get further in the past) will become at least just a badge of shame and not a hangmans mask over me.
  • Hopefully you also have spent some time writing your Senators and Representatives. Hopefully you have taken the time to register to vote. Hopefully you have taken the time to discuss this with other voters, be it in person or on the Net.

    Unless the unjust law affects powerful people such an approach is unlikely to work. Behind such laws is likely to be a politically powerful lobbying group. Who have the ear of politicans 24x7...
    The people who need convincing are judges and police.
  • An embezzeler who has stolen cash (presumably at least with some success, otherwise he'd be "petty thief," and not "embezzeler,") knows how other embezzelers work, and can help guard against them. I'm also willing to bet that a pedophile is far better at picking out other possible pedophiles by just looking, etc. etc.

    Possibly true, but especially with the second example highly politically incorrect...

    Hiring someone convicted of a computer crime has some pretty obvious benefits: yes, the person got caught, so they're probably not The Best. But they're probably also fairly good, and probably knows a bit more about the trade than your average Minesweeper Consultant.

    Remember also that the better crook probably dosn't have a conviction...
  • This is the same country that won't give financial aid to anyone convicted of possesing or selling drugs. The debt is forever, its simply all about making an example out of one person to keep the rest of the herd in line.
  • by Anonymous Coward
    Whatever happened to the idea that once you've done your time, you've also paid your debts to the society?

    Today's society however seems to want to punish "criminals" and criminals forever.

  • Convicted hackers should be *more* desireable from a corporate perspective as they have documentation substantiating their knowledge and are better able to "think like the enemy."

    Whilst I agree with the fact that convicted hackers undoubtedly have certain proven skills, they also have another quality that IMHO makes them unhirable. They have no respect for authority.

    While the job you offer them is "kool" or interesting maybe they'll work for you. But I don't believe you can trust them, or expect them to show any loyalty to your corporation.

    If they get bored, or someone paying more comes along, whatever, they'll have no qualms using their privileged position within your organisation to do whatever damage they feel like.

    I guess it's an argument you can apply to any convicted criminal, but maybe in this case the crime is particularly symptomatic of a lack of respect for society's boundaries.

  • My conviction is for three state felonies. One felony can get expunged. Two possibly. But three, never. (Or at least that's my understanding.)
  • by mpe ( 36238 )
    You can look at their background check and know for a fact that you can't trust them... Computer criminals have name recongition, yes, but is that good?

    Wonder how many of these corporations wouldn't even think twice about buying their software from a bunch of crooks (who's criminal activities vastly excede any "convicted hacker.)
  • My appeal is also primarily based on my claims of constitutionally overbroad and constitutionally vague attributes of the law under which I was convicted.

    Even if I win my appeal, and the law is made useless to prosecutors and harmless to the general populus (who seem to be breaking this law at least a half dozen times a day for each person who uses a computer), there will be some who claim "Well, he just got off on a technicality, or because he had enough money to throw at the problem."

    And then there's the small matter of the quarter million dollars I've had to spend (subsidized in a small part by my legal defense fund, thank you!) which doesn't automatically come back if I win the appeal. Nor does the community service time, or the time I spent in courts. Or the missed opportunity because of bad timing.

    I do not wish what I've been through for anyone else. Even my worst enemies. And that's why I talk about my personal mistakes in public as often as I can (including having given my 90 minute Just another Convicted Perl Hacker talk for user groups, universities, and conferences dozens of times all across the country). The saddest day in my life would be to hear that someone else was taken down for doing their job because they hadn't heard about my case. So please, spread the word!

  • "...and, yes, you'll get in trouble for perjury if you write "no" next to the question that says "have you ever been convicted of a felony?"

    I can understand them asking if you have ever been convicted of a crime, but has anyone ever seen the applications that ask if you have ever been arrested? In a country where you are innocent until proven guilty, and are not required to divulge self incriminating information, how can they ask if you have ever been arrested? This burns me every time I see it, because some holier-than-thu HR person will probably see an arrest, that is, being accused of a crime, as bad. I don't see this as fair to the truely innocent. Legally, I suppose a simple arrest means nothing, but we're dealing with human nature here. Does anybody know more about this?

  • The previous posts do have a small point about a felon's difficulty getting *any* job, but the argument against convicted black-hat hackers ends there. Another poster made a reference and compared convicted hackers to other felons (rapists, robbers, attackers, etc) and this is quite unfair. If you were hiring an assassin, would you considered convicted murderers? They have been caught as well, and they have even been caught doing what you are looking for- it's hypocritical for a group like @Stake to exclude professionals strictly on their computer convictions- it's just plain silly. But you do have to realise that the US doesn't exactly make the road to recovery easy or even endable. A Felon can never again vote, sit on a jury, or own a firearm. This means that if you are convicted of felony assault while drunk and 18 or 21, you can't own a firearm to protect your family 30 YEARS LATER. I don't have an answer for how it should be, but keep in mind that these are people who are eager to contribute lawfully to our society, and we don't just ship them off to Australia anymore.
  • "They can only hope that the hacker does not succeed and sell their data to the highest bidder" - I am sorry but that is bullshit. You cannot be a child-molester without doing someone harm, while getting unauthorized access to a network not only does not harm anyone by itself but furthermore doesn't need to involve any "bad" intentions like wanting to harm the company or making money on the data acquired in that way. Society defined illegal actions in the first place because they were automatically to the disadvantage of someone else. While society as a whole cannot easily overthrow or even rethink the term "illegal" companies who want to hire security-experts should have in mind that there is a difference there.
  • When I think of someone being 'snubbed,' I think of some renegade bookie being killed by John Gotti or a murder witness being hunted by the mafia.

    You're confusing 'snubbed' with 'snuffed'. 'Snub' is exactly the right word. When you go to a party and no one wants to talk to you, you've been snubbed.

    However, CmdrTaco might want to look up the spelling of 'hypocrisy'.

  • On the other hand, there is a lot of research showing that general attributes of the society as applied to a person (age, racial/ethnic/religious group, level of education, level of income) can be clearly correlated to someone's likelihood to both commit a crime and be convicted of it.

