It's common practice for many companies to perform drug screenings and background checks on candidates for employment. After all, you don't want to get stuck with someone who's going to cause headaches down the road. It ensures that you are hiring people who will not cause undue harm to your business or other employees.
But for some reason, many black-hat hackers are not only celebrated, but often sought after and recruited by major corporations.
A few months back, PC Magazine listed "7 Hackers Who Got Legit Jobs From Their Exploits." I would not consider some of the people on the list, like Johnny Chung Lee, who hacked and modified Nintendo's Wiimote controller, to be unscrupulous hackers. Others I would consider to be real cybercriminals, including Michael Mooney and Kevin Paulson, who hacked Twitter, a radio station, and the FBI for no other reason than boredom and greed. Even though these hackers are true criminals, Facebook, Apple, the federal government, and others are swooping in to give them high-paying jobs.
I can understand the federal government's interest. The FBI, CIA, and other agencies deal with criminals-turned-informants every day. They have a history of working with shady people, and they know how to handle them. But I seriously doubt that most corporations really know what they're getting themselves into.
In some ways, I understand the thinking behind hiring grey- and black-hat hackers. Hacking takes a deep technical understanding of hardware and software that is difficult to find. Hackers who develop their own techniques, worms, and viruses are clearly talented, and that talent could be turned into something positive. But would you really trust them? After all, hacking isn't just about showing off your technical prowess. It's also about the thrills or "the lulz." If you ask a former hacker to stop performing criminal offenses and instead work on your legitimate projects, how long will it be before the hacker misses the thrill of the crime?
Now, I'm not saying that people can't be reformed. I realize it's possible, and I'm all for giving people second chances. I just don't think that companies should seek out hackers and effectively reward them for misdeeds. If you do that, your new employee hasn't learned anything, and you'd better prepare for that employee either leaving your company after getting bored or, even worse, doing something malicious in-house for kicks.
What do you think? Have you or would you hire someone who has knowingly been involved in a serious hacking crime?