Wanted by Denmark’s intelligence service: talented hackers capable of cracking complicated cyber security systems.
Not for arrest, that is. For hire.
The need for cyber security experts in Denmark is so urgent that the country’s official spy agency, the Danish Defense Intelligence Service (DDIS), is creating a training academy for hackers.
Denmark has had to fend off several high-profile cyber attacks recently. The Danish foreign ministry was targeted by a seven-month long phishing attack last year, according to the Danish Center for Cyber Security, a DDIS unit, while the Danish parliament’s website was hit by so many DDoS attacks it crashed (Danish) in December. Between 2014 and 2015, a Danish IT hosting company and one of its clients were also the target of cyber espionage, according to a recent DDIS report (pdf, Danish, p. 3).
In March, the country’s intelligence service placed full-page ads in newspapers and online in a bid to attract the right talent to counter these challenges. “Do you have what it takes to become a member of a secret elite force?” the ad inquires, listing requirements like well-developed programming abilities, math and logical intelligence, and a clean criminal record. The goal of the program is to educate hackers to boost local cyber security, fend off attacks, and possibly even hack into the systems of attackers. Academy recruits will work on defensive as well as offensive hacker techniques during their four-and-a-half months at the academy, starting in August; some will be offered full-time jobs at the end.
“We are looking for people who have the core competencies that we can develop further,” says Lars Findsen, the head of the intelligence service. “They don’t need formal education or qualifications. They can be natural hacker talents. More than anything they need to keep going until they have cracked the codes. There are no limitations.”
Except one: The agency is also looking for people with “a high degree of personal integrity,” Findsen says, “because they will be handling secrets and sensitive information.”
The hackers will also be trained in counterintelligence, with a focus on breaking encrypted communications and hacking the networks of terrorists trying to enter Denmark—a task that has taken on renewed urgency in light of the attacks in Paris and Brussels.
“They are especially looking for people who can attack hostile networks,” said Jesper Lund, chairman of IT-Political Association, a digital-rights NGO. “The people who can do this are out there. But the question is whether they wish to work for the Danish state.”
Findsen believes hackers will be attracted by the chance to use methods that might be illegal if they weren’t part of a government-sanctioned program. “When you have these unique talents, you want to use them and you have very special opportunities in our environment.”
Denmark has advertised for hackers in the past, and other countries targeted by cyber attacks have also hired them, including the US and the UK. But the “hacker academy” is an expression of a more focused, aggressive effort on the part of the Danes.
“Denmark is waking up now because there are many, many threats out there,” says Carsten Schürmann, associate professor at the IT University of Copenhagen. “It’s a military arms race and hackers are the new weapon.”