Chinese Worm Creator Gets High-Paying Job Offer In Prison

martinsslaves writes "The recently imprisoned creator of China's worst computer virus ever (worm.whboy) has now been offered a job paying millions of yuan from his prison cell. He's actually been offered several, and one of the companies that has offered him the position of Technology Director was actually affected by his virus. The General Manager there now believes the virus writer may have just been 'led astray'. The media is reporting that author Li Jun originally wrote the virus due to frustrations over being jobless. 'So far, about 10 network companies across the country have offered jobs to Li, whom they regarded was a "precious genius," the report said citing Li's lawyer Wang Wanxiong. Li's cyber bug, which earned him about 145,000 yuan after selling it to other hackers from December 2006 to February this year, can prevent infected computers from operating anti-virus software and all programs using the "exe" suffix.'"

This used to happen in the US

[kill-9-0]

In the 80's if you got caught hacking, you might get some jail time, and get your gear confiscated, but often you were also offered a job.

Re:

[Opportunist]

Not only in the US. There've been others who were found and offered the choice of jailtime or working for the company.

I wonder how many look back and wish they'd have taken jail...

Re:

[Creepy]

Not just companies - the FBI. One of the first major pirate groups busted in the United States had members that worked for the feds in lieu of jail time or juvenile hall (the Super Pirates of Minneapolis [SPM]).

As a kid I went to church with an FBI computer crime guy (and his kid) and knew a good chunk of the group that replaced the SPM - a group called the Midwest Pirates Guild - from school friends and hanging out on BBS's, so I heard a lot of info from both sides. It was kinda weird kn

Re:

[greginnj]

Another way to interpret this is that China is catching up to us. It is another sign of the victory of capitalism, even in the labor market -- his skills are in demand, so job offers from Chinese companies are coming in; it doesn't matter that he's in prison. He's the Frank Abagnale ("Catch Me If You Can") of China.

Re:

[superpulpsicle]

Isn't Shanghaidaily a communist propaganda source? People are biting the commi-bait bragging about how China is all caught up. How about them journalists in prison. No companies dare to hire them.

Oh god... I predict "resume spam" soon

[erroneus]

The more people like this get tremendous job offers, the worse I see things getting since they are ultimately being rewarded for their behavior.

To that end, instead of "stocks" in images and PDFs, I predict the next round will be resumes flying around!

Re:

[Virgil Tibbs]

It's true...
All these stories of ex-'hackers' getting highly paid jobs for multi-national corporations as security advisors is bordering between fiction and fairy tales.
It doesn't work like that; it only happens to Kevin Mitnick and (IN)FAMOUS hackers...
it wouldn't happen to you....

perhaps I'm wrong though.....?

Re:

[bladesjester]

perhaps I'm wrong though.....?

You're wrong. I knew someone in the early 90's that finally got caught hacking into the systems of a security company after a decent amount of playing cat and mouse. They gave him two choices - work for us (at quite a nice salary) or sit in a cell.

Needless to say, he chose the job.

Re:Oh god... I predict "resume spam" soon

[scubamage]

Are you kidding? This is HOW security comes into being. If no one compromises security, exploits holes, and shows people the errors that exist they will never get patched. That is why black, white, and gray hats exist. Its like yin and yang. Devs write something, black hats find holes, and the white hats fix it. If they can do it all in house, everyone is better off. Whose the one really to blame, the company who writes the shoddy software with gaping holes in it, or the guy who walks in through those holes?

Re:

[speaker of the truth]

I dunno. Let's ask victims of lock-picking burglars?

Re:Oh god... I predict "resume spam" soon

[Jarjarthejedi]

Better yet let's be a little more specific. Let's ask victims of lock-picking burglars who were caught (the burglars) if that burglar should be offered a job making sure that other, uncaught, burglars can't pick the locks of that company any more?

I'd feel a lot safer if a burglar who was extremely good at lock picking was unable to pick the locks I was using. Same goes for security, if you have someone who is a professional hacker trying to penetrate your system you're going to find problems a lot faster than if you just have another White Hat, whose more concerned with patching holes than finding them, looking around.

Re:

[pimpimpim]

I'll keep hammering on this, but this is why the recent anti-"hacking" law [slashdot.org] in Germany is one of the stupidest political ideas concerning IT ever to come to reality. It also shows a total neglect of the international state of the internet. By stopping "hacking" for Germans, the German IT systems just become less secure for the rest of the world. It's like an open invitation to break into our bank accounts and company networks. Swell! Not!

