Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security The Almighty Buck

Hack a Million Systems and Earn a Job 267

An anonymous reader writes "It has been a number of years since the fantasy that hackers will be offered a job by those who they hacked was even a potential reality, but this might still be the case in New Zealand. An 18-year-old hacker responsible for writing a number of applications used by an online group called 'the A-Team' that allowed the creation of a million-plus machine botnet and a range of credit card fraud activities to take place, has walked free from court sans conviction despite pleading guilty. And to top it all off, the NZ police force were interested in talking to the hacker about working for them, and 'several computer programming companies' were also chasing him for his skills."
This discussion has been archived. No new comments can be posted.

Hack a Million Systems and Earn a Job

Comments Filter:
  • by MagdJTK ( 1275470 ) on Wednesday July 16, 2008 @07:55PM (#24222175)
    ...so I'll be driving everywhere with my foot to the floor, hoping for a drive by 2010!
    • by Hojima ( 1228978 ) on Wednesday July 16, 2008 @08:30PM (#24222513)

      What they really should have done is force him to work for them. The logic for most crimes should be: commit a crime, be forced to work with police to prevent crime. The more they get, the easier it is to catch others, the more they get etc. Of course if he doesn't even have to do that, then I just hope he'll get murdered.

      • by negRo_slim ( 636783 ) <mils_orgen@hotmail.com> on Wednesday July 16, 2008 @08:33PM (#24222539) Homepage

        An 18-year-old hacker responsible for writing a number of applications used by an online group called 'the A-Team' that allowed the creation of a million-plus machine botnet and a range of credit card fraud activities to take place,

        Hah, I'm assuming there's some exaggeration taking place here... and from the sounds of it they're on the same Old English ego boosting bender those kids are probably on after doing something remotely notable.

      • by Ihmhi ( 1206036 ) <i_have_mental_health_issues@yahoo.com> on Wednesday July 16, 2008 @09:07PM (#24222833)

        Yes, that's a brilliant idea. Piss off a hacker and then give him access to sensitive systems. I'm sure they have someone just as smart as he is to check what he's doing.

        • by Hojima ( 1228978 ) on Wednesday July 16, 2008 @09:49PM (#24223143)

          who the hell said he'd get access to sensitive systems? He can work independently of their system. Hell, they can force him to work from home. If he violates any more laws, then it's more time.

          • Re: (Score:2, Interesting)

            Hmm if I believe that it is stated in one of the fables of hackerdom that a hacker will be miserable and unproductive when forced to work 9 till 5 but will happily work from 12 till 2 AM. Perhaps forcing someone to do something they would gladly do of their own free will makes things worse for everyone.

            • by gnick ( 1211984 ) on Wednesday July 16, 2008 @10:21PM (#24223415) Homepage

              Hmm if I believe that it is stated in one of the fables of hackerdom that a hacker will be miserable and unproductive when forced to work 9 till 5 but will happily work from 12 till 2 AM. Perhaps forcing someone to do something they would gladly do of their own free will makes things worse for everyone.

              Actually, I think your fable holds at least a little bit true, at least in my case. I work ~9-5 because it allows me to take care of myself and my family financially and because I believe in the work that I do. I worked my butt off in school to prepare myself for that.

              Working on hacking systems, gaining unlawful access, collecting random accounts, etc? That was just juvenile fun that I got a great kick out of back in my youth - And it was all done mostly for free (my only benefit was free internet access through hacked accounts - that was all that my conscience would allow me to steal, although I had ample opportunity and admit to getting an ego-boost out of that fact - I was a just a talented juvenile delinquent). And, 12-2 AM were preferred hours for that kind of work. I stopped because I wanted to avoid jeopardizing future employment. But, despite being more satisfying on a number of levels, I would not say that my ~9-5 work now is ever as "enjoyable" as my history of 12-2 AM residence in hackerdom.

              • Re: (Score:3, Interesting)

                by bipbop ( 1144919 )

                The geekiest way I ever got free access to anything was in junior high, when I downloaded the source for a skeleton terminal program for Turbo Pascal 6, which used a fossil driver. I hacked the super-basic terminal to play a MajorBBS game called Archery, which was quite hard for humans, but perfectly winnable for a machine; the game cost credits, and on the occasion that you won would pay out quite a bit more.