    It's also a mistake to assume that the convicted (and arrested) population mirrors the criminal population. Centain demographic groups are more likely to be arrested, more likely to be convicted (and to receive longer sentences.) (Added to this certain types of crime are specifically defined to only apply to certain catagories of people, e.g. rape.)
  • I really don't care whether crackers can pay their rent or not. The only people who are busted for cracking are the ones who are doing malicious things to other people's systems.

    Were I to crack into some computer or another and leave it as I found it, nothing would happen to me, especially if I contacted the people in charge of that system's security and let them know they were vulnerable. Why? Because it simply doesn't pay to sue or prosecute someone when no harm has been done. It isn't worth the time and money. Even if I didn't contact the sysadmins to warn them the company would have very little incentive to go after me.

    On the other hand, if I were going around breaking into people's systems (like Kevin Mitnick), erasing their data (like Kevin Mitnick), and posting their personal files online (like Kevin Mitnick), then I would of course be apprehended and rightfully prosecuted for my crimes.

    I wouldn't want a cracker even in the building where I work, let alone working there too. Why? Because you can't trust them. I don't say that because of their criminal record. I say that because they have shown that they derive pleaure from harming others. Sociopaths don't make good employees, no matter what their technical skills.

    Lee
  • OK, so he got nailed. He did the crime and paid his time. But you also have to look at his accomplishments since getting "caught." He's doing enterprise-level network security audits for corporations that WANT someone with his background testing their network. If I was the CEO of a company that wanted to know if a hacker could breech my security, who better to hire than someone who is well-known for doing just that? The fact he he got caught means someone was actually awake at the CON to see it happen, as opposed to watching TV or playing "DOOM" to pass the time remaining on their shift... Let's face it: Phiber Optik knows his stuff, has his act together, and is using his knowledge to HELP people now, as opposed to HURTING them with it. People have to remember that nobody's perfect, and everyone is guilty of making a mistake from time to time. If they use their knowledge and abilities for something "good" as opposed to focusing on ways NOT to get caught, then in my mind it shows an insight to the bigger picture of what being a "hacker" is all about. ...I'd hire him in a heartbeat.

  • We don't hire serial killers to catch serial killers, do we?

    "Hire," no. But, for example, the investigators looking for the so-called Green River Killer in/around Seattle, when they were stumped, went and asked Ted Bundy for insight into the GRK's methods and advice in apprehending him. It didn't work because they didn't listen to him. There's a book about it, called The Riverman, by Robert Keppel, one of the detectives. It's an accidental case study in cop psychology, showing how their badge-flashing, domineering personalities make them unsuited for dealing with cases involving complex characters like Bundy, who comes off as a weirdly (sym)pathetic antihero, shouting the truth at a brick wall. An odd book.

    So, yes, "we" do "hire" serial killersÑwithout paying them; they tend to be very chatty, and love hearing about the 'sploits of others in the field, and getting to hear and talk about it is payment enoughÑto catch serial killers.


  • Security firms seem to think that hiring people who have broken into other people's machines and caused damage somehow gets them very experienced security folks. I think that's silly.

    Crackers usually know about a lot of concrete security holes and can help companies fix them. But that's the wrong approach, and it is in part responsible for the poor state of computer security today. Making computers secure requires more fundamental changes than patching a few holes around the edges: it requires new system architectures, cryptographic methods, clear design, and better programming languages. Linux, *BSD, or Windows NT will never be really secure.

    Of course, in the short term, all that patching and exploring is lucrative. But if you really want to help make computers secure in the long run, get a good education and stop breaking in.

  • I think I have made this dialogue too personal.

    My point (to which you did not respond) is:
    While there are valid reasons to not employ (or rent apartments to, or lend money to, or insure, or...) convicted criminals, not all criminal convictions are created equal (and some criminal actions may even be truly just) simply accepting the unfairness of it all will lead greater injustice in the long run.

    This is especially true given how pervasive background checks are becoming. Moreover, it is impossible to get background check organizations to treat each case individually because their incentive is to report as much negative information as possible (since if something goes wrong with someone they clear, they're in big trouble while if they fail to clear someone who wouldn't be a problem no one will ever know). And this chain of reasoning is independent of whatever particular unjust law is under discussion. This is a difficult problem and freely admit I don't know how to solve it, but I think the first step is to admit that it is a problem. Your "simple maxim" denies that the problem even exists.

    That said, while I am not perfect and I've only just begun to understand how bad things are getting, I am doing more than buying T-shirts and breaking laws to fight the laws I consider unjust. I am registered and do vote (even in primaries), which can be very frustrating because candidates make it very difficult to figure out where they stand on issues I care about. I am an active participant in the dvd-discuss forum, where I am learning more about these issues and I hope I am doing my part to help the defense of 2600. I am also doing what I can to raise public awareness of these issues (I was part of the chain that helped expose that Time Warner's hypocrisy about linking to DeCSS and I wear my T-shirts in public as much as I can). I am "voting with my wallet" by not buying DVDs and trying to make sure that I don't get entangled with unjust license agreements for the products and services I buy and use. I haven't written to my elected representatives yet, though I plan to once I am done with a move I am in the middle of since I will be a constituent of my "new" representatives for a longer time than I was one of my "old" ones.
  • by lord kiwano ( 124877 ) on Saturday September 02, 2000 @08:13AM (#809012)
    If someone can pull off the same sploits as a big name black-hat, and not get caught, they must have some sort of superior skills that enabled them to avoid getting caught. If they didn't pull off the same sploits, then the scope of the exploits should be weighted more heavily than the conviction in judging candidates.

    Of course, there's also the factor of having the sense to do little enough that you won't get busted.

  • well...this is a little bit more of a grey area when you think that - the people who get caught doing this shit, are, in all honesty, some of the best in the world.

    can you honestly say that phiber optik is just a script kiddie out for giggles with someone else's code? hell no. The other consideration is, is what crackers do enough to warrant them the time and the infamy they get?

    besides - who better to pay to break into a network than someone who has already shown they have vast amounts of experience with it. And that they won't puss out because they think their tactics are too "shady." - You might call these guys a liability. I would call them an asset.


    FluX
    After 16 years, MTV has finally completed its deevolution into the shiny things network
  • You sir, are a turd!
    I know this to be true becasue it takes a turd to know one.