Re:

[Unkyjar]

Actually a similar idea was turned into a Reality TV show for Discovery Channel called "It takes a Thief" where former burglers would be invited to break into people's homes and buisnesses and later would offer advice on how to better protect those places from buglaries. http://en.wikipedia.org/wiki/It_Takes_a_Thief_(2005_TV_series) [wikipedia.org]

Burglars and ethics

[jesterzog]

Better yet let's be a little more specific. Let's ask victims of lock-picking burglars who were caught (the burglars) if that burglar should be offered a job making sure that other, uncaught, burglars can't pick the locks of that company any more?

Perhaps I'm different from you, but I'd feel much better knowing that a convicted lock-picking burglar had nothing to do with the design or manufacturing process of a lock that was on my house.

Once they burgle someone, they demonstrate beyond any doubt that thei

Re:

[PitaBred]

I'd have no problem with them acting in an advisory role, saying "Yeah, it's a bad idea to let the back door there unlocked" or whatever. Same kind of thing.

Re:

[Jarjarthejedi]

I never said they should design the security, just test it. I don't believe that a convicted burglar should be building locks, I'd feel a lot safer if the company that made locks had one on the payroll who got paid for discovering vulnerabilities in their locks. If things are handled right, and the correct burglar is chosen (don't go for the guy who stole for fun, get the guy who stole because he had to) then there's no reason for them to go back to their old profession.

The Black Hat shouldn't be able to ch

Re:

[ArcticCelt]

>(don't go for the guy who stole for fun, get the guy who stole because he had to) I don't see many cases where the black hat had to hack except maybe in that sad excuse for a movie called "Swordfish" when the main dude has a gun on is head and a head on his gun.

Re:

[sholden]

And lawyers.

Re:

[MindStalker]

It depends. If you go around picking random peoples locks you might get in a bit of trouble. If you go around picking random peoples locks and stealing their shit, expect to get in a lot of trouble.

Re:

[Nos.]

Its a little more complicated than you make it out to be. "Black hats" should never be offered a job by a company that gives a damn about its reputation. You don't reward people for committing crimes. Secondly, you don't have to be a black hat to look for security holes, and you don't have to look for security holes in other peoples' things.

Re:

[scubamage]

I agree, I screwed up the nomenclature a little bit. Either way, someone who comes up with a creative hack should be rewarded for it. By exploiting the hole, he increased security. In the short term he cost people money. In the long run he most likely saved them money. The guy is serving his time in a Chinese prison which is no cakewalk. I am of the opinion that someone who has served their time has served their time. Maybe I'm too optimistic about human nature. The fact is, he came up with a nice hack, and

Re:

[Nos.]

Sure he came up with a nice hack. The fact that he sold that hack to people he obviously knew were going to do bad things with it is what concerns me. I work in IT security. My job requires a criminal record check. If I was looking for new people, and saw that one of my applicants did something like this, his resume immediately goes to recycling. He may be brilliant, but I can't trust him. And when you're talking about your IT security staff, if you can't trust them, you're in a lot of trouble.

Re:

[db32]

Right... So by that logic it makes sense to hire a rapist to protect your daughter from other rapists right? Hire a criminal to protect against the criminal. I think I would rather pay someone who isn't a rapist for that job.

Devs write something, black hats find holes do lots of damage and make some profit, white hats have to find the black hats using the holes and then fix it. Seems to make more sense to fix the problem at the Devs rather than hiring known criminals. This whole white hat black hat c

Re:

[somersault]

The skills required for rape aren't exactly in high demand..

Re:

[db32]

The skills required for catching or preventing rapists is in high demand. The argument goes that you should hire people who can commit the crime to protect against it. Only a serial rapist would know the details of the how and why of target selection and other important factors involved it commiting the crime. Now when you start hiring serial rapists for high paying jobs to try and catch other rapists, do you think maybe the number of rapes would go up as people try and land a high paying job? It is a d

Re:

[somersault]

Yeah because it's really hard to work out who is more likely to be a potential victim for assault :/ Most people know that it will depend on your body language, and you would be better travelling with someone else, in well lit/'better' areas, etc.. you could probably just get advice from muggers/thieves rather than actual rapists..