                I got someone to give me some starter credits, because I had no way to pay for a BBS account those

          • by jlarocco ( 851450 ) on Wednesday July 16, 2008 @11:30PM (#24223931) Homepage

            who the hell said he'd get access to sensitive systems? He can work independently of their system. Hell, they can force him to work from home. If he violates any more laws, then it's more time.

            I'm not sure I trust that setup. At the very least wouldn't he need an honest desire to help out? You really can't "force" somebody to do work like that if they don't want to.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Owen is a friend of mine. Perhaps you can refrain from that sort of comment.

    • by Forge ( 2456 ) <kevinforge.gmail@com> on Wednesday July 16, 2008 @08:37PM (#24222581) Homepage Journal

      Why would you want to be a F1 driver? It's the Rally drivers who get all the hot girls.

      As for the NZ Police trying to employ the best hacker they failed to convict? Freaking Briliant IMHO.

      Sure it will be togh to keep him out of crime and they may have to imprison him at a future date. On the upside, monitor him will be a lot easier when the police own his hardware and network. And all without violating any kind of civil liberties since he is an employee.

      On top of that, Ciber crime, Fraud, Forgery etc.. are crimes of misdirected intellect. It takes a mind at least within the range of a clever criminal to capture him. Making this kid potentially quite useful.

  • haha (Score:5, Insightful)

    by Anonymous Coward on Wednesday July 16, 2008 @08:00PM (#24222211)

    This has been on the news for awhile in NZ, the funny thing is the paper the other day said tens of thousands, then another one said hundreds and now it's a million!

    Awesome.

  • by PC and Sony Fanboy ( 1248258 ) on Wednesday July 16, 2008 @08:01PM (#24222225) Journal
    This is a great step forward for black hats everywhere! And a great step forward for aspiring CS students ... and a step back for mankind. *siigh*

    at least it was 2 forward and one back...
    • Re: (Score:3, Insightful)

      This was not a step back for mankind - that happened many years ago. I saw only steps forward or sideways here - that's a pretty hefty fine for a kid, and he'll actually have a chance at doing something that isn't entirely socially destructive now. The alternatives (conviction and incarceration or parole) would just be destructive to him and worse than useless to the state.

      If they jailed every 18-year-old that somehow didn't get a good sense of right and wrong from watching MSM, society would implode over

      • When we start (Score:4, Interesting)

        by deesine ( 722173 ) on Wednesday July 16, 2008 @09:01PM (#24222795)
        letting some criminals off easy due to their "usefulness", then yes, it's a step backwards for justice.
        • But yet, somehow, imprisoning a kid who performed a few technical exploits without malicious intent at the request of a few bad apples, just out of curiosity about the problem--and the joy of having someone finally taking an interest in him for something he did--that's a step forward for justice?

          Don't look at him as being let off easy, he's being taken in by the police as an cybercrime intern, so he can learn about what is legal or ethical to do with computers, and not least so someone in authority can keep

        • Re:When we start (Score:4, Insightful)

          by SoupIsGoodFood_42 ( 521389 ) on Thursday July 17, 2008 @12:41AM (#24224323)

          Yeah, because criminals are evil people who need to be locked up! Not fellow humans with issues. I'm not saying compassion absolves a person of their responsibility, it doesn't, but too many people seem to have this black and white view on justice, crime, and human nature.

          • Re: (Score:2, Insightful)

            by Hal_Porter ( 817932 )

            Yeah, because criminals are evil people who need to be locked up! Not fellow humans with issues. I'm not saying compassion absolves a person of their responsibility, it doesn't, but too many people seem to have this black and white view on justice, crime, and human nature.

            Criminals need to be locked up rather than given consultancy jobs because that will encourage other people not to be criminals. I'm sorry if this is too black and white for you.

        • Re: (Score:3, Insightful)

          by Anonymous Coward

          The guy has Aspergers Syndrome. If you don't know what it is or haven't lived with it then you wouldn't understand that the court decision was made to gain the best outcome for him and for society. Punishment for the sake of punishment would not benefit anyone here.