    <O
    ( \
    X
    8===D

    Bowie J. Poag
  • Let's look at this logically. There are both pros and cons to hiring a convicted cracker/hacker.

    Pros:
    It's obvious that they know what they're doing - since they've been convicted for it.
    They know a lot about security, and how to get around it. They could easily find the flaws with your system, and would most likely be able to fix them.
    Cons:
    They are a convicted criminal. It's that simple. Being convicted criminals, they might be more apt to do dishonest things in your company, such as stealing or other things.
    Again, they know a lot about security and how to get around it. They could probably very easily screw up your system if they had no particular loyalties to your company.
    Whether or not one should hire convicted criminals is completely up to the employer. It basically depends on whether or not you think you can trust them. It's obvious that they have the experience and knowledge, but whether or not you can trust them with your system is a whole other matter.
  • When I was a "reckless youth" the worst I did was tresspassing. Cutting across someone's yard in the middle of the night is a bit different than several felonies for computer-related crimes.

    I'm sure the six year old in Chicago who murdered a child was on a "reckless streak" too. There are laws in this society, and you need to observe them. Minor infratcions can be forgiven easily, but most felonies will stick with you for the rest of your life- and they should.

  • We don't hire serial killers to catch serial killers, do we? Nor need a psychiatrist BE bipolar to understand the condition...

    And would you argue, say, that the folks auditing code for OpenBSD (and those in similar projects) do NOT know about computer security, simply because they don't break into other folks systems without their consent? That'd be one approach, but they use their judgement. One could train for a rifle competition by targetting pedestrians, but it's far more appropriate, if less challenging, to practice on a range with paper targets. That's discretion.

    Getting convicted of a serious crime demonstrates a profound lack of judgement or discretion. I see no reason why a company should trust, let alone ever hire, somebody who utterly lacks such traits.
  • Well, it helps that his name was David Smith [melissavirus.com].
  • Is it possible that Mark didn't get hired because he's an obnoxious dickwad?
  • Well, if they were convicted they probably aren't good enough compared to those who get away with it.
  • Now, now. You seem to believe that science of criminology is already at its acme. I merely don't happen to agree. There can be small and non-obvious behavior signs shared by various subclasses of criminals, that a former criminal might just happen to be sensitive to. I'm not saying that anyone who looks like a trucker who hasn't bathed for a few weeks is gonna be a child molestor.

    Either way, it would be accurate to say that a pedophile would be more likely to know, or be aware of methods used by other pedophiles.

    It's a fact that if you're a career criminal at [bank-robbing | child-molesting | computer-cracking] that finally got your self a stay at the state bed-and-breakfast, and you're now looking for a security job in the private sector guarding against whatever you used to do, you'd have an edge over some luser who's out of the latest training proggie in security for whatever...
  • getting unauthorized access to a network not only does not harm anyone by itself but furthermore doesn't need to involve any "bad" intentions like wanting to harm the company or making money on the data acquired in that way

    Kinda makes you wonder why they would bother tracking down and prosecuting those "hackers that don't do any harm", doesn't it?

    And BTW, showing a child your penis in a park doesn't do anybody any harm either. You still go to jail though.

  • Agreed. And it's my assertion that in the case of computer security, breaking and implementing security are merely two sides of the same coin, and that the cracker has already been practicing many of the skills of a security specialist. But that's just IMO, of course.

  • Several of the posters in this thread have spoken with passion of the rights of convicted criminals to resume normal lives. I have seen no posts saying that they should not.

    However, normal lives are one thing - but nowhere does it say that they have the right to do whatever they like.

    Personally, there are a lot of professions that I'd love to be able to pursue - but for which I am unemployable for various reasons (I can't be an astronaut, for instance, because there are plenty more fit candidates).

    Some of these professions I am ineligible for, because of a single "mistake" in my past. I can't be an architect because I chose to study history instead.

    Do I have the right to demand that I be given a job as an architect, from the reasoning that "a single mistake in my past should not be allowed to determine the rest of my life"?

    Of course not. To employ me as an architect would be foolish, and any company that I applied to would be perfectly within their rights to judge me an unacceptable risk in that job.

    In other words, it is the company's decision who to hire, so long as they decided on the basis of objective criteria - i.e. can you do the job satisfactorily, and without constituting an unacceptable risk?

    Convicted hackers have shown that, at least once in their lives, they were security risks. Like it or not, that makes them unemployable by all but the most risk-willing employers.

    A reputation for trustworthiness is an asset, and a fragile thing. Break it, and it is not magically restored when you get out of jail.

    - Ravn

  • "There are legitimate times when, acting as an authorized agent of a corporation, you attempt to break your own stuff. This is the nature of the biz. Sometimes, you dont know if something is going to work, until you try and break it."

    As an example I had to terminate an employee a few months back. Recently, I ran into a router whose password wouldn't work. After checking other routers, I found a total of 7 routers whose passwords had been changed which I didn't have easy physical access to. "PasswordListGenerator" and "Brutus" (don't have URLs at home, sorry) saved my company several thousand dollars in travel costs due to the former employee changing passwords and forgetting to document them. (I am in no way, shape, or form saying these changes were malicious, as they followed our definition and contained nothing libelous. :P)

    That was three days of brute force. Thank God I'm not in Oregon, or I would be in jail right now.

    -- Talonius
  • An embezzeler who has stolen cash (presumably at least with some success, otherwise he'd be "petty thief," and not "embezzeler,") knows how other embezzelers work, and can help guard against them.

    Apart from the fact that embezzlement is a matter of how you steal, not how much, this all seems to suppose that the only thing that counts is technical knowledge or skill. But surely the point is that you have to be able to trust people to whom you give control of, say, your accounts, or your system. Past behavior may be far from perfect as a predictor of future behavior, but it's surely relevant; and past dishonesty is surely at least relevant to the question of trustworthiness. Aren't you just a little less inclined to believe people who have lied to you in the past? If you were to discover that the financial manager you'd entrusted your life savings to had a history of embezzlement, would that make you feel reassured?

    As for the child-molester example: I don't think you've thought this through. Even assuming that child molesters are particularly adept at spotting other child molesters, what importance would such an ability have as a criterion for hiring day-care employees?

