Herbless the hacker goes legitimate

A UK hacker who made a name for himself cracking commercial Web servers and posting political messages on corporate sites, says that he/she is now keen to move into legitimate security work.

"Herbless" says that he (or she) is hoping to land some paid work but has already helped many companies secure their networks -- free of charge. The benevolent ex-hacker claims not to be a malicious individual and says his "black hat", or illegal, activities have never stretched to stealing personal or financial information.

Herbless says that he has only ever revealed a vulnerability when he's felt that security has been completely ignored and argues that his past misdemeanours should not be seen as a black mark against his character. "I would argue that they are assuming that 'wrong' and 'illegal' are the same thing, which is not always the case," says Herbless in an email.

"All that time I was also helping companies secure their networks. If I was in the network of a company and discovered credit card details or such things, I would immediately inform the systems administrators making sure that the general public didn't find out until the problems were fixed."

The activities of Herbless nevertheless caught the imagination of the public and the press because of the political nature of the defacements and the high profile targets. In September, Herbless broke into a number of Web sites belonging to HSBC bank and posted pages criticising the government over fuel taxation. Herbless also struck UK government Web sites to protest about the government's stance on smoking.

The uncomfortable nature of this past behaviour leads some experts to question whether Herbless would make a trustworthy employee for any computer security company.

Matt Bevan, who was arrested in 1997 for breaking into computers belonging to the Pentagon, has since founded his own security company, Kuji Media Corporation. He suggests that even if Herbless doesn't choose to reveal his past misdeeds he could face a tough time. "His illegal activity may come back and bite him," he says.

Another consultant, Neil Barrett of security firm IRM, has seen one recent security evaluation by Herbless. He says that although he has technical ability, this doesn't detract from his dubious past "He'd have to work in a team and they'd have to be able to trust him not to do something stupid," he says.

The presence of hackers with a dark past within legitimate companies has become a controversial topic in recent months, with some companies stating that they would never employ someone who has been involved in criminal activities. Some experts, however, believe that previously "black hat" hackers inevitably find their way into companies.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read what others have said.