Re:

[db32]

And that information is no different than saying things like don't run unneeded services, use a firewall, don't click on unknown programs, and so on. We already have plenty of general security advice that covers most of the bases without needing to hire criminals.

Re:

[somersault]

Well that works if all software is perfect, but not if there are holes. I wouldn't say we need to hire criminals, but 'white hat' type hackers have their benefits too. This guy wasn't very white though..

I've occasionally wanted to learn more in-depth about security threats and how to compromise systems in order to be better protected against such threats, but obviously not to create a worm or virus (unless it was to patch up systems - vigilante law ftw!)

Re:

[db32]

I think the whole white/black hat concept is dumb. Criminal, not criminal. The whole hat nonsense tries to sugar coat the fact that they are criminals. Look if I own the systems I can code and exploit till the cows come home and there is nothing illegal or unethical about it. Even worm/virus for vigilante reasons should land your ass in a dark cell somewhere. Congratulations your vigilante worm has attempted to patch a computer monitoring a group of heart monitors in the hospital...too bad the exploit

Re:

[somersault]

Exactly, 'whitehats' aren't the sort that exploit public systems though, they would be the ones who do testing at home as you say and let companies know faults. That was my impression anyway. At this point in time I have no intention of learning to crack systems and become a vigilante anyway, but I think your example is going a bit overboard. Why would those systems even be connected to the net anyway? And how would disrupting a monitor kill someone? Why the heck is a hospital using Windows PCs to monitor p

Re:

[db32]

No, security professionals do the stuff at home. White hats is just another silly term to justify other colored hat hackers and try to legitimize silly buzzwords. But that is a terminology issue not so much the real issue at hand

A great number of devices run from PCs and are connected to the net. That is how the MRI, CT scanner, ultrasound, x-ray machines, etc, etc, send images and information from one place to another be it on site or off site specialists. Disrupting the monitor would kill someone wh

Re:

[scottv67]

So by that logic it makes sense to hire a rapist to protect your daughter from other rapists right? Hire a criminal to protect against the criminal.

That's nonsense! That's like asking one serial killer for help finding another serial killer.

You fly back to school now, little Starling.

Re:

[db32]

Oh no...you misunderstand. By all means...ask him how to better defend yourself from whatever crime while he sits behind bars. You just don't reward him for the behavior that got him there by giving him a high paying job doing that. There is a distinct difference. So long as you want to use the serial killer bit, Hannibal Lector (albeit a fictional character) was rewarded, escaped, and continued to commit crimes.

Re:Oh god... I predict "resume spam" soon

[jollyreaper]

The more people like this get tremendous job offers, the worse I see things getting since they are ultimately being rewarded for their behavior.

CEO's get rewarded for ruining companies, isn't it time the same courtesy is extended to the IT set?

mod parent up

[pimpimpim]

It's insightful/funny/sad, because it's true.

Re:

[pimpimpim]

Resume spam is already happening in the academic world. Any university researcher with a website offering positions will get a lot of job applications from people all over the world (probably mostly india/asia though) from totally irrelevant fields, either done by the applicant themselves or maybe there are companies that offer the addresses or send them around. They are written in a standard way, often not even mentioning the name of the addressee. Then again the same might happen for any job offer on mons

Re:

[Bearhouse]

Easy fix for this. Since what he did could easily be construed as 'corruption' or 'fraud', (or a least conspiracy to do so, or to aid and adbet others), they should just string him up! That's what they do to 'corrupt' (are they not all?) party officials in China. The damage he did was easily as high-profile as what others have done...(sorry, too lazy to look up links for party boss from Shanghai who was executed for stealing 'millions'.

Hey, while we're at it, we could extend this to to West, also... Cou

You certainly are from the USA...

[xtracto]

... because I believe that people in there have lost the fate in the "rehabilitation centre" which prisons are supposed to be. So what, this guy did such a bad thing with his knowledge. But if he pays his "debt" to society (be in jail and pay whatever millions he must) and he can be rehabilitated then society wins...

Of course I do not expect people from the USA to understand... I mean, what can you expect from a country where murder is a "fair" punishment.

Accomplices

[just_another_sean]

Three of Li's accomplices were also jailed for up to two-and-a-half-years each yesterday.

I wonder if they will get offers as well or do these companies want to stick to just the mastermind?

(Oh and I for one welcome our burning joss stick wielding, cute and cuddly Asian overlor^W, um, IT guys...)

