FYI.

This story is over 5 years old.

Tech

Money Is the Reason the Government Can't Hire Decent Hackers, Not Weed

And some found that stereotype insulting.
Image: Shutterstock

Any code-loving weed smokers out there might have felt an extra high this week, when it appeared the head of the FBI indicated he’d like to chuck money at them to hack for the US government. Sorry to poop the party, but it looks like no one who has smoked marijuana is likely to get a job within cyber divisions of law enforcement, certainly not in the US or the UK at any rate.

FBI director James Comey said during a meet with the White Collar Crime Institute in New York on Monday that his organisation was “grappling” with its marijuana policy, as many of the most talented kids “want to smoke weed on the way to the interview.” But he has now backtracked. In front of an altogether more serious crowd at the Senate Judiciary Committee, Comey said he was “dead-set against using marijuana” and had just been exercising his sense of humour.

Advertisement

I brought up the initial comments when speaking with the current head of the UK’s National Cyber Crime Unit, Andy Archibald. He was a little baffled by Comey’s words. Indeed, he found them almost insulting.

“It's a bit of an indictment to say all IT people who go to university smoke hash. It was an unusual thing to say. I don't think there was a need to even say it,” Archibald said. “I'm confident we can get [the right people] who don't smoke marijuana.”

Comey’s comments, though apparently a joke, oddly revived a stereotype that many thought was dead: that of the pot-head, hoody-wearing, pale-faced social outcast sitting in a dark room whacking away at the keyboard.

“That stereotype is long gone. There are some like that but those involved get their kicks more out of what they do rather than drugs. That's not to say a certain number don’t partake in drug taking but it's not a majority,” Brian Honan, who set up Ireland’s first Computer Emergency Response Team (CERT), told me.

The persistence of the cliché may just be a problem at the FBI, according to security consultant and co-founder of Xiphos Research Labs, Michael Kemp. “The FBI have always considered things in stereotypes,” he said. He thinks that the public perception of hackers has shifted, however, because of high-profile surveillance operations, like those being carried out by the US and China. People with cyber skills are no longer caricatures.

Advertisement

Honan said the real problem around luring talented hackers into law enforcement largely comes down to one thing. And that’s money. “The problem faced by law enforcement agencies, including the FBI, is the salaries that are on offer. Many talented hackers can demand high salaries in the private sector or indeed even more from criminal gangs,” he said.

A sub-£100k ($170k) per annum salary isn’t worth bothering with for many, given a hacker can make that kind of money in one go by selling a zero-day exploit (code that targets unpatched, unknown vulnerabilities in software). It’s down to them whether they want to hand their zero-day to a legitimate exploit broker, who tend to have big contracts with governments and law enforcement anyway, or to a criminal organisation, which could use it for nefarious purposes like stealing money from internet users.

If the government can’t increase their salaries, they may be better off boosting training and resources to improve skills amongst the existing workforce, whilst trying their best to convince technically gifted youngsters that law enforcement is the place to be, added Honan.

And that’s what seems to be happening. Archibald said he wasn’t in need of any more money, but told me the UK’s cyber division is in the process of an organisational shuffle, one he hopes will bring in more technically-minded people. “We are about to advertise for the first batch of senior people we want to head up the [teams] with high-end skills, so we have the infrastructure in place to get access to those technical engineers and programmers.”

If you’re planning on applying, you’ll have to prove you haven’t been smoking spliff in recent years if you’re offered the job. If you want to do drugs and work simultaneously, maybe look to private organisations, in the city perhaps, where there are apparently laxer attitudes toward chemical intoxication.