  • I don't think i've ever seen anything that asked about arrests, just convictions...
  • If you are a high profile company and allready have the moths doing circles around your flame it shouldn't matter that much. On the other hand many companies see themselves as low profile and do not wish to attract attention to themselves. What really irks me is that many criminals have had their records closed by the court, I have seen common embezzlers that have been convicted of stealing hundreds of thousands easily slide past employment screening. At the same time I have seen computer pranksters denied employment because they were spotlighted by the media. As long as inflated "Hacker stories" are in vogue and considered worthy of reporting innocent parties will be injured.
  • by www.sorehands.com ( 142825 ) on Saturday September 02, 2000 @08:39AM (#809029) Homepage
    Any convicted felon has a hard time getting a job. That's why moost job applicatioons contains a question about past convictions. That is why juvenile records are sealed.

    If a person is convicted and goes to jail while on the job, an employer might have to expend effort in replacing them w/o notice, even if the conviction is not related to the job.

    This is different from time off for injury (say under the FMLA). Being ill/injured is not something that is a person's fault. Committing a crime is a person's fault.

    Putting a person convicted of computer stealing computer data in conputer security is similar to putting an embezzler in a cash counting room or a child molester in a job at a day care provider or a convicted drunk driver as a school bus driver or a perjurer as an attorney.

  • michael milken is a venture capitalist i believe. what hypocrisy!

    --
    And Justice for None [geocities.com]
  • I hope you refer to what the law says. Because it's clearly not true. Everything what happens to to you is your fault. If you have accidents and/or ill often I will fire you.

    I refer to the law, notes from congress, and the courts.

    Murder is illegal, but people still kill.

    Everything that happens to a person dis not always their fault. You stop for a red light, someone rear-ends you, is it yoour fault? Is it your fault your kid gets leukemia? Is it your fault Windows98 has bugs? Nut comes into the office, starts shooting, is it your fault?

  • Click:

    http://www.unm.edu/~finaid/eform01/drugconviction0 1.html

    I did, and sorry, but it made a liar out of you. The debt is not "forever" as you claim unless you have been convicted of taking drugs three times, or selling them twice. And even then, even for selling, all you have to do is complete a drug treatment program. Basicly the prohibition looks to boil down to "we won't give you money if you have a drug problem, stay out of trouble for a few years or complete a program to demonstrate you don't have a problem anymore, and we're all set." Nothing like your orriginal claim.

    -Kahuna Burger

  • "...or it should not be a crime in the first place"?

    Look, like it or not, society's rules are clear enough. Someone who cracks knows that he is committing an illegal action (or, if he doesn't, then he should be locked up for criminal stupidity).

    We could debate whether a particular action should be criminalised or not - but that is what the entire legislative system is set up to do. Whatever we decide is immaterial, unless we can make the legislative system follow suit.

    Now, I will be the first to stipulate that there are numerous crimes on the books that in my opinion are stupid and counterproductive at best, and downright unjust at worst. That does not change the fact that if I choose to deliberately set myself above those laws, I am asking for the full weight of society's retribution to come down on me.

    There are situations where defying the law can be a reasonable thing to do. But when you get caught, it's time to pay the piper - and one of the prices you pay for breaking security is that nobody will ever trust you with important stuff again.

  • I suppose it is sort a sort of filter by natural selection. An employer that would be bothered by the knowledge that they hired a person convicted of the kinds of things "Phiber Optic" was convicted of, would not be a good match for him or her anyways.

    From reading the article it appears (and I only have this single media representation to judge by) that PO was a straight shooter who did not steal and was mostly interested in exploring and understanding.

    Perhaps the biggest crime committed here was a failure to play the political games. During the 80's and early 90's as I remember the internet was more of a wild west where Academic turf was protected vigilante style. An unfortunate explorer might find themselves strung up for being on the wrong port at the wrong time.
  • Of course I wouldn't, but it all boils down to intent.

    I completely understand why the guy who got caught as a young man breaking into computers (probably just for fun) did what he did. I know I did the same thing, and just never got caught. I don't see what he did as a 'sickness', and don't see it as any worse than a *lot* of technically illegal things younger people do.

    A child molester, on the other hand, treads into animilastic behavior and the roots of civilised society; I belive that child molesters don't deserve prison, they deserve death.
  • At some level, it doesn't really matter though. As "cracking" becomes an increasingly convenient catch-all for corporations with lots of lawyers to use against people who do things they simply don't like - criminal or not - we'll see more and more Officially Guilty Crackers. As of today, Randal still is one of these. So he has to put up with having his life wrecked the same as others who admit guilt. This is why this situation is particularly disturbing; we have to realize it will affect many innocent people as well as the guilty ones.
  • A company open-minded enough to hire such a guy is a Good Company to work in. A company that gets holier-than-thou and refuses him is a Bad Company to work. Natural selection works both ways, you know. Darwin roolz.

    (And if the person in question is actually having a hard time finding a job, s/he should switch states - or countries)

  • This is the same country that won't give financial aid to anyone convicted of possesing or selling drugs. The debt is forever, its simply all about making an example out of one person to keep the rest of the herd in line.

    Perhaps they believe that you have shown yourself unable to handle money responsibly. :)

    More seriously, are you stating that this prohibition applies only to those convicted of drug crimes, or is it more broad based against covicted criminals? Also, are you talking about grants, loans, state aid, merit based, institutional, all of the above, what?

    -Kahuna Burger

  • I mean, if a guy has a convition, how good can he be?
  • by merlyn ( 9918 ) on Saturday September 02, 2000 @08:44AM (#809040) Homepage Journal
    My conviction, still in appeal, has been a significant detriment to my business operations. Because any "employment" would have required a note on company letterhead sent to my probation officer, and at least more than one potential client said that this would be problematic to get it through their legal department, I have had to focus on providing Perl training (which did not have the same requirement) rather than Systems and Network consulting for the past six years, which is my primary area of expertise (although I got really good at training as well {grin}).

    This makes me less up-to-date on the latest technologies, and cost me opportunities to do really cool things and be part of a team somewhere, a part of my "former" life that I sorely miss.

    As the requirement for a formal disclosure and acknowledgement of my current legal status ends in just a few more days, I can once again look at being involved in direct consulting, rather than training. (Although being directly employed will almost certainly still not be possible, I can look for opportunities where a company contracts with my Stonehenge company once again.) But the six years in the middle have been very tiring.

