At some point, Ernst & Young employees have stated to attrition.org staff that they "don't hire hackers" or "only hire ethical hackers". This was a common theme among security companies for years, trying to put themselves on an ethical pedestal. The fact is, they all do. Some just don't realize it.
"Global professional services firm Ernst & Young actually gets paid for hiring out their `ethical hackers' to large companies, mostly in the banking, insurance, B2B and B2C arenas."
During October, Ernst & Young (E&Y) aims to teach 60 people to break into Windows NT and Unix systems, and deface Web sites.
The course also draws on the skills of "reformed hacker" Stieler van Eeden, who defaced the Web sites of the Johannesburg Stock Exchange and Computicket, among others, earlier this year. Using the moniker Akt0r, Van Eeden defaced pages in an effort to find a job in the security industry. Ernst & Young was happy to oblige.
"There was some concern when we hired him," says Lubbe, "but it was absolutely the right decision. We have learned a lot from Van Eeden and he can teach our clients a lot of things."