The UK government is open to recruiting convicted hackers into its cyber reserve force but they could struggle to convince these people to join.

Philip Hammond is Like Lee Marvin
Philip Hammond, UK Defence secretary (left) like Lee Marvin in The Dirty Dozen is looking to recruit convicted criminals. (Reuters)

I doubt that defence secretary Philip Hammond is regularly compared to Lee Marvin. But, by confirming he is willing to consider convicted hackers joining his newly-announced cyber security force, Hammond opened himself up to obvious comparisons to one of Lee Marvin's most iconic characters - the irascible Major John Reisman from the 1967 film The Dirty Dozen.

In Robert Aldrich's World War 2 film, Reisman is given the job of taking a group of 12 convicted criminals and turning them into a commando squad to be sent on a special mission - an airborne infiltration and assault on a chateau in Brittany.

Mirroring Lee Marvin's task, Hammond is now looking to recruit a group of computer experts to help protect the UK from attack and crucially to help develop cyber weapons which the UK can use to strike it enemies.

However, while Marvin had the carrot of commuted sentences with which to tempt the likes of Donald Sutherland, Ernest Borgnine, Charles Bronson and Telly Savalas, Hammond is not in the same position.

In demand

Convicted hackers have a skill set which is in high demand at the moment. Security companies, large corporations and of course cyber-criminals are all on the lookout for talented hackers and it is unlikely the government will be able to offer the same financial incentives as those other options.

Lamar Bailey, director of cyber security research at security company Tripwire said: "Finding good quality security researchers and security professionals has always been a problem. Many companies use a less strict standard when filling these roles because of the overall shortage they may take someone who knows the craft but not have a spotless past.

"The market for these resources is very tight between competing companies and the black market so companies are forced to offer higher wages, extra perks, or consider someone that might have had issues in the past so it is not unusual to see governments doing the same."

Snowden effect

Hammond and his colleagues also face another problem. In the wake of the revelations surrounding mass governmental surveillance which have emerged in the past four months, some hackers could find it difficult to reconcile working for the so-called "good guys."

Mustafa al-Bassam is one of the hackers which Hammond could be looking to recruit. Known online as Tflow, al-Bassam was a member of the infamous LulzSec offshoot of Anonymous and was earlier this year convicted of hacking and launching cyber-attacks against organisations including the CIA and Soca.

Al-Bassam is now studying computer science and when asked if he would be interested in using his skills protect his country from cyber-attacks, he told BBC's Newsnight programme:

"For me that would be in poor taste. I can understand the need for the government to protect itself but when you go ahead and stomp on everyone's civil liberties as we have seen with all the mass surveillance stories that have broken out over the past year, I think you can rest assured you are going to repel talented people."

Black-hat hackers

Edward Snowden was the intelligence contractor working for the National Security Agency (NSA) who used his privileged access to highly sensitive information to make public the actions of his and other governments which he found to be unpalatable.

One of al-Bassam's LulzSec colleagues, Jake Davis (aka Topiary) who was also convicted of hacking in May, says the UK government needs to be worried about a repeat of Snowden's situation if they do hire former black-hat hackers:

"If you are a black-hat hacker you obviously have some sort of ideology, some sort of inset belief and the people [who are recruiting for the cyber reservist force] are afraid of that, because of another Snowden situation. It's ironic because it would be highly beneficial to recruit hackers, especially at a corporate level, but they are just scared to do it."

Why not?

Lieutenant Colonel Michael White, who will oversee command of the cyber reservist unit says they will assess "individuals in the round as they apply" and they are looking "at the capability development rather than setting hard and fast rules about personality traits."

When asked if someone with a criminal record for hacking would be ruled out, Lt Col White said: "I think if they could get through that security process then if they have that capability that we would like [and] the vetting authority was happy with that, then why not."

Security experts have been long advocating their clients to think like hackers in order to help protect themselves as allows them to see where systems are most vulnerable.

Case-by-case basis

Philip Hammond, defence secretary, pointed out that as a general rule, the UK armed forces do not automatically prohibit convicted criminals from joining, assessing each candidate on a case-by-case basis.

"The conviction would be examined in terms of how long ago it was, how serious it was, what sort of sentence had followed, so I can't rule it out."

Dwayne Melancon, CTO of Tripwire believes any hackers who are recruited will have to be monitored closely:

"This sounds like something straight out of Hollywood. It makes sense that these individuals may have the skills needed to help in cyber defence, but it will be key to follow a 'trust but verify' model in which they are supervised closely to mitigate the risk that they will do something criminal or disruptive."