      • ... but, should we allow 18 year olds to make such drastic mistakes without punishment?

        Honestly, I almost got kicked out of school for stealing a keyboard (and I wasn't the one that took it!)

        I'm not suggesting that his life should be ruined, but he's being rewarded. That just ain't right...
      • NO fine was mentioned.

        Almost 10k in reparations and 5k in fees. What about the almost 40k he made?

        Fine should be at least 40k.

  • by Joshuah ( 82679 ) on Wednesday July 16, 2008 @08:04PM (#24222267)

    This guy has already proven that he will break the law. By working for the police department, he can write the systems for them, then later leave and hack their system. The guy has already been proven that he can't be trusted, so why work with him.

    • by mrbluze ( 1034940 ) on Wednesday July 16, 2008 @08:09PM (#24222315) Journal

      This guy has already proven that he will break the law.

      No he hasn't. He wasn't convicted, so the judge considers that what he did didn't break her interpretation of the law.

      The guy has already been proven that he can't be trusted, so why work with him.

      He hasn't been placed in a position of trust anymore than anyone else, so he has not proven anything. On the contrary, the Judge remarked that he has a phenomenal future ahead of him.

      By working for the police department, he can write the systems for them, then later leave and hack their system.

      Nobody trusts anybody in the police department. That's important and that's how you fight corruption. He will fit in well there.

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        This guy has already proven that he will break the law.

        No he hasn't. He wasn't convicted, so the judge considers that what he did didn't break her interpretation of the law.

        From TFA:

        "despite admitting to his role and his authoring of the software that is certain to have led to real losses (estimated by the FBI at more than US$20 million) for not only the owners of the machines infected in the botnet but also those who had their credit card details stolen, and those who were targeted by machines in the botnet"

        He's guilty whether or not the court found him so because he admitted to the criminal activity. Given that he did so the prosecution might well have good grounds for appe

        • by totally bogus dude ( 1040246 ) on Thursday July 17, 2008 @12:18AM (#24224207)

          Well the article is a bit light on details and I can't be bothered researching any more, but if all the guy did was write the software then it's entirely plausible he didn't do anything technical illegal, in a "guns don't kill people, people do" kind of way.

          On the other hand, he almost certainly knew exactly what the software he was writing was being used for, so it'd be like selling guns to people you knew were committing armed robberies.

          If that's the case, then maybe the prosecution simply tried to get him for the wrong crime. Just like if someone brought charges of armed robbery against someone selling guns, I would expect them to be thrown out by the judge (though one would imagine such an obviously false charge wouldn't make it to court in the first place).

          I don't know if NZ law will allow them to try again with a more appropriate charge or not.

      • by nickrout ( 686054 ) on Wednesday July 16, 2008 @09:59PM (#24223229)
        Rubbish he pleaded guilty and was then discharged without conviction. That is deemed to be an acquittal, but it doesn't mean he didn't intentionally break the law. The judge just gave him another chance. Note he was ordered to pay a large amount of compensation for his wrongs.
      • Re: (Score:3, Informative)

        by Rogerborg ( 306625 )

        He wasn't convicted, so the judge considers that what he did didn't break her interpretation of the law.

        RTFA. The judge let him slide because he's (apparently) a retard. The theory seems to be: smart enough to steal from thousands of people, too dumb to know that it's wrong. He is effectively above the law, because the law is a liberal ass.

    • by Darkness404 ( 1287218 ) on Wednesday July 16, 2008 @08:11PM (#24222337)
      Think of people like him as code mercenaries. They go to the highest bidder. Now, he is a person you don't want working against you, so why not hire him? Now, granted you would be stupid to give him the root password of your server, but for security, do you want some guy who has only read about rootkits and trying to protect your system from them, or a guy who writes rootkits. Would you rather have a guy who has read about programming, or say Linus Torvalds? This man is very accomplished and talented as this shows. So it is either hire him and earn loyalty for the term of the contract, or he might just hack you. Which one do you want?
      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Loyalty? You said it yourself, the highest bidder wins which is not someone you want to hire. After all what happens when some third party pays him more so he sabotages your code?