    For more information about my ongoing legal battles, please visit the Friends of Randal Schwartz [stonehenge.com] website or send a blank mail message to my autoreply bot [mailto].

  • And would you argue, say, that the folks auditing code for OpenBSD (and those in similar projects) do NOT know about computer security, simply because they don't break into other folks systems without their consent?

    Simply because a statement is true does not mean that its converse it true--you know that. The fact is that convicted computer criminals have (1) name recognition and (2) valuable knowledge about computer security. One of the other posts mentioned the lack of loyalty that computer criminals possess, but that is true of almost all employees in the computer industry. If /. put up a poll asking how many people would leave their current employer for a 20% raise and founders' shares, almost all would respond in the affirmative--employee loyalty is almost non-existant at this time.

    Computer criminals would be a valuable asset to any security consulting firm and can be had for a bargain price. Corporations would be irresponsible to not hire these people.
  • I'm not so sure about "many of the folks in the industry will admit freely to doing the same things". We have a hard enough time getting IT manangers to admit to their bosses they're using Linux/FreeBSD on the mail server. What makes people think that saying "Gee boss, I'm a hacker" is any easier?
  • Here at Rutgers, the guy who wrote the Melissa Virus was hired to work there for a few months _after_ the media spotlighted him. The funny thing is that the university didn't even know it was him, even though he applied under his real name and everything. He left a few days before his trial started, citing "personal reasons." It was not until after he left that they figured out what who he was and what his "personal reasons" were... haha! I wish I could find the story, but it was so long ago...
  • Why is this even on slashdot? Just because it involves hackers? This is no different from any other company running a background check and deciding not to hire someone with a criminal record. Of course these people are supposed to have "paid their debt to society", and start over with a clean slate, but that's not how things work in the real world. We all know it. We may say we don't like the practice, but we would all gladly do the same. Would you hire a convicted child-molester as your babysitter, even if he just served 20 years and "paid his debt"? I didn't think so. If you can't practice what you preach, don't preach...
  • Hacker News [slashdot.org] (operated by @stake) had a story [hackernews.com] on this yesterday. Interesting point: the government will higher criminals, but the security industry won't. Hacker News also points out that the article implies that anyone who has used a handle (Do slashdot IDs count?) must be a gray hat hacker.
  • And even if you can spell you might still be a turd like me


    <O
    ( \
    X
    8===D

    Bowie J. Poag
  • Putting a person convicted of computer stealing computer data in conputer security is similar to putting an embezzler in a cash counting room or a child molester in a job at a day care provider or a convicted drunk driver as a school bus driver or a perjurer as an attorney.

    Bzzzt! You lose.

    An embezzeler who has stolen cash (presumably at least with some success, otherwise he'd be "petty thief," and not "embezzeler,") knows how other embezzelers work, and can help guard against them. I'm also willing to bet that a pedophile is far better at picking out other possible pedophiles by just looking, etc. etc.

    Hiring someone convicted of a computer crime has some pretty obvious benefits: yes, the person got caught, so they're probably not The Best. But they're probably also fairly good, and probably knows a bit more about the trade than your average Minesweeper Consultant.

  • by onyxruby ( 118189 ) <onyxruby@co m c a s t .net> on Saturday September 02, 2000 @09:07AM (#809048)
    We don't hire serial killers to catch serial killers, do we?

    Really? The FBI sure as hell interviews them, utilizes and implements what they have to say. They also interview, and occasionally hire people convicted of computer crime. Take the recent ex-disney exec for example. It often takes a crook to catch a crook. Knowing how a hacker /thinks/ is as important as modus operandi.

    While I certainly agree with you that you that getting convicted of a serious crime demonstrates a profound lack of judgement, I think dismissing someone who was convicted of such out of hand also exhibits a profound lack of judgement. People complain that they don't want an ex-con working with them. So where do these people want ex-cons working? As Reagan put it, "trust, but verify". I'm not saying to go light on these people or the like, but take advantage of what they know. They'll be the first person to thank you for doing so.

  • So we are complaining that people who break the law are suffering because of it? That's how society works. As for the corporate people who do the same thing but just haven't been caught: Innocent until proven guilty.

    If I were a stockholder of @Stake, I'd be a little concerned if they did hire convicted "hackers" (btw, Slashdot, don't complain about the media using the word that way if you do it to). Doing so would expose them to lawsuits if that individual ever screwed up.


    My mom is not a Karma whore!

  • The only thing I do know is that if I do not keep fighting unjust laws (and breaking them, where necessary) then the "land of the free and home of the brave" that I grew up believing in is dead and that is too high a price to pay for my future comfort.

    I am curious as to how you are fighting these unjust laws? By breaking them? By buying t-shirts? Hopefully you also have spent some time writing your Senators and Representatives. Hopefully you have taken the time to register to vote. Hopefully you have taken the time to discuss this with other voters, be it in person or on the Net.

    Of course I say this all out of hyprocicy. I'm not registered to vote, I've written a Congressman but once (a couple years ago), and I rarely, if ever, discuss politics with others. Of course I am not the one professing my distaste for such laws...

  • "I see a rift generating," says Abene. "People who have been able to escape their teenage years unscathed have this elitism. They consider themselves better than other hackers who were unlucky enough to be prosecuted for whatever
    reason, or for whatever mistakes they made."


    Or maybe people who obeyed the law as teenagers look down their noses on convicted felons.

    I'm 15 and _really_ tired of the sterotype that places me as little script kiddie who likes to r00t windows boxen for fun. I don't root computers, I don't have an urge to, and I know many other teens who don't get off on uploading root kits or using NetBus. I quote one of them "I'd be about as fun as shoving a 1 1/2 inch marble up my ass".

    Don't get me wrong, but all the little kiddies I know don't know shit. I could (theoretically) do a lot more than they could towards cracking computers, but I have no desir to. It seems that they only know how to run pre-made programs to break poorly secured computers.

    Don't get me wrong, there are very good crackers out there, but most of them aren't teenagers. If I was a security firm, I'd hire someone who knew what they were doing, not a kid with a script. Security firms don't want the people to crack existing systems (with scripts), they want people who can find security errors before they release the software. There is a large difference.
  • So you are saying that he didnt do it (not a big surprise here... Nearly everyone convicted says hes innocent)...

