The saw is that sometimes you need a thief to catch a thief, and so it may be with the current crisis in cyberspace around intelligent bots, fake news and the hacking of multiple elections — a hacker army, paid or unpaid, could do a lot to stop the onslaught. Only, with some notable exceptions, the professionals possessing the skills to ferret out and combat the bad guys are hobbled by laws and held at arm's length by society, per the New York Times' Kevin Roose.
I spoke with a few professional hackers and cyber experts. Among the former is Eugene Dokukin, a Ukraine-based man who has run a one-man campaign against Russia since the 2014 Ukraine invasion. In an hour-long chat by Skype, he said the fight goes on — petitioning companies like PayPal, Twitter, Facebook and Google to shut down accounts that he thinks support Russia's cyber war, and hacking into them himself if that doesn't work. "I am a white hat. I am ethical, even if I use unethical methods against the Russians," he said. "It is war."
The bigger picture: On the front lines of an actual shooting war, Dokukin is an extreme example of a proud counter-culture that has existed since computers were invented — nerds who, when they are not working, gladly spend as much time as possible in gaming and cyber exploits. While by and large suspicious of the blanket assertion by American intelligence agencies that Russia is responsible for the 2016 U.S. election hack, many of them are eager to "stop it from happening in the future, whoever is doing it, to help us keep our democracy and move forward," said Veracode's Chris Wysopal.
But there is a labor shortage: In 2015, one estimate was that the U.S. had more than 200,000 open jobs in cyber security. The experts I spoke with said a massive shortage persists. SentinalOne's Jeremiah Grossman said the industry could easily absorb 200,000 new experts, and that the pay is considerable: $60,000 to $80,000 a year to start, to $120,000 to $140,000 for trained professionals. Elite experts can earn $300,000 a year, he said.
And there is a misunderstanding of who they are: Grossman, who said he started hacking when he was 12, said that when he's introduced to people, "I'll say I'm a professional hacker and they'll think I mean professional criminal." This carries over to government rules and attitudes that can block out talented hackers with a long-ago record for breaking into a system.
Meanwhile, the needed skills are rising: Both sides — the bad guys and good guys — have automated their exploits, attacking and defending with programmed responses. Security companies explicitly boast of their hacker culture and mentality, one built around the ethos of open information but also, "How do I break the rules?" Wysopal said.
The bottom line: When the other side is Moscow, it can be a whack-a-mole effort given that Russia has some of the best hackers in the world, that there appear to be a lot of them, and that they are backed by the Kremlin. But there is an eagerness to try.
"Some people see themselves as an extension of the war that is going on, as a sort of digital paramilitary group," said Arik Toler, who works on contract for Bellingcat and the Atlantic Council's Digital Forensics Research Lab. "They are fighting the good fight the way they can."