        • Loyalty? You said it yourself, the highest bidder wins which is not someone you want to hire.

          Most of these people honor a contract. And after all, if there is a flaw in the code, they will be the first one that gets blamed. And I highly doubt that third-parties would pay to sabotage code for a police department or business. Very few governments/citizens care about a police department, and other businesses don't want a paper trail leading them to the downfall of a competitor. And other hackers won't think it fun to pay someone to inject a vulnerability.

      • Re: (Score:2, Interesting)

        by sedmonds ( 94908 )
        If there's one thing society needs to reward, it's extortion. Hiring this asshole is no better than hiring the mafia for traditional police services. They've shown excellent judgement and social conscience up to this point, so surely we can expect them to continue to do so once hired, right? Pay me, or I'll hack/beat/rape/kill you!
      • Re: (Score:2, Funny)

        by gd23ka ( 324741 )

        # /sbin/brain --start
        # /sbin/brain --show-status
        brain0: running
        #

        "Now, granted you would be stupid to give him the root password of your server"

        He is the last guy on the planet that needs to ask for your root password.

      • False Dichotomy (Score:4, Insightful)

        by xstonedogx ( 814876 ) <xstonedogx@gmail.com> on Wednesday July 16, 2008 @10:15PM (#24223349)

        Think of people like him as code mercenaries. They go to the highest bidder. Now, he is a person you don't want working against you, so why not hire him?

        1. Nothing is stopping him from doing a little work "on the side". You hiring him does not mean he is not going to write rootkits. It also doesn't mean he's not going to take money to work against you.

        2. He's gaining knowledge of your systems. When someone later outbids you, he's not only working against you, but doing so from a stronger position (while at the same time denying you any benefit you might have gotten from him).

      • by 4D6963 ( 933028 )

        So it is either hire him and earn loyalty for the term of the contract so that once it's over he knows much more than he needs to know about your infrastructure to do anything he wants with it, or he might just hack you.

        There, fixed it for you. Your argument comes down to "Instead of letting the wolf outside the chicken coup and let him try to attack, let him inside the coop and put him in charge of the security, namely making sure no other wolf gets in". What's the worst that could possibly happen?

    • by McGiraf ( 196030 )

      "This guy has already proven that he will break the law. "

      That's what made the police interested in hiring him.

    • by Gewalt ( 1200451 )
      Well, if he's capable of erasing felony convictions, then why bother giving him felony convictions at all? Jokes aside, I think the Judge, et ali, are going to regret this later.
    • by tonyr60 ( 32153 )

      There is a significant difference between the media reports and reality. There is no evidence he has been offered a job with the police or anyone else. Police have explicitly said they would not employ him.

  • No conviction (Score:5, Interesting)

    by RedWizzard ( 192002 ) on Wednesday July 16, 2008 @08:05PM (#24222273)
    According to a local story [nzherald.co.nz] he was discharged without conviction because he didn't show criminal intent, rather he was he motivated by proving his abilities, and conviction would be unduly detrimental to his future prospects.
    • Re:No conviction (Score:5, Interesting)

      by bcat24 ( 914105 ) on Wednesday July 16, 2008 @08:26PM (#24222471) Homepage Journal

      Finally, a reasonable justice system! Maybe I should move to New Zealand.

      • by jesterzog ( 189797 ) on Wednesday July 16, 2008 @10:58PM (#24223727) Journal

        Why is this modded Funny? In this case it's a perfectly reasonable justice system. He's already been fined NZ$15,000 (~US$11,000) which would likely be a lot for him.

        The judge looked at the situation and the context (including the fact that he's autistic), took into account that the police weren't too interested in seeing him in jail (NZ police are interested in actually preventing crime rather than simply locking people up), decided he's young and is probably unlikely to do it again if given a second chance, took into account that he's received other forms of discipline already, noted that he'd actually realised and accepted the consequences of what he did and was willing to try and pay reparations, noted that an on-the-record criminal conviction would limit him in a lot of ways for the rest of his life and probably put him in a position where he'd more likely offend again, and determined that all of this information outweighed the possibility of a discharge-without-conviction encouraging others.