Pfft

[thefear]

<blockquote>can prevent infected computers from operating anti-virus software</blockquote>
Don't all viruses do that nowadays, seems like a standard practice to me.

<blockquote>and all programs using the "exe" suffix.</blockquote>
so.... how did windows boot?

Re:Pfft

[Applekid]

and all programs using the "exe" suffix.

so.... how did windows boot?

IIRC, the virus modified the registry entries which tell Windows how to handle .exe files. Booting up is fine. Once the system's up, every time explorer tries to launch an .exe, Windows wound up checking the registry for what it should do with the file. The registry modification removed the "magic" that told it that it's an executable.

I remember at work someone convincing me it was a good idea to copy the .exe registry class into another one, say, .myinitials, so if the .exe registry settings got clobbered I could always rename regedit.exe to regedit.myinitials and fix it.

Re:Pfft

[dcollins]

Dammit. Screwed again.
- Eugene Xavier Edwards

Re:

[AntiDragon]

The old virus SirCam did this too. It's going back a bit, but I had to manually remove that garbage from a couple machines once. Couldn't run a virus checker, couldn't edit the registry since I couldn't run any new processes.

Dead easy solution though - just located regedit.exe, renamed it to regedit.com, fired it up and got fixing. ...Did I mention I prefer Linux and OS X now?

Maybe not so new

[east coast]

From the blurb: Li's cyber bug, which earned him about 145,000 yuan after selling it to other hackers from December 2006 to February this year, can prevent infected computers from operating anti-virus software and all programs using the "exe" suffix.'

Navidad [symantec.com] did kind of the same thing but it seems to be a coding mistake more then the intended purpose of the virus.

Just for the record: I didn't read the article.

Re:

[Red Flayer]

Moderation: +1 Informative.

Just for the record: I didn't read the article.

Now if you HAD read TFA, that would be informative. Default value for rtfa is 0, not 1, so stating you hadn't read TFA is redundant :)

Re:

[Anonymous Coward]

One guy wrote a virus that tricked users to think the virus was update to their windoze boxes.. After users installed the virus it wrote annoying messages to them all the time.

He was hired later as a WGA expert-developer.

well yeah

[circletimessquare]

the only real way to ensure security is to have it constantly challenged. that's a job. and this guy did a good job of doing that. thus, he earned the income

which means 2 things:

1. there is no security in an environment where the security doesn't get challenged and defeated every now and then. or get's challenged, and the fallout kept secret

2. go ahead and make virii and worms. just make damn sure the payload is harmless or simply annoying. if the worm this guy wrote did something really nasty, you can be sure he wouldn't be getting kudos and job offers

Re:

[somersault]

1. There would also be no need for security if people weren't trying to break the system, but I know what you're saying.

2. He sold the code to criminals who have no doubt used it for something 'really nasty'?

I like to play devil's advocate a bit, but this guy really does seem like a prick rather than someone who wants to be helpful.

Re:

[db32]

So. Where should I send the bill when I break into your house and take pictures of you sleeping? I mean there is work there testing your security (physical security), observing your sleep patterns (doctors get big bucks for this work), and I didn't take anything myself. Oh, and just so you know, I am going to show everyone else how to do the same, so if they do anything nasty to you in your sleep I can't be held liable for that.

I swear to God people need to get over this moronic idea that hiring hacker

uh

[circletimessquare]

in my mind, breaking into a corporate computer system is slightly different from breaking into someone's bedroom, but i'm just a wacky guy that way

Re:

[db32]

Maybe that is the problem. The damages from breaking into a corporate computer system is FAR greater than breaking into someone's bedroom. And again, God forbid you exploit a system that actually does have a life or death purpose. Advocating not using computers for anything in the medical field instead of punishing criminal behavior rather than glorifying and rewarding it is just dumb.

crime pays

[Anonymous Coward]

The lesson to be learned from this is that crime pays.

Re:

[Jackie_Chan_Fan]

Same could be said of the Bush Administration and every politician known to man.

What if he wasn't led astray...

[Virgil Tibbs]

Though I'm sure he would like them to believe he was led astray,
what if he wasn't and is just manipulating the authorities to get himself back online?
what are they going to do if he creates another worm, while in prison?
I would hope this is an unlikely scenario but it is one worth considering...

first thought

[twoboxen]

...where he earns up to 7 cigarettes on a good day. I'm not sure what that would be here after cost-of-living adjustments, though.