    The U. and ISP are framing him for all their network problems?

    and that he was dumb enough to trust his "friend" at the ISP and coworkers at the .edu not to blame him for their problems?

    The issue of course is that the case was dismissed, which means that there is no conviction and thus no record/ guilty plea.

    Either he got off easy (if he had done it), or was royally screwed by his friends/coworkers just so that they can cover their asses.. Since there was no trial, many probably just think that he "beat the system" since the evidence never got to be publicy entered as "proof"... and therefore torn down as you say it should have....

    I would like to say it it doesnt happen, but I am painfully aware of situations where trusting co-workers can lead to huge problems...

    Another question is where did the person that thought he was from Jordan get HIS information? Was it from the U. staff, the UPD, the TV station or the ISP? and thus how biased is THAT information?
  • Oh come on ... you're giving the cracker the benefit of the doubt without extending that same thing to the molester...

    He probably molested the kid, just for fun... as you so put it. yet, molesting kids is breaking the law. If the hacker didn't want to break the law, he or she could have set themselves up a system to break into, or else contract their skills out to a company that wanted to have their security tested...

    Maybe I should carry a brick with me and call myself a "security consultant". If people don't try to hire me, i'll smash their windows and snoop around their house. Maybe I'll even leave a few micro-cams laying around so i can spy on them...

    But then maybe someone will see that brick I'm carrying me and ask if i do security consults. I'll say "yes". We'll arrange a meeting. After shaking hands, he walks away, I bonk him on the head with the brick, take his wallet, and announce 'you're not secure', here's how i did it:

    does that person deserve a job? He just took a brcik and smashed a window. Or else he took the brick and bonked someone over the head with it. Anyone can do that. Guido can do that. That's not skill. That's not anything but showmanship.

    On a side note, I'm sure you've read, but in case you haven't... the ACLU? You like them? You like how they defend "our rights"? Well, they've decided to step in and defend "our rights" to molest children, by providing legal counsel for NAMBLA. Fucked up, isn't it?
  • Click:

    http://www.unm.edu/~finaid/eform01/drugconvictio n01.html

    Interesting editorial here:

    http://wildcat.arizona.edu/papers/93/109/03_1_m. html
  • I remember that case. Yes.. To me it seemed that he had gotten a raw deal. I too did not think he had done it.

    I remember him helping me out in learning how to use Linux when everyone on campus was saying that Linux sucked and that they would never run linux on campus since it was not a "real os". (The university was using a Sun based Unix box, an AIX based RS6000, and a Prime box, MS windows Web servers, and novell fileservers/mail)

    They seem to have changed their minds about linux now... only its a little too late. Anyone with linux/opensource know-how left that university a while back... {nobody wanted to be accused of being a hacker since the university portreyd Linux as being a Hacker OS)

    {as an example of the harassment that happened to Linux users: I got my account suspended for printing the net3 and firewall howto. The explanation was that they did not condone printing of hacking documents)
  • Convicted hackers should be *more* desireable from a corporate perspective as they have documentation substantiating their knowledge and are better able to "think like the enemy." They could probably be hired for a lower salary as they would not have the same expectations of somebody who has not recently been in prison.

    Hackers who hack for the thrill or the experiment of it, I can accept, once they've reformed and grown up. Crackers, on the other hand, who are essentially thieves who hack for their own monetary gain, I would stay the hell away from.

  • this is a very different situation from what you mentioned.

    Why?

    Are you saying that child molesters can never better their ways? Once a child molester always a child molester? How about: "once a thief always a thief"? Then how about: "once a hacker, always a hacker"? Can a company that hires a felon convicted for hacking be sure that this hacker will not turn against the company? Or is it OK to hire this hacker, as long as you keep him away from the financial department's computers? How about the clients, can they be sure that this hacker will not probe their systems just a little bit further than what they hired him for?

  • Tell me, you say it is your right to dislike someone, right? Well, as a "law-abiding person", I cannot make you feel or believe anything. Just like I could not have told Hitler not to hate the Jews, if I were alive at the time. The fact of the matter is that yes, you do have the right to be a close-minded bigot, just as you have the right to think anything you wish. But I also have the right to think that you really need to wake up and smell the coffee brewing. How similar are the crimes you give as examples? One requires a computer, skill, and thought; the other requires timing, a vehicle (and a weapon of some kind in most cases). As stated in the original article, most of the industry admits to these "stunts". So you are telling me that you would like to have most of the talented individuals in the industry out of work? You would rather force these people to continue their criminal activities because YOU think that they cannot be trusted? Most people would agree with, sadly enough. I do have my faults, but giving anyone the benefit of the doubt is not one of them. And no, I am not telling you what to do; I'm simply requesting that you think about the situation a little more.
  • What some of you need to remember is that things on the network at WTAMU [wtamu.edu] have changed quite a bit since these events.

    Much of the networking staff/IT [wtamu.edu] there has changed completely. Kenneth is no longer there; but James is still there.

    They (the current networking staff) really have worked hard to fix the problems that plagued their system.

    It is not fair to continue to block them for mistakes in their past.

    Just a guess, but it is most probably James H. and/or the dean of Tech. Dr. Nelson, who follows all of James's "recommendations" blindly, who "advised" the Police department to continue not to allow him access to the campus.

    The police/admins. may not have handled the situation as well as they could have. What they should have done was allow him access to the campus with a restriction on computer access. The problem with that is that his abilities as mentioned here probably meant that they were afraid of his ability to still "get through". Of course the next logical question is.. If he really IS that good, doesnt it mean that if he wanted to harm the campus network, he would have been able to do so remotely anyways, and most probably WITHOUT detection?

    Most of the case file, including a copy of the trespass warnings, and other details can be obtained from him (if you ask nicely) or from the court records (if you are willing to go through the red tape).

    As for the UPD, [writing "forever" on a trespass warning that has a normal limit of 1 year clearly shows a deeper hatred than normal]

    I am surprised he did not go further legally {but funds may have been an issue} since it was obvious that the UPD was most probably abusing the law(s) that allowed them to ban him from campus in the first place.. A law that was meant to stop drug dealers and gang members and other VIOLENT offenders from accessing campuses was possibly being abused by the police to further their own personal prejudices and fears or agendas.