        This seems like a very good justice system to me. The judge is actually considering the case on its merits and taking into account that throwing someone into jail will just make it more likely they'll re-offend when they get out.

        • by bcat24 ( 914105 )

          Mod parent insightful, please. While my little jab about moving to New Zealand was tongue-in-cheek, my complement to the NZ courts was not. It seems to me that the end result was about as just and good for society as possible given the circumstances. I take my hat off to the judge, and I hope the kid keeps on hacking as long as he wants, just on the side of good.

    • That doesn't make sense to me. He knowingly broke the law to prove his abilities, but since he didn't want to do anything more criminal, he didn't have criminal intent?

      "Hi, your honor. I was just trespassing to show I could. Notice I didn't rape his chickens, even though they were right there. Let me go, please.

    • According to a local story he was discharged without conviction because he didn't show criminal intent, rather he was he motivated by proving his abilities

      So it's OK to break the law as long as it's only to see if I can get away with it?

  • Where is the proof? (Score:4, Interesting)

    by Planky ( 761118 ) on Wednesday July 16, 2008 @08:06PM (#24222293) Homepage

    The NZ Police force have stated they are not offering him a job, yet somehow all the NZ media are saying companies are lining up to offer him a job. I've seen nothing but speculation and rumours.

    While it's unfortunate that he has a form of Aspergers, the kid should have been convicted.

  • Crime Pays? (Score:3, Funny)

    by Fail-deadly ( 1224544 ) on Wednesday July 16, 2008 @08:09PM (#24222323)
    ...why! This goes against everything my parents ever told me!
  • by FlyingBishop ( 1293238 ) on Wednesday July 16, 2008 @08:16PM (#24222377)

    Honestly, he's an 18 year old with Asperger's. In other words, he's a lonely teenage nerd, with a literal handicap in the personality department. The only thing to do is give the kid a job.

    Asperger's, like autism, makes cause and effect a little difficult to process. That said, people with Asperger's also tend to be very methodical (as his computer expertise can attest.) Setting down a clear set of expectations for him about how to behave in the computing realm is difficult, but it's not the same thing as trying to reform a hardened hacker. He's young, and he's not entirely with it, at least not in terms of personal interaction. I imagine that's exactly why he hasn't been charged.

    • Re: (Score:2, Insightful)

      Aspergers kids have a serious social problem with cause and effect. This creates a big problem when you realize, yes, there is one girl out there that's actually special to you, and you just blissfully fucked up your last chance at happiness.

      Life can always get worse. Unless you did that, then you're done.

  • Free Kevin! (Score:2, Funny)

    by capnkr ( 1153623 )
    Oh...

    um, oops...

    I for one welcome...

    Bah.
  • by Repton ( 60818 ) on Wednesday July 16, 2008 @08:21PM (#24222427) Homepage

    Some more context might be useful. Walker had mild Aspergers syndrome; criminals were paying him to work, but the judge believed that he was unaware of what they were doing with his work. Even the crown prosecutor acknowledged that he had not profited financially, nor had he used the botnet (which, I guess, he helped make) for fraudulent purposes.

    Summary: Aspergers kid develops amazing programming skills; gets exploited by bad guys; when it all blows up his family starts paying more attention to him and he gets more sociable. Judge realises that he done wrong, but he didn't mean wrong; sending him to prison would ruin his life and cost taxpayers money, whereas keeping him out of prison will let his family set him straight and turn him into a profitable, functioning member of society.

    • by dbIII ( 701233 )
      The reason for the disconnection between the expectation and the reality is simple. He was being pursued as a genius master criminal in an overhyped international operation and what they actually caught was a mentally ill script kiddie that is sorry now he understands what he has done. Judges deal with that sort of situation with petty crimes all of the time and this is just another annoying petty crime that just happens to be possible to inflict on a lot of people at once.
  • In a situation like this, why *not* co-opt them? If the damages can be undone or leave no lasting harm, it surely makes sense to channel and redirect that skill. Sure, credit card scams and phishing attacks can ruin lives in worst case scenarios, or otherwise cause a great deal of inconvenience, but no extraordinary or lasting damage should have been done in this case once things have been set straight. Chalk up another point for the perils of data security in the modern world and put him to work in commun
  • Not far-fetched (Score:2, Interesting)

    by RedMage ( 136286 )

    Without going into details, I got my start as a software engineer by hacking into a well known corporate system and being offered a job. I didn't get caught, but rather let them know about it (in a very nice way!) This was more than 20 years ago now, so I dare say the climate towards benign systems hacking is probably a tad more hostile today. Intent and methods probably saved my bacon, even then.

