Author Misha Glenny discusses the escalating danger of cyber-crime, its impact on civil liberties, and why hackers should be nurtured for their creativity and skills.
Photo Courtesy Deutsche Welle Unternehmen
In late March, the U.S. Department of Homeland Security issued a series of high-alert warnings of cyber attacks aimed at the computer networks of U.S. gas pipeline companies. Earlier this month, the Christian Science Monitor reported that those attacks are under way. The pipeline companies join a growing list of organizations—the Pentagon, Google, Sony, RSA Security, and Symantec, to name just a few—that have fallen victim to cyber-warfare.
Misha Glenny’s DarkMarket, on the rise and fall of a major criminal hacking forum, is one of the few books to take a close look at one of the central figures in the cyber-crime, cyber-security, and cyber-warfare worlds: the hackers themselves. His conclusions—that there is not nearly enough engagement with hackers by governments, companies, and civil society; that many hackers would prefer to deploy their skills in a legitimate setting; and that more work is required to understand the needs and behavior of hackers—are prime examples of the kind of common sense that large organizations and governments tend to avoid. This makes Glenny’s call for governments and other organizations to “hire the hackers”—to employ hackers, who know the cyber world more intimately than anyone—all the more urgent.
Globality is central to much of Glenny’s work. McMafia, published in 2008, dealt with the globalization of the shadow economy and the growing influence and prevalence of international crime networks—from the paramilitary clans of the Balkans to the marijuana growers of British Columbia and hackers in Brazil. Last year’s DarkMarket—born at least in part out of the time Glenny spent in São Paulo and Brasilia—engrosses us in the world of cyber-crime. DarkMarket was recently shortlisted for the 2012 Orwell Prize.
Glenny’s trademark is to delve into the characters of a story–whether it’s the Reverend John having his bank account hacked, former loggers and truckers who have turned to growing marijuana in the absence of other work, teenage hackers getting in over their heads, federal agents, or hardened drug cartel members.
As a teenager, Glenny spent time smuggling books beyond the Iron Curtain. In the early 1990s, he was the BBC’S Central Europe correspondent and wrote books on the history and politics of the Eastern and Southeastern portions of the continent. After the Balkan Wars, he ran an NGO assisting with reconstruction in the region. More recently, DarkMarket and McMafia took him to a dizzying array of locations. He is currently a visiting professor at Columbia University.
Striding into La Maison du Macaron, the 23rd street cafe where we met, Glenny is every bit the mildly disheveled, traveling journalist/academic–tall and in possession of an imposing gaze over his glasses. He is, nevertheless, immediately friendly and just a little frantic–seemingly ready for the next interview, lecture, or research trip. Still, his answers are thoughtful and focused.
–Alex Hall for Guernica
Guernica: What in particular attracted you to the story of the DarkMarket site? Surely there were other similar sites.
Misha Glenny: There were a series of big sites and this was the last of the big sites. The first one was CarderPlanet, then came a variety of others but most successful was the one called Shadowcrew that was brought down in 2004 by the Secret Service. Then DarkMarket competed with another site called CardersMarket and eventually succeeded and became the premier English-language site.
My thoughts were as follows: This is not the only kind of cyber-crime but what you had here was a variety of characters from different parts of the world that represented different aspects of what was going on in cyber. The problem for anyone writing on cyber is that for most people it’s a complete turnoff, so the general public are reluctant to read books about anything to do with computers. To counteract that and also because I’m not a tech specialist—I understand perhaps more than most about computer security but not much more—I decided to concentrate on the people involved. To find out about the networks, their social backgrounds, what abilities these people had, what attracted them to cyber-crime, and what their stories were.
So I wanted to give it as dramatic and as interesting a narrative story as you could, as a way of opening up the world of crime and security on the Internet.
Guernica: You gave a TED talk where you spoke about the Internet as a new environment for the age-old dilemma of security versus freedom. How significant do you think this is or will be in the near future?
Misha Glenny: I think it’s hugely significant. I think that we’re now deep into a struggle for control over the Internet and there are various actors–state, corporate, civic, criminal and military. The great genius of the Internet is its interconnectedness, but this is also what makes it an incredibly difficult problem when things start to go wrong with it and when people exploit for their own purposes.
We’re seeing an attempt by one part of Western organizations to lock down the Internet with support from the state; we’re seeing a rearguard action from parts of civil society, parts of the political spectrum who view this as an assault on their civil rights—that includes groups like Anonymous. One can share some sympathy with the aims of Anonymous, but they’re bound to be constrained because as long as Anonymous are anonymous there’s no accountability to them.