    Some of the same problems on the networks mentioned above; many that seem to have been fixed were some that supposedly the "accused" informed them of a long time ago, but was ignored, and was later on blamed for when they were most probably exploited.

    His "defense" file if they went to trial contains copies of emails to both the ISP and his bosses at the university about some of the problems, as well as an "explanation" of most of the circumstancial evidence that they had..

    Something else that gets me, and was mentioned in that newspaper article, is that the university allows a CONVICTED murderer {manslaughter) [briandeneke.org] to access the campus freely, but yet they deny someone else access to the University...

    One really has to wonder if other factors are in effect here other than the network issues.

    It seems more of a personal grudge than a network/computer issue.

    Something that no-one else has mentioned here is that there is also another third party involved. A third party who initiated the accusation/complaint (their web page was also allegedly erased by the accused), who turns out was applying for the same job position as the "accused" at the ISP [arn.net]

    makes you wonder......

  • s/felony/misdemeanor/

    the terms aren't fuct. the laws are.


    FluX
    After 16 years, MTV has finally completed its deevolution into the shiny things network
  • As far as Federal gun laws go, that Class One misdemeanor might as well be a felony. It is illegal for a person to own a gun if convicted of a crime with a maximum sentence greater than one year. The word "felony" is not used in the statue. 18 USC 922(g) [cornell.edu]
  • Give him a break! I'm sure he knows this, and there's no point in stating the obvious.

    And usually to gain *complete* control over a box you must gain root or some other super-user power/permission, directly or indirectly. Therefore his statement of "rooting a box" can be construed as correct.

    root(unix) = Administrator(Win NT/2k) = normal user( Win 9x/ME ).

    if you use this simple conversion his statement can again be construed as correct.

    If you can state an example of having *complete* control over a box without root/Admin permissions please tell me.
  • a few reasons. one. child molesters freak me out... two. child molesters do not change their ways most of the time. they are mentally ill people. Three. would you rather be a 12 year old and be in a room with a hacker/cracker or a child molester.
  • Re:Putting a person convicted of computer stealing computer data in conputer security is similar to putting an embezzler in a cash counting room or a child molester in a job at a day care provider or a convicted drunk driver as a school bus driver or a perjurer as an attorney."

    "You mean like X president/X husband Bill Clinton practicing law in Arkansas?

  • You're in the process of *appealing*.

    You maintain that you're *innocent*. (And from what I know of what happened, my personal belief is that you are).

    That's a world away from being convicted and not appealing, thereby implicitly putting your hands up and saying, "it's a fair cop, guv. You got me bang to rights".
    --
  • by Anonymous Coward
    You make all these fucking comments about the situation you know nothing about. I myself have gone through the procedure of being charged for "hacking" or whatever. It didn't stick as I was a minor at the time. First off most of the good hackers out there. Don't get caught. They already have good jobs. In any event there is an amount of time that you can't touch a computer; standard and giving by the judge at his/her discretion with anything involving a "net/computer" case. You're also very carefully watched. Your phones are monitored (call logs). You aren't allowed to go interstate, or out of state for that matter. You're not even allowed to "mechanically engineer/reverse engineer" etc anything at all. Most of the times they keep you in a federal prison (which isn't that bad.. you get cable tv, swimming pool etc heh your tax dollars at work) and when you get out and are looking for a job in security the army will snatch you up no questions asked and give you whatever you want. The fbi will snatch you up and give you whatever you want. The list goes on. I'm not condoning getting caught because trust me it sucks hardcore. Especially if you're a minor you end up losing some bit of that "privacy" you once took for granted. However I hate the things people seem to think they know about the situation because its never happened to them.





  • People who state the obvious are turds like me.


    <O
    ( \
    X
    8===D

    Bowie J. Poag
  • by Detritus ( 11846 ) on Saturday September 02, 2000 @08:52AM (#809069) Homepage
    What the hell is a fellon?

    The problem is that a felony conviction doesn't mean as much as it used to. When most people think of felonies, they think of rape, murder and armed robbery. Today, a wide swath of crimes are considered felonies, and politicians and so-called activists for various causes, lobby for the reclassification of misdemeanor crimes as felonies, to "prove" they are serious about fighting crime or to advance some agenda. Some animal rights groups are trying to get "animal cruelty" reclassified as a felony, and some of them have very broad ideas about what constitutes "animal cruelty".

  • ...That it makes no sense _not_ to hire former and convicted hackers and crackers. Face it, they've already been convicted, so people are already watching them like hawks. And would you rather have the people who can find security holes working against you, or working for you?

    Frankly, I'd rather have them working for me...

    Kierthos
  • by Skim123 ( 3322 ) <mitchell&4guysfromrolla,com> on Saturday September 02, 2000 @08:14AM (#809074) Homepage
    These people would also have a harder time getting a job at McDonalds. If you are concerned about your future employability, do not break the law. A simple enough maxim.
  • Convicted hackers should be *more* desireable from a corporate perspective as they have documentation substantiating their knowledge and are better able to "think like the enemy." They could probably be hired for a lower salary as they would not have the same expectations of somebody who has not recently been in prison.

    MindPixel [mindpixel.com] -- help build the world's largest neural network and get free stock!
  • I'm making no such assumptions. To the contrary, I would hope that any good CS graduate from a top school should know how to break into a UNIX or NT system. Just like picking locks (another skill anybody from a good university should know, IMO), breaking into UNIX or NT systems isn't rocket science. It's pretty straightforward, dull, mechanical stuff, or social engineering. And little has changed there over the last couple of decades.

    People have ample opportunity to practice those skills on-campus, in situations where they are not likely to get a felony conviction. It's when people direct that kind of effort against e-commerce, military, and financial sites and when they obtain credit card numbers and other sensitive information, that it suggests both an anti-social inclination and a lack of good sense. Whether they also have a good education or not has nothing to do with it.

    That's basically the distinction between "crackers" and "hackers". Both crackers and hackers may enjoy a good beer afterwards, and both may know how to break into any system, but I would hire a hacker to work on security. I wouldn't hire a cracker.

