According to a report in the Daily Express newspaper, the British intelligence services have hired “50 computer-savvy hackers – some of them still teenagers” to work in the Cyber Operations Command that was recently announced as a part of the UK Cyber Security Strategy.

Would you trust this person with your cyber security?

 

Back in June, when the Cyber Security Strategy was announced I blogged about how surprised and disappointed I was with the comments made by Lord West at the time. By way of a reminder, Lord West told the BBC

 ”They had not employed any “ultra, ultra criminals” but needed the expertise of former “naughty boys”, he added.

“You need youngsters who are deep into this stuff… If they have been slightly naughty boys, very often they really enjoy stopping other naughty boys,” he said”

 

I had actually hoped at the time that this was more ill-informed media bluster than actual truth, unfortunately that seems not to be the case. The Daily Express article reminds us though that this crack team of teenage (former) bad boys have all had to sign the Official Secrets Act so they can’t tell their girlfriends or their mums and dads what they are up to. So that’s alright then isn’t it?

 

Let me get this straight, I am not here to complain about young people getting jobs or about the Cyber Security Strategy in general. What really upsets me with this story is the implication that *only* young (former) criminals have the skills required to carry out the work necessary to combat cyber terrorism. I have not personally met any of the team that have been hired for these posts at Cyber Operations Command, but I have a feeling that they wouldn’t care too much for the implication either.

 

It is entirely unacceptable that our security services and our government are broadcasting the message that the only qualification necessary for a job in MI5 is being a hacker (one bad enough to have got caught). People who have been found to have broken the law should not be allowed to profit from their misdeeds especially by way of an employment offer in the very field of their criminal activities. Would you hire a convicted embezzler as a your accountant? How about a teenage convicted embezzler?

 

The Daily Express article goes on to state “The hackers have also intercepted messages from terrorists in Belmarsh maximum security prison“. Perhaps I am being naive here, but why on Earth are convicted terrorists being allowed accces to technology that allows them to send (one would assume) encrypted messages from prison? Surely if a prisoner still poses a threat to national security, shouldn’t their communications be monitored or at least restricted as necessary?

 

It would be really beneficial if, instead of inviting criminals and hackers to assist in these commendable national security endeavours, the government approached the application, network and content security communities who have, for many years, been combating malicious, criminal computer and network related activity Please concentrate your activity on the creation of meaningful and sustainable detective and enforcement alliances with international partners. Involve Internet Service Providers in initiatives aimed at cleaning up the huge population of home computers already being exploited by cybercriminals. Don’t waste your time telling schoolboy tales of hiring “naughty boys” for hi-tech derring-do.