Guernica: It’s a lot of potential power they have.
Misha Glenny: Yeah, a lot of power. And there are governments who are regulating things in different ways and those forms of regulation often don’t square up. So you have a real legislative mess, in the meanwhile various bad people are developing all sorts of tools to exploit the Internet for their own gain and the militaries are beginning to develop some extremely frightening offensive capabilities in cyber. Yet all of this is taking place outside of any international agreement or even framework.
Guernica: There’s a lack of oversight.
Misha Glenny: There’s no oversight at all.
Guernica: How did you go from the Balkans to McMafia to cyber-crime? What was the journey there?
Misha Glenny: Where it became serious, really serious, was almost exactly nine years ago when Serbian President Zoran Djindic was assassinated. Djindic was a friend of mine and he was also someone who was trying to move Serbia forward after the devastation wrought by the Milosevic era; he was treading on quite a lot of toes in doing so. One of the things he did was to introduce the first witness protection program ever passed in southeastern Europe.
He had lined up a major organized crime boss to testify against the most powerful organized crime and paramilitary network in Serbia, which was the Zemun clan—Zemun is part of Belgrade, New Belgrade. The guy who ran it, a guy called Dusan Spasojevic, worked in cahoots with the boss of something called the Special Operations Unit, which was sort of Milosevic’s Praetorian Guard. In 2000 it had betrayed Milosevic, however, and gone over with the opposition. But it was seeking to maintain its power and Djindic was trying to cut it down to size.
The guy who ran the Special Operations Unit (Milorad Ulemek) was nicknamed Legija, meaning Legionnaire, because he was a former member of the French Foreign Legion. After Djindic’s assassination he went on the run and a group of Croat nationalists helped him, so he was a Serb nationalist who had fought against the Croats and now he was being protected by them. So it’s complicated, but the leader of this Croat group was also a former French Foreign Legionnaire and they had worked together.
Guernica: So there was a connection there…
Misha Glenny: Yes. So I started looking at these networks throughout the former Yugoslavia and really began to understand that much of the war had been fought by these criminal networks who were seeking to assert their influence over the new states emerging in the region. I started looking at their contacts—east, west, south, and north—coming to the conclusion that Yugoslavia during the war had become a huge hub for illicit goods and services, coming from all over the world and straining to get into their largest market, which is the European Union. So you had this kind of perfect storm of a credit boom in Europe and the U.S. on the one hand—this massive spending power—along with temporary collapse of state power in Eastern Europe, and also elsewhere new markets and networks were emerging all over the world. So I also started looking at that as a sort of global phenomenon, the globalization of the illicit world as it were, which is what McMafia came out of.
While I was researching McMafia, one of the places I went to was Brazil. I like to be slightly counterintuitive about looking for types of crime in different places and I stumbled across the fact that Brazil was one of the big incubators of computer crime. I met a group of criminal hackers there who basically showed me how everything was done. This was around 2007.
In 2010, you have roughly 38 billion dollars spent by government on cyber and telecoms security and another 60 billion or so by private corporations.
Guernica: And they were simply willing to show you?
Misha Glenny: Yeah, they were. By this time I had developed various techniques for approaching criminals and speaking with them. This included a variety of things but being non-judgmental, for example, is very important.
Guernica: What other techniques were effective?
Misha Glenny: Patience. Finding the right interlocutors. Just explaining to them very openly about what you were doing and why.
Guernica: Openness is the key?
Misha Glenny: Yeah. If you’re trying to fool them in any way or get one over on them, A: they are unlikely to cooperate and B: it’s really quite risky.
Guernica: Some of them are dangerous?
Misha Glenny: Yeah, I mean these guys in Brazil weren’t but some are. Some of the other criminals I interviewed for McMafia were dangerous.
So when I was investigating this I also spoke to a guy from the cyber police in Brasilia and then I spoke to representatives from ISS, which has since been bought by IBM and is a big corporate Internet security firm. While I was in São Paulo, the head of their special investigative unit X-Force, Peter Allor, was there and he explained to me what was going on in the cyber world–partly this sort of arms race between criminals on the one hand and corporates and governments on the other, but also how this was all mixed up with industrial espionage and cyber warfare. It was a strange discussion we had but I realized it was something that one had to understand because it was going to be so influential, and the more that I have gone into it, the more critical it appears to me in so many aspects of our lives. The issue of cyber-security, cyber-crime, and cyber-malfeasance has an impact on a whole range of issues, not the least of which is civil liberties, political activity, and so on and so forth.
