David Quainton
December 03, 2004

Can you trust poachers who turn gamekeeper?

Hiring a former virus writer is not necessarily good for business, but it will certainly get people talking about your company.

After employing a couple of the world's best known authors of malicious code, two European firms are sparking fierce debate in the IT security world.

"Sometimes, the poacher turned gamekeeper proves successful. But there comes a question of who you can trust," said Len Couture, CIO at network vendor Enterasys. "I'm not sure if I would advise it."

Last month, Czech applications vendor Zoner Software hired a member of the infamous virus-writing group 29A (hexadecimal for 666). A 22 year-old named "Benny" now develops anti-virus software and has allegedly cut ties with his former cohorts.

But despite assurances that he is operating successfully, some industry experts have their doubts.

"We've spoken to people like this in the past and, in my experience, they can't do the job," said Shimon Gruper, VP of security software company Aladdin. "When people have been writing malicious code, they don't have the tools or experience to write securely."

In response to such criticism, Zoner Software argued Benny's experience in virus creation proves he understands how computer security attacks work. If he is successful, there are plans to move into the anti-virus sector.

In September, German IT security firm Securepoint hired 18 year-old Sven Jaschan, self-proclaimed author of the Netsky and Sasser worms. But the move seems to have backfired, with AV vendor H+BEDV now refusing to do any further business with Securepoint.

"We take a dim view of employing virus authors," explained Tjark Auerbach, CEO of H+BEDV.

"The attempt to offer a second chance to an allegedly reformed person must be balanced against the exclusive security interests of our customers."

But Securepoint hit back. "It is not a big company and we don't do very much work with it," said Lutz Hausmann, technical director of Securepoint. "If it wants to do this, then that is fine. I don't care."

Jaschen was arrested in May this year and is still awaiting a court hearing. He said his worms were of a vigilante nature, and designed only to destroy other viruses.

Victims of the Sasser and Netsky viruses include Delta Airlines and the European Commission.

Similar Articles

More in News

Twitter begins rollout of two-factor authentication to limit account takeovers

Twitter begins rollout of two-factor authentication to limit ...

Following a series of high-profile Twitter account hijacks, the microblogging service finally has delivered two-factor authentication.

Commission offers suggestions for stemming online spy threat from China

Commission offers suggestions for stemming online spy threat ...

The 100-page report mostly addresses alleged Chinese cyber espionage operations, and suggests it's time for U.S. government agencies and corporations to consider more proactive approaches, possibly including hack-backs.

Researchers link "Sunshop" group to recent espionage attacks

The IE exploit was most recently used in watering hole attacks directed at the U.S. Department of Labor website.