He did this because he couldn't get a job?

[crivens]

Was the virus technically fantastic, or did he download a virus kit from the web and just modify it's name before releasing it?

He did this because he couldn't get a job? Maybe he should get a life instead.

Re:

[speaker of the truth]

Had he gotten life the job offer would be less appealing I imagine.

The familiar meme evolves

[Dystopian Rebel]

1. Lose job.
2. In despair, write a Windows worm.
3. PROFIT.
4. Get caught, go to jail.
5. ???
6. PROFIT.

Bad idea?

[GreyPoopon]

Am I the only one that thinks rewarding a virus writer in this manner is a really bad idea?

However, he later learned from media reports that Li, who created the virus over discontent at his failure to land a job, may not be a bad guy and "just went astray," the report said.

Sorry, but taking your discontent out on scores of innocent victims does not strike me as merely being led astray. At best, it shows a complete failure to consider the consequences of your actions. At worst, it shows that your personali

Re:

[pitu]

Beeing offered a job is not a reward. A job is just a human right.

  theese times though, many people feel rewarded if they have the opportunity
  to be employed and exploited.

  =>he did not go astray... the society did - "the society is to blame" (c) Monty python

Re:

[GreyPoopon]

A job is just a human right.

On the chance that you weren't making a joke, I have to respectfully disagree. Keeping your citizens gainfully employed is a good idea for any government (otherwise anarchy and rebellion arise). However, I don't believe it's a human right. It is the responsibility of each person to strive to educate and locate themselves in such a way as to gain employment that takes care of life's necessities. It is the responsibility of society (if they have the means) to assist other membe

Re:

[pitu]

I gather it's more of a human right because you can not refuse it to someone based on
his origins, colour (put your custom discrimination here), nor because of one's criminal (and served) history.

A man has a right to work and have a job, that's all, it does not mean governments should secure & offer it.

now, a company says he rocks and offers 130k$. You say he'll feel rewarded as other sous-payed chineese suits get 10k$. ...or just maybe he'll still feel like shit because he's worth a lot more anywhere el

Re:

[ErikZ]

I disagree.

Back when the species could earn a living from farming, a job wasn't a human right. It was something everyone could do, and had to do to survive.

Now what? Can you go off, buy a ridiculously priced piece of land and farm a living off of it? You have to be able to get a job.

Re:

[dwye]

> Am I the only one that thinks rewarding a virus writer in this manner is a really bad idea?

Bad idea for whom? The Chinese get a good virus writer to make more, as munitions against someone. It encourages others to try. This is no different than England knighting or ennobling "pirates" who took the Spanish treasure fleets or the Silver Train from inland South America, back in Henry VIII's or Elizabeth I's reigns. For that matter, it is no different than pardoning a successful bandit and employing hi

Re:

[GreyPoopon]

Bad idea for whom? The Chinese get a good virus writer to make more, as munitions against someone.

Good point, but even then, I still think it's a bad idea. Somebody like that will sell out to the highest bidder, which can easily turn a great asset into a traitor. It's kind of like making explosives. You know that at some point there will be an accident during production, and that it will be really bad. Are the risks worth the returns? You have to do the math.

Re:

[vertinox]

Sorry, but taking your discontent out on scores of innocent victims does not strike me as merely being led astray. At best, it shows a complete failure to consider the consequences of your actions. At worst, it shows that your personality is borderline sociopathic, in that you don't actually _care_ about the consequences of your actions.

This is China we are talking about. The run by a different set of rules. Corruption is common and ethics is often considered when we are talking about the bottom line. You a

Re:

[P3NIS_CLEAVER]

I could instead spend five years in miserable conditions but not paying anything for room and board and then make $133,000 per year afterwards and live like a king, the choice would be pretty easy.

Sounds like graduate school.

Re:

[serutan]

Virus writer or not, I think letting anybody conduct business activity of any kind from prison is a bad idea. It defeats the meaning of punishment. A person in prison should simply be unavailable for all business purposes. They should have to appoint someone as caretaker of their assets while they are in jail, similar to what presidents in office must do.

The Chinese will learn, too, eventually...

[Opportunist]

The "West" learned in the 80s. You do NOT want those people in your security department. Yes, they have the skill, but they don't have the ethics. And that's the big deal here.

You will not get a job offer here for writing a virus. No reputable IT sec company will touch you with a 10 foot fiber cable. Yes, you obviously have the skill, but you lack the morals not to use it for what you've done.

