Along those same lines, there is an old adage “it takes a thief to catch a thief”. This is not meant to imply that all law enforcement personnel should be ex-criminals. What it means is that in order to trace the steps of a thief and find the clues and evidence needed to catch and convict a thief the law enforcement individual needs to be able to think like a thief. The more they know about the tools and tricks used by thieves and exactly how they work the better they will be at catching a thief.
This is also true in the world of computer and network security. There are those in the industry and in government who would prefer to keep the tricks and tips of the hackers and crackers secret. They feel that to share the knowledge is the equivalent of encouraging new malicious hackers and crackers to try out the techniques for illegal and unethical purposes. They believe that by keeping the tricks and techniques out of the public domain that they are protecting the world at large.
I am more inclined to agree with the side that believes full disclosure of the tricks and techniques offers the best possibility of being able to protect against them or nullify them altogether. The fact that you may not know how to operate a gun will not stop an unethical or immoral person who does know how to use a gun from harming you. Similarly, not knowing how hacker techniques work will not protect you from an unethical or immoral person who does know the tricks and techniques from hacking into your computer system or causing other malicious harm to your network or computer.
What separates the thieves from the detectives and the hackers from the security administrators is ethics, not knowledge. You must know your enemy in order to prepare a proper defense. The whitehat hackers of the world have the same knowledge as the blackhat hackers of the world- they simply choose to use their knowledge for ethical purposes rather than malicious or illegal activities.
Some of the whitehat hackers have gone on to start a business as a security consultant or form companies dedicated to helping other companies protect themselves from the blackhat hackers of the world. Rather than applying their knowledge for illegal activity that may or may not make a quick buck, but most certainly will land them in jail, they choose to apply their knowledge to do what they love to do while making a lot of money doing it- legally.
