Recruiting hackers

Written By Madsen Pirie

The news that MI6 is using the Dark Web to recruit spies sets one thinking about how me might recruit teenage talent to work with the force and abandon the dark side. We are told that there are groups of youngsters who co-ordinate cyberattacks on M&S, on Boots and on Jaguar Land Rover. Part of their motive will be to show they can do it, to prove their worth, and to gain status and self-satisfaction among their peers. 

 Could we not recruit talented young hackers into legal defensive roles,apprenticeships, SOC analysts, vulnerability researchers, and malware analysts and opponents? Might we not give them rank and progression inside a formal program (Trainee → Analyst → Senior Researcher → Team Leader) as part of employment or an accredited apprenticeship.

 We could deploy them initially only on defensive tasks and supervised engagements: threat hunting, live incident response (under supervision), malware analysis, red/blue team exercises in authorized testbeds, and co-ordinated vulnerability disclosure.

 Initially, it would be to could combat foreign threats by improving defences, attributing and reporting incidents to law enforcement agencies, taking part in international CERT exercises, sharing intelligence with trusted partners, and hardening critical infrastructure, as an alternative to offensive hacking.

 We might do probation and supervision with, say, 3–6-month technical probation with supervised tasks and restricted access. There would need to be a rehabilitation track if past minor offences exist.

 Further on, we’d need supervised incident response, threat intel basics, malware sandboxing, purple-team exercises. But we’d need them to take on state actors, including Russian, Chinese, and North Korean ones.

 Their mission would initially be to defend and deter, to harden systems, deploy advanced detection, perform threat hunting focused on TTPs (techniques, tactics, procedures) associated with nation-state groups.

 We’d do red teaming to simulate nation-state adversaries in controlled environments to increase resilience. But then would come the offensive capability. If North Korean hackers access cyber currency platforms to steal money, our young hackers could respond in kind to disrupt the North Korean economy and military capability. 

 If the Russian hackers in St Petersburg spread fake trolls to divide and disrupt and influence democratic elections in Western nations, our teenage group could do the same to them, spreading stories about domestic discontent at their Ukraine offensive. If Chinese state-supported hackers try to steal industrial secrets, our youngsters could do the same to them. 

 War is a two-way street, and if we allow hostile players to invade our cyber space, retaliation is a justified response. Frederick Forsyth wrote a very readable novel called ‘The Fox’ in 2018 in which he describes a young hacker being set to work in aid of the Western Alliance. We should take that lesson and use our young (and currently lawless) talent to good effect.

Madsen Pirie

Madsen Pirie
Previous

Countries do not, in fact, trade
Next

So should foreigners volunteer at food banks?