What is really lacking in today's IT world is lectures and courses about the topic. Do you see many universities teach you something about malware? How to exploit a system? How to look for security holes? Yes, very controversial topic, but it's necessary. I mean, where are you supposed to learn that? Self study takes a long, long time, time you don't have in today's IT sec world where what you learn today is dead weight in a month. And, well, self study is usually only done by people who have an interest in applying that knowledge, and rarely for good...

Re:

[spleen_blender]

But what recourse do disenfranchised hackers (of either hat colour) have for an industry that in one breath will tell you that skill in the trade is the most valuable thing, then in the other breath farm out your job to a programmer in India who barely knows how to use a hash table?

All I am saying is that it is hard to decipher if the ethical concerns with an individual hacker were present before they had the skill or if the ethics are merely a result of happenstance.

Re:

[Opportunist]

It's not necessarily only a matter of your attitude towards the industry. If your malware only affected business targets, I could see that it's some kind of revenge to an industry that shipped your jobs to a country where the average coder asks you what he needs a hash table for, because he only needs one for coke.

Malware, though, strikes predominantly "civilian" targets. And with the advent of botnets like the Storm net, the net itself. And, sorry, with this on the table, you cannot tell me that the ethics

Re:

[spleen_blender]

But what is the motivation for that behavior? It is financial for the most part, save a few renegade hackers who are living out some sort of Matrix fantasy, if I am not mistaken. So what is wrong with giving the ones with the skill the incentive to use their abilities for good? Shouldn't they be compensated according to value? Or is it too disturbing paying the lion to not eat you?

Re:

[Opportunist]

The problem here is when someone has already shown that he has no moral problems with launching some malware into the public, who tells a company its new hot coder won't backfire on them?

The anti-malware community is a wee bit zealous. Sure, some might have written some kind of malware some long, long time ago in a life far, far away from the one they live now (talk about double standards, I know...), but as far as I'm aware, nobody ever did it for money. And a lot of them would eat you alive if you did tha

Re:

[clickety6]

Yes, they have the skill, but they don't have the ethics. And that's the big deal here.

Yes, because every day we hear how ethical the big companies are here in the West. Our big companies would never abuse monopoly positions, would never swindle share holders, would never abuse their staff, would never seek every way possible to avoid paying taxes, would never rip off their customers, would never fix prices, would never use scare tactics, would never spread lies and disinformation about competitors, would n

Re:

[Opportunist]

I've said it in the comment above, I say it again, if you're pissed at companies, go ahead and bring them to their knees. But there's no excuse for launching an all out attack against everyone who uses the net because you're angry with a company or two.

Re:

[Hoi Polloi]

It doesn't matter what the ethics are of the company as a whole. If they can't trust you as an employee they won't hire you since all organizations (whether you think they are corrupt or not) depend on trust. If they are cheating, they want to be the ones doing the cheating, not being cheated. Even an Enron wouldn't be in a rush to hire a convicted embezzler.

Re:

[clickety6]

So who do they hire to do all this dirty work at the companies? Or do they just corrupt their current employees? Surely if you're going to run scam like Enron it's cheaper to hire pre-corrupted employees than have to train your own ;-)

Re:

[thePowerOfGrayskull]

Our big companies would never abuse monopoly positions, would never swindle share holders, would never abuse their staff, would never seek every way possible to avoid paying taxes, would never rip off their customers, would never fix prices, would never use scare tactics, would never spread lies and disinformation about competitors, would never spy on competitors or their own staff, would never collude with their own government to break the law, would never work with an oppressive regime just for profits...

Being able to trust your employees not to steal and sell hundreds of thousands of customer credit card numbers to the highest bidder has nothing to do with corporate morality or lack thereof.

Re:

[dark404]

Do you see many universities teach you something about malware?

Um... yes? Actually, where I go there's an entire CS Masters concentration dealing with the subject along with digital forensics topics...

Re:

[Opportunist]

Care to share the secret which university would be that? And how long you had to search to find it?

Offered a job for your crime

[craigkup]

It's like you robbed a bank, but you did it so well the bank wanted to hire you as security to protect them.

Re:

[edrie]

i dont think so..maybe you are hired as actor in OC 14 XD ~

on hiring the insecure and the vengeful

[westlake]

The media is reporting that author Li Jun originally wrote the virus due to frustrations over being jobless.

