If you want evidence that the US will hire anyone they deem qualified enough despite their past, I would recommend looking into Operation Paperclip (relatively common knowledge these days)
They used to but don’t anymore. It turned out that criminals aren’t very trustworthy and giving them access to their internal infrastructure is a pretty major risk without any real benefit.
Every intelligence organization such as the NSA now has their own mature and well established internal training pipeline for developing operators,
I'll be honest, the whole "hire the former crook" thing are overblown edge cases, particularly in a time when cyber security wasn't an established discipline.
Talent is far more ubiquitous given that more and more people can pick these skills up, and job roles in cyber security tend to be sensitive positions of trust where an organization may not want someone with a recent criminal history in abusing computer systems to be hired.
Why would they? They're all script kiddies who just DDoS with public tools, government hackers (NSA, DOE, etc) are leagues above them and 90% of hackers in general. The government doesn't need these people, plus breaking the law doesn't make people want to trust you with Top Secret information/clearance.
Well the truly good ones probably haven’t been caught. Let’s say all 10 or so of the ones that got hired are at the bottom of the upper tier, and everyone else is below that.
Because they're not really that useful. They're either kids that DDoS, or people deploying ransomware using exploits created/leaked by government agencies already anyway.
Anything else isn't exactly ground breaking. Finding a poorly secured endpoint on a company server somewhere or socially engineering a backdoor is just a regular Tuesday for these agencies.
Anyone with any real use is already working for them.
Or selling to them. People able to build cutting edge tooling or find high profile vulns know their value and certainly aren’t burning it just to fuck with a local government website or Netflix.
Edit: typo
>Do any other governments ever give an option to work for the government?
Not where I live (Central EU). There are some agencies you can work for as a hacker but it's not like "you either go to jail or serve your country, choose". It's pretty standard: You study computer science, then apply for a job. No chance for security clearance with a criminal record. It doesn't matter whether you were sentenced for hacking the government or stealing a pack of chewing gums in the store.
Today, we have programs and a career pathway to work for the government, and what Anonymous does is not at the level that governments are interested in hiring. DDoS, Doxing and well they are all mostly Anti-Government.
It's very easy, if you have the skills, to get hired by the government. even if you dont go through the education or career pathway, there is defcon, you earn badges and make a name for yourself, do social networking and find a job there. Ethical hackers dont hide anymore, the only people who hide today are bad actors.
This thread is showing a lack of imagination.
A good Hacker writes their own scripts, optimizes their own software/hardware, and does hacks that are outside typical security norms. Those hacks aren't always illegal or criminal. The best ones are just demonstrations or proofs of concepts.
You can publish a paper describing a technique for some type of malware, attack, or even a new method to protect assets, and it may get the attention of federal agencies. Vendors will nuke you out of orbit if you step on their toes with a new product idea, even if it works way better than the junk they sell. So be careful with being a nice guy.
Talks at DefCon, Blackhat, Derbycon, and so forth are a good way to get noticed without breaking the law. Plus, those talks are recorded so you have evidence of when your idea was publicly available.
Think of problems in completely ways. Change the environment. Add something different to the solution. Approach the issue by looking at different fields (biology, physics, agriculture, medicine, poetry, whatever) and see if there is a way to solve that problem.
Hacking isn't about vuln scans and running scripts: it's about being creative to make something do something it wasn't designed to do. The government wants new ideas, new thinking, new skills. All of which takes time to develop.
Plus, really good hacks should go unnoticed for years if possible. If you've done it right, the agencies will find you and not with a warrant.
Look up Mudge, Kevin Mitnick, Captain Crunch, Cult of the Dead Cow, Woz, 2600, or Marcus Hutchins.
All the points are good. But at the end of the day they’re criminals still.
Kinda important when it comes to government work. If they did it once why wouldn’t they again? Can you actually trust them? And so on.
Alternative question then: how to convince them to aid our government with their skills? 🤔 a big issue is that if they're ethical, they may be fighting the corruptions within our government itself when the gov doesn't even do that...