Guernica: Is the tendency to focus on high-cost technological solutions rather than getting expert advice from actual hackers part of a new cybersecurity-industrial-complex?
Misha Glenny: Yeah I think there’s no doubt that there’s an element of the military-industrial-complex. In 2010, you have roughly 38 billion dollars spent by government on cyber and telecoms security and another 60 billion or so by private corporations. So approximately 100 billion dollars spent on security, mostly on technological solutions, which the corporates are offering governments in particular; it’s a very high growth area. So everyone is climbing over each other to get the contracts for government procurement on this. There is undoubtedly an element of this and that’s what encourages, in part, the whole idea of locking down the Internet.
Guernica: We know that China and other countries have begun to use hacking as something of a weapon in recent years–there’s a lot of industrial espionage, the recent attack on eighty U.S. law firms, which they think is linked to China etc. Is it a whole new branch of warfare?
Misha Glenny: Well, the attack on the law firms and attacks like that are industrial espionage, searching for copyrighted materials to lift and so on; it’s not quite the same as cyber-warfare. They are regarded as related. The Chinese are trying to steal an economic march on the West, which is a consequence of the fact that we outsourced all of our manufacturing to China in the 1990s.
Guernica: How widespread is this kind of cyber-led industrial espionage? Can we know?
Misha Glenny: The sort of sweeping parochial espionage and attempts to extract information from all sorts of institutions are well documented, but I think in this context there’s a danger of oversimplifying and seeing that sector of cyber as a one-way street.
I would not use the word “censorship.” What I would say is “state control.”
The U.S. has the most advanced cyber-weaponry on the planet, and the other thing is that if you look at the U.S. from the perspective of the Chinese People’s Liberation Army, which runs most of its cyber activities, they look at you and they see Google and Facebook—the two largest depositories of personal data in the world—and they see the reach of the National Security Agency, which has huge digital capacity to know what is going on around the world. So the Chinese would see cyber as an un-level playing field, because the U.S. holds all sorts of advantages and because it’s behind in creative industries and technical capacity.
Guernica: The capabilities and extent of U.S. operations are more advanced then?
Misha Glenny: Yeah, they are. There’s no doubt about it. Another problem with cyber is that it lends itself to preemptive action. Your assets in cyber-warfare are your opponents’ vulnerabilities, therefore in order to quantify your assets you have to be able to ascertain how vulnerable your opponents are and that involves pre-emptive exploration of your opponents’ networks. So in that sense it lends itself to some pretty nasty stuff.
Guernica: I wanted to talk about Stuxnet–which made a big impact and from where I was sitting seemed like a turning point. How much of a turning point was it really?
Misha Glenny: I think it is a big turning point for political reasons rather than technical ones. Whoever did it, and it was probably the Israelis, with or without U.S. support, but I would say without support. There’s a minority body of opinion that believes the Chinese were responsible, but really this isn’t what’s interesting. What’s interesting is that somebody put a lot of money into developing this weapon with the very specific target of Iranian enrichment facilities, but not only did they develop it, they deployed it. And that deployment is the significant thing because it was the starting gun of the race. As soon as people saw that this stuff was now out there and being put to use, it encouraged everyone to start or accelerate their own programs. That’s where we start to get this free-for-all because it takes place outside of any framework or treaty.
Guernica: No rules of engagement…
Misha Glenny: No rules of engagement… other than a sort of general deterrent, which acts on China and the U.S. and to some extent Russia because they are all mutually dependent economically. Especially China and the U.S.
Guernica: But if you don’t know who has attacked you…
Misha Glenny: Exactly. The anonymity issue is a big question. As long as people can disguise attacks and as long as there is a sort of question mark over who is responsible, then the problem will continue to exist. And of course what happens in response to that is that there is a move to try and refashion the Internet so that anonymity is impossible, which of course leads to fears among all sorts of groups—civil rights groups, NGOs, and political parties—that the Internet is going to be used simply as a method of control. So these are very sensitive issues.
Guernica: Stuxnet could have potentially resulted in a nuclear accident, correct?
Misha Glenny: Yes.
Guernica: Other cyber attacks are capable of destabilizing electricity grids, for example. Do we have any indication of how likely this sort of thing is?
Misha Glenny: I think at the moment it is unlikely. It is going to become more likely if these tools continue to be developed outside of any international agreement. So it’s possible. One of the other difficulties with this is the speed of innovation–six or seven years ago, no one had heard of Facebook. Now it’s this ferociously large company. It’s notoriously difficult to anticipate how the Internet and computer-related technologies are going to develop.