  • by greyhueofdoubt ( 1159527 ) on Wednesday July 16, 2008 @08:47PM (#24222669) Homepage Journal

    I worked as tech support for a small local isp a few years back, and this kind of thing happened to a guy who was hired with me. When we were all sitting in the conference room getting the legal brief, one of the stipulations was something like, "You cannot work here if you've ever been convicted of a computer hacking-related crime" or something to that effect.

    The lady said it with that haha-I-know-no-one-in-this-room-is-that-smart kind of way, but the guy sitting next to me got real quiet and asked if he could talk to her outside. Turns out he cracked into a bunch of university computers down in georgia or someplace and it was a pretty big deal, and he had used this local isp as his springboard. It was iffy for a while but they gave him the job anyways, since he did the crime when he was a young teenager.

    Reubens, if you're reading this, feel free to correct me if my details were wrong.

    -b

  • by Anonymous Coward on Wednesday July 16, 2008 @08:51PM (#24222697)

    Followed this case closely.... especially the thing that brought him down: a UPenn student named Ryan Goldstein, aka Digerati...

    http://lamp.dailypennsylvanian.com/thespin/2007/11/29/penn-student-enters-the-matrix/ [dailypennsylvanian.com]

    A wannabe hacker who got kicked out of an IRC group frequented by a group called Splinter Security for being a pedophile:
    http://www.scriptkitty.net/files/Digerati-Exposed.zip [scriptkitty.net]
    [NSFW]

    Whose teenage angst could not be contained... and hired a NZ skript kiddie named AKILL... who agreed to use his botnet to do a DDOS against TAUnet... as this would somehow make Splinter Security Group realize how much of a mistake they'd made in banning Ryan for being a pedo and beg for him back.

    IN EXCHANGE FOR THIS: Ryan offered up some bandwidth on an engineering lab server so that AKILL could update the code on his botnet.

    The way they got caught: As it turns out, people notice when your 40,000 node botnet tries to download an executable off of a server that normally sees no activity.... ALL AT THE SAME TIME. As it turns out, that server crashes, the traffic doesn't stop, people notice something's wrong and call the feds.

    It's all quite funny.

  • Catch me if you Can (Score:5, Interesting)

    by slimjim8094 ( 941042 ) on Wednesday July 16, 2008 @09:01PM (#24222791)

    As a society, we need to realize that criminals or 'outcasts' (for whatever reason) can be extraordinarily intelligent. As a society, we need to learn how to harness their skills.

    Frank Abagnale (the main character of said movie) turns from a check-forger into a designer of secure checks... by using his knowledge of what's hard to forge. We're all better off as a result.

    There was a kid a couple of months ago who had the creative and technical skill to make a CounterStrike map of his school. I sure as hell can't do that. Now instead of letting him do an independent study in game design or 3d modeling, or even teach a class (after school or whatever), they sent him to a 'special' school (where they send all the stupid bullies).

    We need to give people who possess this intelligence another outlet.... otherwise they'll continue to eat our lunch. Being on the wrong side of the law is obviously more interesting, which is presumably the appeal - a Google-style approach of 'work on cool projects on a flexible schedule' ought to keep them interested enough to do productive work.

  • A-Team (Score:4, Funny)

    by clbyjack81 ( 597903 ) on Wednesday July 16, 2008 @09:08PM (#24222837) Homepage
    So did he say to himself on the way to the interview, "I just love it when a plan comes together!"?
  • by duckInferno ( 1275100 ) on Wednesday July 16, 2008 @09:24PM (#24222965) Journal
    Corrective justice > Retributive justice.
  • by tinkertim ( 918832 ) on Wednesday July 16, 2008 @09:50PM (#24223147)

    The crown will plainly show the prisoner who now stands before you, was caught red handed 0wn1ng people, 0wn1ng people of an almost HUMAN nature.