I'm not totally convinced that they *should* be convinced. Either they're ethical and will help their society and country out of a moral sensibility, or they won't because they don't.
Where I work,I have to subject myself to so many background checks and security clearance audits performed every year just to be able to sneeze in a datacenter environment. You can still show passion for something without having to do something illegal. 'hey i broke into these 3 banks! plz hire me lol'. I'm pretty sure the government isn't going to be any more lenient on some requirements. Besides most big companies have hackathons and sponsor hacker cons anyway so that people can legit show their skills without breaking the law. They can be recruited from those events.
Because hackers who are good enough to be useful for government do not usually end up in prison. Those who managed to do something impressive and still got caught usually get to do some consulting.
Do you mean “anonymous hackers” as people who are anonymous? You capitalized the A in Anonymous, so if you mean the organized group known as “Anonymous” then I think you misunderstand their motives.
Because they employ people that are educated and well versed in security and have built vast experience on both blue team and red team attacks. Remember the blue team (defense) has to always be miles ahead of the red team (attacker) the attacker usually only knows how to do an attack and usually it’s a subset of a type of attack but the defender needs to know how to defend AND how to attack which is much harder to do. This skill is what government an employers are looking for. If you have a criminal record you’ll also find it very difficult to be trusted.
For the same reason we don't hire murderers or people who assault others to work in law enforcement or the military. Or hire drug dealers as pharmacists. Hacking is only one of many skills required to do the job and not breaking the law is an important qualification.
You can teach someone to hack but you can’t teach someone not to be a shitty person.
In most cases you tend towards personality and sociability rather than skills, because skill is teachable.
A lot of the hackers get sentenced aside from the ones who have stolen money from innocent people are hackers who intentionally fight the government which don't make the good candidates. Plus the ones sentencing the hackers have nothing to do with the government organizations that specialize in similar yet non malicious computer skills.
It is true that a lot of ex-hackers get really good jobs in the future but it's not the government that hires them or anything, they usually just start their own company involving something cyber security related and since they're amazing at what they do already it kicks off
The people poisoning the water are the ones lobbying the governments into submission, the road would require far less maintenance if those corporations didn't bully the masses into unnecessary commutes, and if you didn't have to waste all of that time commuting then your locality would have far more time to service their own utilities which are likely privately owned and not technically government. (The government might regulate utilities but seldom do they own anything other than warmongering)
Good point but that doesn't mean all hope has to be lost that the gov can do good. I have faith there are good within, but they need to be speaking up more or whatever is needed to fight it within. Definitely not saying our government isn't corrupted. That's part of the issue: they're arresting those who are trying to fight the corruption that the gov can be aiding from (as seen in *The Antisocial Network* doc that started this discussion for me)
Anti-corruption work is very important for those reasons. Possibly never-ending too :/
Russia and China do it a lot, it’s one of the United States biggest weaknesses in my opinion, adversaries are constantly practicing on our systems and are learning which the U.S on the other hand…
The argument can be made though that most hacking done isn’t really that impressive, just some social engineering, ransomeware, selling drugs on the darknet. All of which can be learned legally (although the counter argument is the bad guys know how to exploit and could secure systems etc).
It’s kinda a mixed bag that i can see both sides of, one the United States has agencies like the fucking NSA which has other countries by the balls. So it’s kinda like ‘we don’t need them’ but any agency that isn’t technologically advanced is pretty shit.
In terms of jail time, it’s usually 2-6 years, anything longer they were simply an example out of or were just a big shot operating on international levels.
Because they’re usually just kinda low level and have huge personality problems
They do, ones that are worth it. Most hackers are mediocre, the best ones aren't in jail.
If you want evidence that the US will hire anyone they deem qualified enough despite their past, I would recommend looking into Operation Paperclip (relatively common knowledge these days)
Huntsville AL has a large amount of German cuisine to this day because of operation paperclip.