Guernica: Given our dependency on technology and the Internet, of which you have spoken negatively, how concerned should we be?
Misha Glenny: Well it’s swings and roundabouts. It’s great that the Internet can enhance and speed up our communications and that computers can do all the things they do. It’s fabulous. At the same time, it changes our priorities. For example, before I would always remember people’s telephone numbers and now I don’t know anyone’s number. So what happens if computer systems go down but you still have landlines? Well, I couldn’t call anyone because I don’t know anyone’s number.
Priorities get shifted around and it also means we have a lack of resilience, i.e. if there is an event for whatever reason, which interferes with the Internet or network communications, are we able to deal with it? It seems like our dependency on these systems is so great that the room for maneuver as it were is very small. So that is problematic.
Last year for example, Blackberry’s servers went down a couple of times.
Guernica: And everyone went crazy…
Misha Glenny: They went crazy. And that was only for a few hours and it was a matter of not being able to check their emails. There’s a psychological dependency, which is very real but also irrational. Why can’t you go for six, seven hours without checking your emails?
Guernica: I feel like we will probably adapt though, after a while.
Misha Glenny: Yeah, well what we know from the Blackberry incident is that in the first place, we don’t adapt. But what I have noticed on those occasions where I’ve left my mobile phone at home and gone abroad is that for the first two or three days I’m in a state of complete panic. Then after three days I get used to it and begin to revel in the fact that I’m no longer so dependent on this fucking machine. Then I can just relax, and the world doesn’t fall apart.
So it’s a matter of teaching oneself resilience. Then there are things like the food distribution networks, which are completely dependent on computers. If they go down, goods don’t get delivered and food runs out very quickly.
I think the U.S. has only itself to blame for the leaking of that material because so many people had access to it. Someone was bound to leak it; the more astonishing thing is that it didn’t happen beforehand.
Guernica: Which is obviously a lot more serious. I’d like to get your take on one of the other big Internet battles of our time–that of Big Content versus piracy. Is that just another manifestation of this security-freedom debate in the media?
Misha Glenny: Yeah, it’s all related. The Internet obviously changes things; we’ve seen that in the music industry above all else. As an author, I’m now having to deal with the fact that it’s happening in the publishing industry as well. And publishing is going through a very difficult time. Some view it as positive, some negative, but nobody really knows how to deal with it. If you’re an author it looks very challenging because your work can be pirated so easily and there’s very little you can do about it.
At the same time you have a generation growing up for whom everything that is digital is free and they have never known otherwise and assume that this is what it should be. They’re also quite good at fighting for those privileges.
Guernica: We’ve kind of seen that with SOPA. The journalist Clay Shirky gave a talk in which he said that an act like SOPA is just the tip of the iceberg when it comes to attempts to restrict the Web, and that this is really just the latest step in the history of censorship. What do you think about that?
Misha Glenny: I would not use the word “censorship.” What I would say is “state control.” One of the things that I’ve noticed is that the legislation is becoming ever more draconian but attempts to enforce copyright law have proven more difficult than other things. So for example, Peter Mandelson introduced the “three strikes and you’re out” rule as law in the UK and an entire generation just stuck two fingers up. Nobody paid any attention to that whatsoever.
Then with the issue of Megaupload, it looks as if the empire is striking back on this one. I’m ambivalent with this because I can’t continue to ply my trade if every copyright is always violated. I just can’t afford to. So I won’t write any more McMafias or DarkMarkets, unless there’s some way of making it financially viable.
It’s certainly an issue. Particularly if your economies, having divested themselves of the manufacturing base, are significantly dependent on the service and creative industries. It’s a tricky one and I don’t have an answer. But are there aspects of the attempt by states to monitor and regulate what’s going on the Internet that I find disturbing? Absolutely.
Guernica: An issue directly related to all of this that I wanted to get your view on is that of whistleblowers, WikiLeaks, and that kind of area. How does, say, the Bradley Manning case connect and compare to the case of hackers and cyber-crime more generally?
Misha Glenny: Well it’s a different issue. He’s not done it for financial gain. He’s a vulnerable, fragile young man, so I have some sympathy merely for that reason with his plight and I think the U.S. has only itself to blame for the leaking of that material because so many people had access to it. Someone was bound to leak it; the more astonishing thing is that it didn’t happen beforehand.
