Premium Issue: Government Collaboration With Black Hat Computer Hackers
Have you ever wondered if the government collaborates with computer hackers that they arrest? Have a read of this blog post, which reflects my own personal experience.
Does the government work with convicted computer hackers?
This question comes up every now and then because of my background.
It's not that far-fetched, and I can understand why people would be curious.
The answer to this topic is a bit complicated and subjective, so I'll do my best to answer it as accurately as possible.
There have been 3 instances where I've come close to "working with the government":
While reporting vulnerabilities in government websites on police bail
Just before my sentencing, during the "mitigation" process
While in prison, with safer custody visits from the police
I say "come close" because none of these arrangements really worked out in the end.
Responsible Disclosure
Between 2016 and 2019 I reported a ton of web-application vulnerabilities in government websites. You can view an extensive list of these on my Open Bug Bounty profile.
I had vulnerabilities in almost every website belonging to the UK government. After submitting quite a few, I was given a direct contact in the NCSC and told to forward my reports to a point of contact.
While doing so, I inquired about enrolling in a cyber intervention program for teenagers. We had a good conversation on the phone, but I was told that it was only suitable for individuals who had not yet gotten involved in cybercrime.
As a result of the reports, I received several letters of acknowledgement thanking me for following the responsible disclosure process.
The NCSC was great to deal with, and the people there were lovely. However, it felt like they couldn't do much for me because Scotland Yard was leading the police investigation and they didn't want to get involved.
I was told that if it had been the National Crime Agency (NCA), it would have been different because they're not exactly a police force, but rather an agency.
Mitigation Process
When you are charged with an offence, or several offences in the UK, it’s quite rare that you actually plead guilty to the crimes you committed. Especially in highly complex cases, involving a lot of paperwork.
What typically happens is that two barristers get together in a crown court and work out the complexities of the charges based on the evidence in order to avoid a trial.