Security firm puts notorious hackers on the payroll

A former senior vice president at Compaq has turned up as the chairman of an Internet security company formed partly by a group of renowned hackers.

John Rando, former senior vice president and general manager at Compaq, was one of a raft of executives who fled the company following the ousting of its chief executive Eckhard Pfeiffer in April 1999. Rando is now chairman of the board of Internet security company @stake.

The company, founded by Ted Julian, a former Forrester Research analyst, also includes chief technologist Daniel Geer, one of the creators of the Kerboros authentication system, and vice president of consulting Phil Tams, formerly a senior manager at Cambridge Technology Partners as well as hacker group Lopht or (Heavy Industries) who is best known for telling a US sub-committee that Lopht could bring down the Internet in 30 minutes.

Lopht's leader - who goes by the name of Mudge - will be vice president of research for @stake.

Graham Cluley, senior technology consultant at UK based antivirus company Sophos, commented: "There have been arguments presented that you can be an ethical hacker. I suppose these guys wear whiter hats than other hacker groups like the Cult of the Dead Cow, which wrote Back Orifice."

He added: "These guys need to grow up a bit. Giving themselves false names and being shady about where they live is the sort of thing you might do when you're a teenager. They seem to think they're in some sort of film."

Internet security firm Panda Software said the company launch reopens the controversy over the ethics that motivate hackers and whether or not the knowledge obtained by these groups should be used to develop more effective security tools.

A spokesperson at @stake commented: "It's important to maintain ethical conduct as far as computer security is concerned. Proving your knowledge on security issues can be done by designing good defence systems or through projects and experience in the field."

"Attacking other people's computers casts serious doubts on the trust that can be placed in that person. It does not prove the ability of the hacker or his knowledge, but rather that the system under attack is not as safe as it should be," he said.