Clearly there are some things about WikiLeaks… the material is in part very interesting although none of it is a real game-changer. I think if I was an American I’d be rather proud that American diplomats are quite assiduous in the way that they chronicle issues. Of course the impact has been that the whole culture of sharing is going down the tube.
Guernica: Coming back to DarkMarket and McMafia, you tend to focus on the people and their stories within these broader issues. For instance beginning DarkMarket with the Reverend’s credit cards being hacked. Do you feel that bringing these human stories are a significant part of your work in their own right? Or is this a way of illuminating the wider topics? Or is it both?
Misha Glenny: Well, there is an easy answer to that, which is slightly simple, but it’s that if you don’t write human stories then people won’t read the book. The way that you get into these subjects, which is sometimes complicated, is to do it through characters that people can relate to pure and simple. So you can understand the narrative on a number of levels, however you want to understand it. You can understand it as a simple story and then you can understand it as a reflection of how people are adapting or not adapting to changing technological circumstances. Each character has his own sort of moral narrative.
What was important to me about the Reverend John was actually less to do with the cyber-crime stuff but more to do with his journey from India through South Africa to Bradford and the really quite intense challenges that he had overcome dealing with extremely divided communities. Then he’s confronted by this almost arbitrary event–arbitrary because he’s not targeted as a victim. He’s an arbitrary victim and it really floors him. He’s a very admirable person who is suddenly cast into a situation which he can barely grasp, other than that it isn’t a good thing. There was an inherent drama in that, I felt.
It’s very interesting because it was quite straightforward. When I was confronted with writing DarkMarket and decided to write about cyber-crime, I realized that it’s an intrinsically boring subject–how do you get over that boredom? I think one of the reasons the book was long-listed for the Orwell Prize is because it explains to people who are intrigued by cyber in theory but don’t understand it in practice, you know, those stories are a way of gently introducing people to what this is all about.
Guernica: DarkMarket reads in some ways like a thriller. I wonder if that’s deliberate?
Misha Glenny: Totally deliberate. Interestingly enough, my publishers really liked McMafia and I wouldn’t have written it in any other way but one of my editors suggested to me next time why don’t you try and keep the narrative to fewer stories and try to have a single overarching theme. To an extent it was an experiment on my part. It wasn’t wholly successful, but that’s not because I necessarily wrote it badly, which I might have done but that’s not for me to judge. It’s because when you’re researching things that have happened, the clear narrative arc is not there already. This is the problem of writing nonfiction for me—writing nonfiction which is about serious subjects and has serious political and social points to make, yet which is meant to be popular to a degree—what happens when the facts don’t fit a convenient narrative arc? I guess that for a lot of nonfiction writers that is a central challenge.
Au contraire:, Anonymous seems to me as lively and busy as ever…
Guernica: Speaking of the complexity of these issues, when you spoke at TED you pointed out that complexity and the significance of the issues too. Yet you also note that no-one really talks to the central figures—hackers—why do you think this is?
Misha Glenny: What has happened is that we have seen a shift in the past twenty years in the very concept of hacking. So hacking twenty years ago was a neutral, positive concept. Somebody who was a hacker was someone with advanced computer skills, which could expose vulnerabilities and could explain why systems worked well or worked badly and they were generally regarded as an asset. Over the past twenty years, a combination of media and law enforcement has changed the perception of the concept so that it has almost always, if not invariably, a pejorative sense attached.
Also it has become devalued as a word because it’s used for all manner of things which have nothing to do with hacking. So for example if we look at the News International situation, that’s referred to habitually everywhere as the “phone hacking scandal” but it has nothing to with hacking. There was no hacking involved. It was PIs buying pin numbers from service providers and the police and then accessing voicemail accounts with the information. That is not hacking. Hacking is when you go in and digitally circumvent any security measures. So we’re not talking about hacking, but it’s the “phone hacking scandal” and the word “hacker” is seen as a very bad thing. Of course there are ethical hackers, there are grey hat hackers, and black hat hackers. The point is that these people understand the digital world in certain respects that most of us can’t, and they should be seen as potential assets to society just as much as they are seen as potential threats to society. The more you demonize them as threats per se, the more you drive them underground–and also hackers develop their skills when they’re young, and they are experimenting as teenagers just as they experiment with relationships and narcotics. They’re finding out about the world and to criminalize them solely is to lose their skills.
Guernica: Reading your work, many hackers seem largely sympathetic characters. I’m thinking of Matrix001, Detlef Hartmann. He did some very questionable things but wasn’t he ultimately just a kid in over his head?