    This will not do.

    Sorry, couldn't resist.

  • by seifried ( 12921 ) on Wednesday July 16, 2008 @11:18PM (#24223867) Homepage

    Like I wrote back in 2001 Hiring hackers - why it might not be a good idea [seifried.org]

    There has been a long, ongoing debate about this issue, and recently it has resurfaced in public. Should companies hire hackers convicted of computer crimes? The general theory is that these "hackers" are elite commando style computer security experts that can tighten up your network in a weekend marathon of pizza and pop. Often nothing is further from the truth.

    The first concern I would have is: are these people really any good at computer security? Now this may sound like a rather silly question, but it bears asking. The most obvious clue would be that they have been caught and convicted of a computer related crime. If they are such great "hackers" why did they get caught? Kevin Mitnick, a very famous hacker, was caught several times, and spent time in jail. Most hackers possess very little actual skill. They simply follow in the footsteps of others. It is very easy to download precompiled exploit scripts from sites such as rootshell and then use them to break into systems. Even assuming for a moment that this person has any advanced computer security skills related to breaking into networks, this does not mean they have the skills needed to secure networks. It is one thing to find a weakness and exploit it, but it is an entirely different matter to fix it properly.

    Securing a network takes a lot more then plugging a few technical holes. Even if I were to walk into your network and fix every single existing problem, it would not make your network secure. Security is a procedure with many steps, assessment, definition of needs, planning, implementation, review, and so forth, which amounts to a never ending cycle. Even if you hire a brilliant hacker that secures you against all known attacks, new problems will crop up. Even if your hacker has these qualities, their ethics are extremely questionable. There is a famous saying among lawyers: "never put a perjurer on the stand", which boils down to "if you know he's lied before, chances are, he might do it again". How can you trust your newly hired hacker not to slip backdoors into the system that they might later exploit. While it is true that any trusted employee might try to do something like this it certainly seems silly to put yourself in a higher risk category.

    A company has a fiduciary responsibility to stockholders. They are entrusted with their stockholders' money and are expected to make decisions that will increase it without unnecessary risk. Engaging in high risk behavior means legal liability. For example, would it be reasonable to sue the corporation for not taking proper care and responsibility in hiring someone they know to have offended before? Considering the position of trust most security administrators are placed in (they have administrative access to servers, monitor users' network usage, read incoming and outgoing e-mail and so on) is it really wise to hire these people? A person with administrative access to a server, or physical access to the network can break into systems and leave backdoors with nary a trace. Would you expect a bank to hire criminals convicted of armed robbery to transport money on the grounds they know what to look out for? Would you hire a burglar to install the alarm system for your house?

    While it would be nice if all criminals that got caught were rehabilitated, used their skills for good rather than evil, and never offended again, this is not a perfect world. By breaking the law, for whatever reason (curiosity, maliciousness, etc.) they have chosen to violate rules generally accepted in most countries and societies. They have (at a bare minimum) shown poor decision making, and while they may not specifically want to re-offend, they may be tempted by a short term gain and take a chance (as they have in past).

    Summary

    While it is possible to find a convicted hacker with the skills you want, it is exceedingly ra

  • I came in here for all the A-Team jokes to only find err.. one?! Oh well here it goes:

    ... in 2008 a hack commando unit were supposed to be sent to prison for a crime they did commit(!), though the captured leader goes free after trial (to the NZ underground) and now survives as a hacker of fortune. If you have a problem, if no one else can help, and if you can find them, maybe you can hire...the A-Team. Bam bam bam!!!

  • Please consider that the good judge is trying to send these messages to the rest of the world: "Don't tempt our youngsters by leaving powerful systems open to the 'Net", and "Secure your systems".

    Reading these comments and others ones on reports of serious crime in the US, I get the very distinct impression that a very large sub-set of the US population are a bunch of intolerant and vituperative red-necks who have yet to discover the phrases: "There but for the grace of God go I", "He who is without blame

"Virtual" means never knowing where your next byte is coming from.

Working...