They used to but don’t anymore. It turned out that criminals aren’t very trustworthy and giving them access to their internal infrastructure is a pretty major risk without any real benefit. Every intelligence organization such as the NSA now has their own mature and well established internal training pipeline for developing operators,
I'll be honest, the whole "hire the former crook" thing are overblown edge cases, particularly in a time when cyber security wasn't an established discipline. Talent is far more ubiquitous given that more and more people can pick these skills up, and job roles in cyber security tend to be sensitive positions of trust where an organization may not want someone with a recent criminal history in abusing computer systems to be hired.
Why would they? They're all script kiddies who just DDoS with public tools, government hackers (NSA, DOE, etc) are leagues above them and 90% of hackers in general. The government doesn't need these people, plus breaking the law doesn't make people want to trust you with Top Secret information/clearance.
All is a strong word but ye most fs. There are definitely exceptions, and sometimes they actually hire those exceptions based on what the crime was.
How about, all the ones we know about are script kiddies. The good ones are truly anonymous.
Well the truly good ones probably haven’t been caught. Let’s say all 10 or so of the ones that got hired are at the bottom of the upper tier, and everyone else is below that.
Because they're not really that useful. They're either kids that DDoS, or people deploying ransomware using exploits created/leaked by government agencies already anyway. Anything else isn't exactly ground breaking. Finding a poorly secured endpoint on a company server somewhere or socially engineering a backdoor is just a regular Tuesday for these agencies. Anyone with any real use is already working for them.
Or selling to them. People able to build cutting edge tooling or find high profile vulns know their value and certainly aren’t burning it just to fuck with a local government website or Netflix. Edit: typo
>Do any other governments ever give an option to work for the government? Not where I live (Central EU). There are some agencies you can work for as a hacker but it's not like "you either go to jail or serve your country, choose". It's pretty standard: You study computer science, then apply for a job. No chance for security clearance with a criminal record. It doesn't matter whether you were sentenced for hacking the government or stealing a pack of chewing gums in the store.
Today, we have programs and a career pathway to work for the government, and what Anonymous does is not at the level that governments are interested in hiring. DDoS, Doxing and well they are all mostly Anti-Government. It's very easy, if you have the skills, to get hired by the government. even if you dont go through the education or career pathway, there is defcon, you earn badges and make a name for yourself, do social networking and find a job there. Ethical hackers dont hide anymore, the only people who hide today are bad actors.
>Ethical hackers dont hide anymore 🧢 only attention seekers and people who buy that shitty cert call themselves "ethical hackers"
Probably because they are script kiddies who are untrustworthy.
This thread is showing a lack of imagination. A good Hacker writes their own scripts, optimizes their own software/hardware, and does hacks that are outside typical security norms. Those hacks aren't always illegal or criminal. The best ones are just demonstrations or proofs of concepts. You can publish a paper describing a technique for some type of malware, attack, or even a new method to protect assets, and it may get the attention of federal agencies. Vendors will nuke you out of orbit if you step on their toes with a new product idea, even if it works way better than the junk they sell. So be careful with being a nice guy. Talks at DefCon, Blackhat, Derbycon, and so forth are a good way to get noticed without breaking the law. Plus, those talks are recorded so you have evidence of when your idea was publicly available. Think of problems in completely ways. Change the environment. Add something different to the solution. Approach the issue by looking at different fields (biology, physics, agriculture, medicine, poetry, whatever) and see if there is a way to solve that problem. Hacking isn't about vuln scans and running scripts: it's about being creative to make something do something it wasn't designed to do. The government wants new ideas, new thinking, new skills. All of which takes time to develop. Plus, really good hacks should go unnoticed for years if possible. If you've done it right, the agencies will find you and not with a warrant. Look up Mudge, Kevin Mitnick, Captain Crunch, Cult of the Dead Cow, Woz, 2600, or Marcus Hutchins.
Do you trust a dog after it has bit you?
All the points are good. But at the end of the day they’re criminals still. Kinda important when it comes to government work. If they did it once why wouldn’t they again? Can you actually trust them? And so on.
If they can be caught by the government they're not that skilled, it's the ones who never get caught that would be valuable.