Misha Glenny: He’s a classic example, Matrix, because he really was young when he was doing this stuff and he was just doing it for a laugh and he didn’t understand the implications. His descent into criminality is one that you can see is really about a young boy who had not been hugely successful in the outside world being excited by the possibilities of this and at first he really doesn’t understand what the implications of some of the things he’s learning to do are. You know, as it happens the way things turned out with Matrix was good. He got the shock of his life in being on remand in Stammheim prison and this was quite enough to make him rethink what he was doing and he has been able to reconstruct a life as a consequence by studying. One of the reasons why he did so well with DarkMarket was that he was an amazingly talented graphic designer so he was the go-to-guy for card design, and he’s now becoming a very skilled graphic designer in the legitimate arena and he will do well.
Had he been convicted of what the prosecution wanted, which was criminal conspiracy, he could have gotten four to five years in jail and that would have benefitted nobody. It certainly wouldn’t have benefitted society. Particularly since, and this is a bugbear of mine, we don’t have any system of rehabilitation for people who have been involved in cyber-crime. The criminal justice system–although this applies less to the U.S., where rehabilitation is not seen as a valuable contribution to criminal justice–in Europe where rehab is supposed to be integral, we have no way of rehabilitating skilled hackers. On the contrary what we do is we demonize them and continue to do so after they come out of jail because we restrict their access to computers by law. Crazy world, crazy people.
Guernica: You highlight the Hackers Profiling Project as probably the only, certainly the major source of research on hackers as human beings. Why so little engagement?
Misha Glenny: There are one or two others working on this in very disparate and uncoordinated ways but very few. It’s because I don’t think anyone has so far found a way of monetizing this, and I know this because of conversations with some of the big security firms where I have suggested to them “why don’t you think about funding programs for research into hackers,” and they say “where will that benefit us?” Their strategy is to sell big to governments and corporations; they don’t need in that sense to really understand what’s going on. They just need to sell products. This makes them rather different to credit card companies who actually are interested in understanding what hackers are up to and the way criminal markets are moving.
Ask any eighth grader, and they’ll tell you who the right people are. Just take an interest in them. It’s not a question of profiling and I wouldn’t want the state to become involved.
Guernica: There was a big breach of credit cards recently…
Misha Glenny: There was a very big breach, very recently right here in New York. Global Payments Inc. I’m doing a bit of research into that at the moment. What it goes to show you is that there is a readiness among people to say “Everything is over.” So for example after the bust of Sabu and the revelation that Sabu was working for the feds, everyone said “Anonymous is over.” Au contraire: Anonymous seems to me as lively and busy as ever, and the same thing was said when DarkMarket came down, people thought that would be the end of the markets but a very big market, CarderPro, was taken down just a couple of months ago. They were still up and running, run through Russia, and they were trading a lot of credit cards particularly American cards, which is the favored trade at the moment. Then there was this individual breach at Global Payments Inc. which was as far as one knows a Central American gang who targeted this company very carefully. This involved a lot of hard work and so things develop in different ways, but the idea that things will be all of a sudden be sorted out simply isn’t true.
Guernica: By the end of the book you are suggesting that we try to identify potential hackers at a young age and nurture their skills and provide ethical guidance. Would that involve profiling? How would we do it?
Misha Glenny: Ask any eighth grader, and they’ll tell you who the right people are. Just take an interest in them. It’s not a question of profiling and I wouldn’t want the state to become involved. I suggest rather that you get NGOs and non-profit organizations to engage in this, which is something that I would like to explore myself, in terms of developing. There are some people already doing this.
Guernica: Well that’s very positive…
Misha Glenny: Yeah, it is and I think you’re going to see more of them. Because what you’re going to get as this next generation grows up is more hacking skills and this is spreading geographically also—Africa is about to come on the scene, South and Central America are going to be major sources of hackers. These people have got to be engaged with.
Guernica: You say that in your experience most hackers want to deploy their skills in a legitimate setting.
Misha Glenny: A lot of them do, yes.
Guernica: Do you think the NGO route is the way to do that? Are there other ways we could encourage it?
Misha Glenny: At the moment that’s the only thing that I can think of, if I think of something else you’ll be the first to know! But this is a way of doing it. Really what they want to be able to do is to demonstrate to somebody, sometimes their peers but sometimes others, that they have these skills that are of value. The context within which they accrue value is the environment in which they work, and if we can create environments where they can accrue value that are also beneficial to wider society then I think that would be a tremendous thing.