Skip to main content

Young man in black cowboy hat.

Maria Pavlova/iStockphoto

Dan DeFelippi is a reformed black hat hacker. A decade ago, in December, 2004, the skilled hacker was arrested for various felonies, including phishing, credit card fraud and identity theft. He agreed to pay restitution and spent the following two years working for the U.S. Secret Service to infiltrate the underground world of online criminal activity.

Now solidly on the white hat side, Mr. DeFelippi uses his knowledge of hacking to do consulting, give talks and stays in touch with the hacker community. He does acknowledge, however: "The incentives on the black hat hacking side tend to be stronger than the incentives on the white hat side."

As credit card fraud becomes unavoidable, the best defence, say security experts, is hiring people who can think like criminals. This mantra has become so widespread that it has been adopted by private firms offering training to become a "Certified Ethical Hacker" – or "white hats," as they are often called, as opposed to "black hats" who engage in harmful hacking. Attendance at annual hacker conferences Black Hat and DEF CON is soaring.

Story continues below advertisement

In addition to experience in information technology, successful white hat hackers have an innate sense of curiosity and the desire to continuously learn new things, Mr. DeFelippi said in a phone interview. "A lot of people hack because they love it."

To harness hacking talent, companies (including giants like Amazon, Microsoft and LinkedIn) are offering large cash prizes to white hat hackers who find vulnerabilities in their software.

Ryan Linn is another white hat, working as a security consultant for North Carolina-based Nuix. "I'm too pretty for jail," Mr. Linn joked during an interview at the SecTor security conference in Toronto this week. He performs penetration testing for a living, meaning he hacks into clients' computer systems to expose vulnerabilities before they can be exploited by cybercriminals. "We come in and look at their systems as an attacker would, helping to identify strategic things that get companies to where they're less likely to be compromised."

Now based in August, Tex., Mr. DeFelippi owns a bike-sharing startup – Spokefly. His arrest, he says, was the end of his professional hacking career. He sounds confident that he has found the right path in life, although says he'd consider returning to white hat hacking at some point in the future. On his new venture, he says: "I've never been one to look at my mistakes and think 'Why did I do that?' because you can't change the past. You move on and learn."

Report an error Editorial code of conduct
Tickers mentioned in this story
Unchecking box will stop auto data updates
Comments

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

If your comment doesn't appear immediately it has been sent to a member of our moderation team for review

Read our community guidelines here

Discussion loading ...

Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.