Herbless the hacker goes legitimate

[William Knowles <wk () C4I ORG>]

http://www.zdnet.co.uk/news/2000/46/ns-19189.html

Tue, 21 Nov 2000 07:06:37 GMT
Will Knight

The UK's most infamous "black hat" hacker, trying to go straight?

A UK hacker who made a name for himself cracking commercial Web
servers and posting political messages on corporate sites, says that
he/she is now keen to move into legitimate security work.

"Herbless" says that he (or she) is hoping to land some paid work but
has already helped many companies secure their networks -- free of
charge. The benevolent ex-hacker claims not to be a malicious
individual and says his "black hat", or illegal, activities have never
stretched to stealing personal or financial information.

Herbless says that he has only ever revealed a vulnerability when he's
felt that security has been completely ignored and argues that his
past misdemeanours should not be seen as a black mark against his
character. "I would argue that they are assuming that 'wrong' and
'illegal' are the same thing, which is not always the case," says
Herbless in an email.

"All that time I was also helping companies secure their networks. If
I was in the network of a company and discovered credit card details
or such things, I would immediately inform the systems administrators
making sure that the general public didn't find out until the problems
were fixed."

The activities of Herbless nevertheless caught the imagination of the
public and the press because of the political nature of the
defacements and the high profile targets. In September, Herbless broke
into a number of Web sites belonging to HSBC bank and posted pages
criticising the government over fuel taxation. Herbless also struck UK
government Web sites to protest about the government's stance on
smoking.

The uncomfortable nature of this past behaviour leads some experts to
question whether Herbless would make a trustworthy employee for any
computer security company.

Matt Bevan, who was arrested in 1997 for breaking into computers
belonging to the Pentagon, has since founded his own security company,
Kuji Media Corporation. He suggests that even if Herbless doesn't
choose to reveal his past misdeeds he could face a tough time. "His
illegal activity may come back and bite him," he says.

Another consultant, Neil Barrett of security firm IRM, has seen one
recent security evaluation by Herbless. He says that although he has
technical ability, this doesn't detract from his dubious past "He'd
have to work in a team and they'd have to be able to trust him not to
do something stupid," he says.

The presence of hackers with a dark past within legitimate companies
has become a controversial topic in recent months, with some companies
stating that they would never employ someone who has been involved in
criminal activities. Some experts, however, believe that previously
"black hat" hackers inevitably find their way into companies.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".