It has been a number of years since the fantasy that hackers will be offered a job by those who they hacked was even a potential reality, but there are reports that this might still be the case in New Zealand.
An 18-year old hacker, it is claimed, was responsible for writing a number of applications used by an online group called 'A-Team' that not only allowed the creation of a million-plus machine botnet, but also allowed for a range of carding - credit card fraud - activities to take place.
The hacker has since walked free from court, without conviction, despite admitting to his role and his authoring of the software that is certain to have led to real losses (estimated by the FBI at more than US$20 million) for not only the owners of the machines infected in the botnet but also those who had their credit card details stolen, and those who were targeted by machines in the botnet. The only cost to the hacker was a fine of around US$11,000.
People who have been involved in both sides of Information Security research and activities might cringe at the news that the New Zealand police were interested in talking to the hacker about working for them, and that 'several computer programming companies' were also chasing him for his skills.
Even if an individual has a proven unique ability, does their prior history mean that they are suitable for employment or can be trusted not to do anything that is inappropriate with access to sensitive law enforcement or business systems?
Antivirus companies have been vocal in the past in denying that they employ any virus writers and similar claims have been made by many Information Security companies, though there are plenty of people who may have been Grey hats in a prior life who are now happily employed within the Information Security sector.