  • by mindstrm ( 20013 ) on Saturday September 02, 2000 @08:58AM (#809083)
    Unfortunately, that's what happens when you live in the most litigous society on earth.

    Why would it make a difference? Risk analysis. If Phiber ever did something bad (which I have no doubt he would never do.. but that's not how risk management works), and the client who was violated could show that the company *KNEW* he was a convicted felon.. who's negligent? This is the US man.. they would sue @stake for knowingly hiring a convicted hacker.
    Sucks, eh?
  • Whatever happened to the idea that once you've done your time, you've also paid your debts to the society

    That notion should be on a person-by-person basis. If someone commits a crime and serves his time and you want to forgive them, kudos to you, but why should I have to fogive them as well? What if I never want to forgive them for their crime? Don't I have that right as well?

    Companies are like individuals, too. It is solely their decision if they want to hire criminals or not. It's like with GWB... we, the citizens, are his potential employers. It is our judgement call if we wish to elect someone with his... past.

  • Your motives are incorrect, I think.
    It is valid to not want the convict working for you.. but the reason should be fear of litigaton *if* something happens, not fear that he will actually do something.

    I would trust someone equally, had they been conviceted or not. What I don't trust is my clients feeling the same way.
  • I agree that in the eyes of the law the criminal must be treated like an innocent person, but personally I have the freedom to act however I like toward anyone solongas I don't violate their basic freedoms. I can dislike you, Mr. AC, for no good reason and there is nothing wrong with that. In fact, you trying to tell me how I should feel about you (or anyone else, for that matter), is just peachy, since you have that right too... but to expect me to feel or think a certain way? That is criminal.

    Here the point is that criminals should be treated like ordinary citizens because they've paid for their crimes

    How you treat someone is your perogative, and do as you may, but don't expect to instruct me on what choices I need to make.

    So you are telling me that if someone broke into your home, robbed you, was caught and served his or her jail time, that after his or her sentence, you'd embrace this person as a law-abiding, innocent person? One who you wouldn't mind having in your house for tea? Would you hire this person to do yardwork around your house? If you answered yes to both of these, fine, that is your call, but I would have answered no. And for you to tell me that I should and would have to answer yes, that is criminal.

  • by DustyHodges ( 174738 ) on Saturday September 02, 2000 @08:19AM (#809095)
    The article pretty much reeks of whining to me. Not that I don't somewhat have sympathy for the guy, but when you go apply to a fast food place, they ask if you have any prior felonies. If they have something to do with the job that you are going to do (i.e. Stealing from a register) then they can deny you employment. I personally don't think that this is any different, for two reasons.

    1)I don't want, as a corporation, to hire someone who is known to have done illegal things to break other people's security, if his job is to know all waeknesses of security we make. This guy could easily put an obscure back door into all of the security measures, and then exploit it at a later time.

    2)I don't want someone who is known to be a cracker sitting on a computer behind my corporate firewall.

    Now, as an individual, he may be a great, upstanding guy who's only crime was curiosity, but I don't think that a company should have to take a risk on the fact that he may be an idealist.
  • by Signal 11 ( 7608 ) on Saturday September 02, 2000 @08:19AM (#809096)
    If I were a security firm charged with taking money from banks and transferring it to a safe location every evening, would it be sane for me to hire a bunch of convicted bank robbers to do it?

    It is a rhetorical question, but one HNN felt that they had to bring up. No, life is not fair. Yes, some people are wrongly convicted. Yes, there is a stigma attached to computer "crime". Regardless, these are the rules you play by.

    On the other hand, who better to hire than someone who has had real experience, as opposed to a paper cert? No wet-behind-the-ears MCSE is going to know how to craft security policy, how to do risk management, and how to do cost benefit analysis and everyone in the industry knows it.

    It is a calculated risk every time you hire someone who has a criminal past. As a manager, it is your job to evaluate each person one by one and weigh the benefits. Most of the time if you're doing your job right, you'll find most people have had minor brushes with the law (reckless kids get drunk, smash mailboxes, etc), and computers are no different. We may be geeks, but many of us have a reckless streak - it's called being young. To outright deny these people a job is a failing on your part as a manager. Judge each person individually, and not as a group.

  • What insurance company would seek to underwrite a company that knowingly and willingly hires convicted fellons?

    What customer would open up their server room for a week to let convicted fellons "audit" their network?

    It's those 2 words combined, convicted and fellon, that sends chills down the spines of anyone listening, but should it?? ?

    You bet it should! What is says is not only have you been accused of commiting a crime and dispite every possible civil right extended to you (as well as appeals) you still managed to get CONVICTED! That's a dumb move, and you deserve 2 flip burgers in silence while contemplating your mistake.

  • Your points are completely invalid. The crimes are as close as your perspective makes them. 'Hacking' into a computer can often be a trivial task involving not much more skill than being able to click a button twice. Robbery can be a practiced skill, and those who posess those skills can be of great value, often at a much lower risk.
    Many of the best learned a great deal through their 'stunts', but were never caught. Why wern't they caught? In some cases they better then everyone else, in others they did less damage, but they did not get caught. Many people in this discussion believe laws are only to punish, when in reality they are a deterrent. If you are not caught, you are not guilty, that is why the statue of limitation exists.

    Should a delivery person not lose their job if they lose their drivers licesce? What if it is for to many speeding tickets? Even if You speed every day and never get caught? Would you trust your personal information to someone who was convicted of stealing it in the past? Even if they are very good at what they do? Well I certainly do not.
  • I can add something to this discussion, only a little tidbit, though.

    I can tell you that being a convicted felon makes it impossible for one to get a security clearance of any sort from the U.S. Gov't. The FBI will sniff that one out in a second, and if you've got a felony conviction on your record, no clearance. One or two misdemeanors might make it.

    So, if you're a security firm, and you hope to land fat gov't contracts which will require your people to get cleared to some level of security, do you want to hire convicted felons, who can't be cleared?
  • It's not as if L0pht started out as a bunch of angels.
    So Abene was surprised when the company, which was apparently ignorant of his history when asking him to join its budding New York office, abruptly withdrew its offer in the final phases of hiring.

    Also a computer security company that wasn't aware of this Phiber Optik's past kinda worries me.

Money is the root of all evil, and man needs roots.

Working...