man-316917_640There are basically two mindsets about hackers. Some hail them as heroes, while others hail them as villains. The reality is a bit more complicated than that, but how we see hackers speaks directly to the question of how we should treat their crimes and what sorts of punishments we should mete out to them when we catch them.

It is true though that hackers have two faces. Hackers built the internet. Without them, you would not be reading these words today. On the other hand, it is absolutely true that hackers with ill intent can, have, and continue to cause enormous damage to digital society. For example, the small country of Belize, population 327,000, was just the subject of a DOS (Denial fo Service) attack on one of its two main service providers which seriously damaged the country's ability to do business for a week.

Below, I will outline the logical argument for handling hackers.

The Hack Is Not The Crime

Hackers delight in finding bugs, exploits, security loopholes and the like. This is actually a good thing, and a valuable public service. I would recommend that if you are ever hacked, and if you can identify who hacked you, provided that the hacker did no actual damage to your system, you offer him a job immediately and put him on the payroll.

Not only does he clearly have skills that your company needs (after all, he got past your current system security guys easily enough), but he can probably offer invaluable insights to protect you from future incursions. Understand then, that my position is that the act of hacking should not be regarded as a crime. He did you a favor. He handed you a blueprint outlining the weaknesses of your system, and a great many hackers don't do any harm at all. They break in just to see if they can. For the sheer joy of being much more clever than the folks you currently have on your payroll.

In the early days of the Internet, that's exactly what we did with the first organized group of hackers, who called themselves “The Legion of Doom.” Most now work for Fortune 500 companies or were hired by the government. They're the ones who built the PRISM system which is spying on everyone from Al'Quaeda to your grandma.

In short, if a hacker hacks you, but doesn't burn you to the ground, hire him. You'll be glad you did.

The Damage Is The Crime

On the other hand, any hacker who not only breeches your defense but proceeds to steal something or damage your systems, should most definitely be punished to the fullest extent of the law. I would go so far as to say that we should in no way coddle these criminals and sentence them for each count of theft individually, such that the group that made off with 40 million credit card accounts should be charged with that many counts of grand theft. Bury these people, and as a mandatory part of their sentencing, strip away every bit of access to technology for ever.

The digital world is our future. It absolutely has to be safeguarded, and anyone who is smart enough to make off with forty million credit card numbers is more than smart enough to know better. Only by sending an absolutely clear message to them can we back away, although note that if my first suggestion is heeded, we'll see far fewer successful hack attacks, because the good hackers will be working for you to actively thwart them.