UK’s Cyber Defence Force Could Welcome Convicted Hackers

If black hats pass the background checks, they could join the military, says head of the new Joint Cyber Reserve Unit

Convicted hackers could join UK’s Joint Cyber Reserve Unit (JCRU) since the application process is based on “capability development”, said Lieutenant Colonel Michael White in an interview with BBC Newsnight on Monday.

The £500 million unit, announced by the Ministry of Defence in September, will conduct both defence and offence operations. Recruitment for JCRU started earlier this month.

Going legit

The UK is experiencing a worrying shortage of staff equipped with adequate IT skills. This is especially critical in cyber security field – according to government statistics, 93 percent of large corporations and 76 percent of SMBs reported a cyber breach in 2012.

jcjgphotographyOffice Minister Francis Maude previously said that the Joint Cyber Reserve Unit was designed to “draw on the wider talent and skills of the nation in the cyber field”, letting the armed services call upon extra help when they need it.

The organisation’s recruiters primarily target former military personnel, reservists with the required skills, and civilians with the appropriate technological knowledge.

But the skills shortage is so severe that the government is ready to consider employing convicted hackers, as long as they pass all relevant checks. “I think if they could get through the security process, then if they had that capability that we would like, then if the vetting authority was happy with that, why not?” White told the BBC.

Defence Secretary Philip Hammond previously said that each application would be evaluated individually, and success of former convicts would depend on the severity of their crime.

“This sounds like something straight out of Hollywood – using convicted prisoners to engage in an impossible mission under the cover of special exemption from the government,” commented Dwayne Melancon, CTO of security company Tripwire. “It makes sense that these individuals may have the skills needed to help in cyber defense, but it will be key to follow a ‘trust but verify’ model in which they are supervised closely to mitigate the risk that they will do something criminal or disruptive.

“The MoD must also be careful not to send the message that ‘past sins will be forgiven’ as that can lead to a feeling that ‘future sins could be forgiven.’ In other words, if this were construed as a sort of ‘amnesty act’ for cyber criminals, we could have far more problems in the future.”

Mustafa al-Bassam, a convicted member of the LulzSec cyber gang, argued that the data collection practices employed by the UK and US cyber security forces and revealed by Edward Snowden could discourage many talented hackers from working for the government.

For those who don’t fancy working for the army, the police national cyber crime unit (NCCU) is also recruiting – it seeks 400 security trainees.

How well do you know Internet security? Try our quiz and find out!