You hire a guy with a record with of lashing out against the world when he meets with life's frustrations. What next? Do you offer him lifetime job security and rebuild your IT infrastructure every time he twitches?

Something to be concerned about

[Targon]

Considering the changes in the computer industry over the past 20 years, it should scare people that this sort of thing is going on right now. There have been an increasing number of hacking attempts from China, and there are also an increasing number of businesses that are based around infecting computers with spyware/adware.

As a result of this, paying hackers and cyber-terrorists(which is really what worm creators are) for their expertise in this sort of program is a VERY VERY bad thing. The culture

Inspiration!

[caesura]

Excuse me while I go write a virus that will replace the boot sector on all windows-running computers with a small program that displays my resumé and contact information.

Communism?

[operagost]

I thought this was a Communist country. What happened to "to each according to his needs?" Does a hacker need millions of yuan?

Re:

[budword]

China hasn't been communist in a damn long time. Now they are just a one party dictatorship. Think Soviets without the good intentions. The funny part about it is the communist party isn't even embarrassed about it.

Re:

[tnk1]

China is now about as Socialist as the National Socialists, if you get the picture. More National than Socialist.

Basically, China is an oligarchical state that gives lip service to the theories of people who are pretty much discredited: Mao, Lenin, Marx. For lack of a better mantra, they've stuck with it, since they can punish you if you argue with it and they've printed all the textbooks in Red already. There's nothing more comforting than being able to say you're a revolutionary without having to creat

Re:

[edrie]

dont think about communisme..all hacker need the money to upgrade their system XD ~ if u child also need money to buy the chocolate~

It is a communist country

[sonoronos]

It's just not a Maoist communist country anymore. Deng Xiaoping changed everything.

Re:

[PalmKiller]

1 Million Yuan is 130K in US dollars which is good but not great for the title they are offering him. Now I do agree that is a lot considering that china's cost of living is low, but still not all that amazing in US terms.

Give him a job only after...

[Simonetta]

I believe in fairness. Everyone needs to work productively. So yes, give this guy a job.

    But only after he has spent MANY years in jail, and has reimbursed all the people who lost work and data directly resulting from the virus being on all the computers affected by this crime.

    So if this criminal has written and released a bit of secret code that wipes out data a hard drive, then he (always a he) should be required to compensate for the cost of collecting and entering this data. He must also be responsible for loss of income and profit in all the companies infected by his virus code.

    If he is still interested in coding after all the effort and expense that he must do to correct the bad effects of his deliberate action of writing and releasing a destructive virus, then he should be allowed to do so.

    But not until all the compensation has been made. It doesn't matter if this criminal is a coding genius, we can always get the same results from having more ordinary people working on the same coding problem as a lone genius.

    What I'm saying is that regardless of any individual's coding skills, if this individual causes millions of dollars of damage, he should not be allowed to work in this industry.

Chinese Worm Creator Gets High

[CrazyJim1]

Anyone else misread the title at first?

What? No military contract?

[n dot l]

I'm just surprised this guy wasn't hired by their government. A cyber-attack would be a pretty good start to their next war, especially against their highly industrialized (and networked) neighbors. You could disrupt their economy for days (or weeks, depending on how good the worm is) before launching an actual attack and nobody could really counterattack right off the bat because they'd think it was just another random teenager in his basement up to no good...

What about next time he gets frustrated?

[1.000.000]

Would he then

a) get over it?
b) do something harmful?

Good luck giving him access to your IT system.

Oblig "It's a Wonderful Life"

[seven of five]

Mr. Potter: "Merry Christmas to you - IN JAIL!"

And all companies are evil

[microbee]

The "virus" was not just a show-off job. Nowadays they are always tied to revenue. This virus in particular was used to earn click cash and they got like 10 million yuan a month due to its widespread infection.

So the companies that are offering this kind of money are the companies that want to use spyware technology to boost their own revenues. In China, if you write a virus by your own, you are a criminal; if you write a virus as a company, it's called a "product".

Re:

[wikinerd]

In China, if you write a virus by your own, you are a criminal; if you write a virus as a company, it's called a "product".

Only in China?

Re:

[somersault]

When you're working with Mr Wang Wanxiong, you pick up some good tricks!

Re:

[dbIII]

If this guy was such a 'precious genius' why was he jobless

Probably the same old story - couldn't get past HR to talk to anybody with a clue.