Bad Hackers Turned Good Get Top Spot in Facebook Manhunt
Spend your Saturday night in a dimly-lit room crowded with hackers and you may well land a job in recession-hit Europe. Recruiters are scouring hackathons -- venues for self-trained computer geeks to meet and train -- to find those who could help fend off cyberthreats.
Companies and governments in western Europe will need to double the number of security specialists by 2015 and are set to face a shortage of talent, researcher IDC says. While jobless rates in the 17-nation euro region hit 11 percent in March and April, security employment is getting a boost from tougher regulation and heightened awareness, sparked by high-profile breaches at companies, including LinkedIn Corp. (LNKD) and Sony Corp.
“There’s no diploma to become a hacker,” said Guillaume Vassault-Houliere, 29, also known as Free_Man, who helped host 1,200 participants outside Paris last weekend in an event started 10 years ago by a local hacker. “Recruiters drop by looking for talent that just can’t be learned at school.”
Employers from Facebook Inc. (FB) to the U.K. government have put up “wanted” signs looking for so-called white-hat hackers -- computer geeks who probe networks and pry into private data for recognition or just plain fun, not for money or criminal purposes. The U.K. Ministry of Defence said last year it planned to hire hundreds of security specialists.
Jonathan Evans, the head of the U.K. security service, known as MI5, said this week in a speech in London that one publicly traded British company incurred losses of 800 million pounds ($1.25 billion) in revenue from a hostile “state- sponsored” attack. “They will not be the only corporate victim of these problems,” he said, without identifying the target.
Recruiters are turning their backs on resumes, diplomas, suits and ties as they work to attract atypical, sometimes marginal profiles that fit into a different set of rules.
“We need to find a way to allow the most skilled people in the world to land a job, instead of going to work for the mob,” said Winn Schwartau, a security consultant in Nashville, Tennessee, who is starting a Web portal matching recruiters and hard-to-come-by candidates. “The mob has its own geek headhunters, and guess what: They pay better and they don’t care if you have long hair or a tattoo.”
Long-haired men in their early 20s made up most of the crowd on a Saturday night on the outskirts of the French capital, as they arranged computers and swapped their names for aliases to enter the country’s biggest hackathon. For 11 hours, starting at 8 p.m., they emptied beer bottles and worked to defend their team’s servers and infiltrate those of rivals in a cyberwar similar to the one companies and governments are fighting in real life.
This year’s event got extra attention from recruiters because recent high-profile attacks have reminded organizations of the growing, increasingly complex threats, Vassault-Houliere and other organizers said, declining to name the recruiters because they asked to remain anonymous. This month, LinkedIn said that hackers had stolen 6.5 million user passwords. Customers of CBS Corp. (CBS)’s Last.fm music site and EHarmony Inc.’s dating portal also had passwords stolen.
“Governments, large companies, banks -- we have all been attacked on a regular basis,” said Boris Hajduk, chief information security officer at Paris-based Viadeo SA, a social network for professionals that competes with LinkedIn. “The attacks are more and more technical and visible, so we have to reinforce our defense skills.”
Viadeo is hiring to strengthen its cybersecurity team and regularly goes to hackathons to spot talent, Hajduk said. Paris- based Sysdream, which helps banks, energy companies and the French Ministry of Defense protect their systems, has also recruited staff at the events, co-owner Olivier Franchi said.
“The only question I ask when I’m doing a job interview is ‘How long have you been hacking?”’ Franchi said. “I need people younger than 30, who will skip reading the manual when they get their hands on a new gadget.”
Menlo Park, California-based Facebook, the world’s largest social network, has posted an ad on its site saying it is “seeking a passionate hacker who derives purpose in life by revealing potential weaknesses and then crafting creative solutions to eliminate those weaknesses.”
Companies need to exercise caution when recruiting hackers, said Graham Cluley, a technology consultant at Abingdon, England-based security firm Sophos Ltd. Antivirus companies, for instance, typically avoid hiring malware programmers to avoid causing concern to customers, Cluley said.
“We need to trust our engineers and our partners need to trust us,” he said. “If there’s someone that’s done something criminal, that’d be a big no-no.”
The British security service is using unusual methods to seek out candidates. GCHQ, the government’s intelligence and cybersecurity arm, last year set out a code with 160 groups of letters and numbers on an unmarked website, with successful code breakers taken through to a site listing relevant jobs available. Applications increased by 42 percent following the campaign, according to a GCHQ representative.
“We’re recruiting more people who can think both like a hacker and a defender to help us stay ahead of our adversaries,” the agency said on its website.
Governments also want programmers and software engineers to build as well as to protect, and are using hacking to get there, Rohan Silva, a special adviser on technology to U.K. Prime Minister David Cameron, said in an interview. Over the next 12 months, coders will be given data on topics from transport to health in hackathon sessions to find ways of making such information more easily accessible, he said.
At the Paris contest, the winners landed a trip to Las Vegas, where they will attend the world’s biggest hackathon, dubbed Defcon. Though some contestants left with business cards from recruiters, many said they came to meet and make friends, not for the job opportunities.
“You get to finally meet face-to-face with those you’ve been chatting with online for months,” Vassault-Houliere said. “It’s a tight community. We all know each other. The holy grail after-hours of hacking is really just grabbing a beer together.”
To contact the editor responsible for this story: Kenneth Wong at email@example.com