Facebook followed the trend of tech companies that hire hackers Tuesday by confirming that 21-year-old hacker extraordinaire George Hotz, also known as GeoHot, was on its payroll.
The announcement came in the same month that Sony, the FBI and the Arizona Department of Public Safety were all hacked by the just-disbanded hacking group LulzSec. The announcement also came in the same day that Mastercard’s Web site was temporarily taken down by the hacking group Anonymous, which called it a punishment for the actions Mastercard took against WikiLeaks
The strategy by companies of hiring hackers as security consultants is almost as old as hackers are.
Even companies that have been hacked themselves have done it. Sony, for example, is believed to have tried unsuccessfully to hire Koushik Dutta, a hacker and developer who was the first to hack the Motorola Xoom. Dutta declined the job due to a lawsuit Sony earlier brought against Hotz.
In April, ICANN, the agency in charge of the world’s Internet addresses, named veteran hacker Jeff Moss as its chief of security. Moss, whose hacker name is Dark Tangent, is the founder of Black Hat computer security conferences and annual DefCon gathering of hackers in Las Vegas.
When a hacker has the skills of Hotz, who successfully unlocked the original iPhone and fought off Sony on his own after hacking PlayStation3, hiring a hacker seems to make sense.
But the dangers of hiring a hacker have also been well-documented.
“What if your hacker hasn’t reformed at all, but has merely learned to play the game in a more sophisticated way?” Tech Republic asks.
And so some companies have decided the safer route of hiring hacking “gurus,” such as Google’s hire of Poland computer security expert Michael Zalewski instead of a known hacker. Its caution may have to do with the fact that self-described hackers can sometimes turn out to be cyber-bullies.
Which begs the question — is Geohot now 100 percent reformed? Or will he be tempted to go back, maybe just every so often, to his old hacking ways?