Dan DeFelippi is a reformed black hat hacker. A decade ago, in December, 2004, the skilled hacker was arrested for various felonies, including phishing, credit card fraud and identity theft. He agreed to pay restitution and spent the following two years working for the U.S. Secret Service to infiltrate the underground world of online criminal activity.
Now solidly on the white hat side, Mr. DeFelippi uses his knowledge of hacking to do consulting, give talks and stays in touch with the hacker community. He does acknowledge, however: "The incentives on the black hat hacking side tend to be stronger than the incentives on the white hat side."
As credit card fraud becomes unavoidable, the best defence, say security experts, is hiring people who can think like criminals. This mantra has become so widespread that it has been adopted by private firms offering training to become a "Certified Ethical Hacker" – or "white hats," as they are often called, as opposed to "black hats" who engage in harmful hacking. Attendance at annual hacker conferences Black Hat and DEF CON is soaring.
In addition to experience in information technology, successful white hat hackers have an innate sense of curiosity and the desire to continuously learn new things, Mr. DeFelippi said in a phone interview. "A lot of people hack because they love it."
To harness hacking talent, companies (including giants like Amazon, Microsoft and LinkedIn) are offering large cash prizes to white hat hackers who find vulnerabilities in their software.
Ryan Linn is another white hat, working as a security consultant for North Carolina-based Nuix. "I'm too pretty for jail," Mr. Linn joked during an interview at the SecTor security conference in Toronto this week. He performs penetration testing for a living, meaning he hacks into clients' computer systems to expose vulnerabilities before they can be exploited by cybercriminals. "We come in and look at their systems as an attacker would, helping to identify strategic things that get companies to where they're less likely to be compromised."
Now based in August, Tex., Mr. DeFelippi owns a bike-sharing startup – Spokefly. His arrest, he says, was the end of his professional hacking career. He sounds confident that he has found the right path in life, although says he'd consider returning to white hat hacking at some point in the future. On his new venture, he says: "I've never been one to look at my mistakes and think 'Why did I do that?' because you can't change the past. You move on and learn."