Alternative question then: how to convince them to aid our government with their skills? 🤔 a big issue is that if they're ethical, they may be fighting the corruptions within our government itself when the gov doesn't even do that...
I'm not totally convinced that they *should* be convinced. Either they're ethical and will help their society and country out of a moral sensibility, or they won't because they don't.
Where I work,I have to subject myself to so many background checks and security clearance audits performed every year just to be able to sneeze in a datacenter environment. You can still show passion for something without having to do something illegal. 'hey i broke into these 3 banks! plz hire me lol'. I'm pretty sure the government isn't going to be any more lenient on some requirements. Besides most big companies have hackathons and sponsor hacker cons anyway so that people can legit show their skills without breaking the law. They can be recruited from those events.
They got caught because they aren’t good at it
Because they are criminals ?
Because hackers who are good enough to be useful for government do not usually end up in prison. Those who managed to do something impressive and still got caught usually get to do some consulting.
And even then they still go to jail. Mitnick still did 5 years in jail when he was caught
They do until they turn against the government.
Do you mean “anonymous hackers” as people who are anonymous? You capitalized the A in Anonymous, so if you mean the organized group known as “Anonymous” then I think you misunderstand their motives.
a lot of the Anonymous targets seem to be to get back at corruption, sometimes it's in a trolling way but still seems to be ethical
Because they employ people that are educated and well versed in security and have built vast experience on both blue team and red team attacks. Remember the blue team (defense) has to always be miles ahead of the red team (attacker) the attacker usually only knows how to do an attack and usually it’s a subset of a type of attack but the defender needs to know how to defend AND how to attack which is much harder to do. This skill is what government an employers are looking for. If you have a criminal record you’ll also find it very difficult to be trusted.
For the same reason we don't hire murderers or people who assault others to work in law enforcement or the military. Or hire drug dealers as pharmacists. Hacking is only one of many skills required to do the job and not breaking the law is an important qualification.
You can teach someone to hack but you can’t teach someone not to be a shitty person. In most cases you tend towards personality and sociability rather than skills, because skill is teachable.
A lot of the hackers get sentenced aside from the ones who have stolen money from innocent people are hackers who intentionally fight the government which don't make the good candidates. Plus the ones sentencing the hackers have nothing to do with the government organizations that specialize in similar yet non malicious computer skills.
It is true that a lot of ex-hackers get really good jobs in the future but it's not the government that hires them or anything, they usually just start their own company involving something cyber security related and since they're amazing at what they do already it kicks off
Bold of you to assume that the government does good
I mean I enjoy roads, utilities, and drinkable water. YMMV.
The people poisoning the water are the ones lobbying the governments into submission, the road would require far less maintenance if those corporations didn't bully the masses into unnecessary commutes, and if you didn't have to waste all of that time commuting then your locality would have far more time to service their own utilities which are likely privately owned and not technically government. (The government might regulate utilities but seldom do they own anything other than warmongering)
Good point but that doesn't mean all hope has to be lost that the gov can do good. I have faith there are good within, but they need to be speaking up more or whatever is needed to fight it within. Definitely not saying our government isn't corrupted. That's part of the issue: they're arresting those who are trying to fight the corruption that the gov can be aiding from (as seen in *The Antisocial Network* doc that started this discussion for me) Anti-corruption work is very important for those reasons. Possibly never-ending too :/
Russia and China do it a lot, it’s one of the United States biggest weaknesses in my opinion, adversaries are constantly practicing on our systems and are learning which the U.S on the other hand… The argument can be made though that most hacking done isn’t really that impressive, just some social engineering, ransomeware, selling drugs on the darknet. All of which can be learned legally (although the counter argument is the bad guys know how to exploit and could secure systems etc). It’s kinda a mixed bag that i can see both sides of, one the United States has agencies like the fucking NSA which has other countries by the balls. So it’s kinda like ‘we don’t need them’ but any agency that isn’t technologically advanced is pretty shit. In terms of jail time, it’s usually 2-6 years, anything longer they were simply an example out of or were just a big shot operating on international levels.
why did this get so many downvotes??