Hacker GhostShell Doxes Himself So He Could Get a Job In the Industry

An anonymous reader writes: One of the most notorious hackers around has decided to dox himself after getting tired of hacking companies and failing to find a legitimate job in the infosec community. Razvan Eugen Gheorghe, 24, is one of the early LulzSec members and leader of Team GhostShell. He is now hoping to get arrested so that he could negotiate a plea deal and become a white hat hacker with a company or state agency somewhere. For the past 4 years, the hacker was literally 2km away from Romania's crime investigation unit, a 10-minute ride away.

Are there no roads in Romania?

[xxxJonBoyxxx]

>> 2km away from Romania's crime investigation unit, a 10-minute ride

I can run 2km in 10 minutes. Are we talking a rickshaw ride or are there really no roads out there?

Re:

[The Relentless]

"Mr. Potato Head! Mr. POTATO HEAD!!!"

Re:Are there no roads in Romania?

[pushing-robot]

In most big cities it's faster to walk 2km than drive, and Bucharest is particularly bad:

http://www.romania-insider.com... [romania-insider.com]

Re:

[TheCarp]

Or maybe its bumper to bumper traffic and he likes sitting in air conditioning. I would be in the car with him.

Re:

[Anonymous Coward]

Well, you have to walk across the parking lot to the car, use the non-through roads to get to the highway, navigate a mile or two of slow traffic, take the correct exit, and when you're parked, walk across the parking lot to the police station, unless it's drive-in. I'd say 10 minutes is an optimistic estimate. Don't forget that this is an American site: People need an estimate of the time it takes to drive 2km because they measure distances in multiples of body parts, and walking is something that you do t

Re:

[omnichad]

Nobody said it was a 2km drive - just that it's 2km away. In addition to the other comments about traffic / traffic control devices.

Re:

[antdude]

Bernie, is that you? That was offensive. :P

I hope they consulted a lawyer first.

[allaunjsilverfox2]

I mean, I can understand wanting to come in from the cold and all. But this seems ill thought out, all and all. From what little I know about Romania, it doesn't seem like a good idea to turn yourself over to the authorities with the corruption scandals going on. They would be more likely to give you a harsher sentence to prove that their precinct is "clean". But, like I said, I'm not very well versed in the country or its laws.

Re:

[rahvin112]

At least in the US such criminal conduct would automatically exclude you from any work with the law enforcement agencies. Your previous criminal conduct would be an issue in every trial of every investigation you'd worked on. I dare say your very involvement with law enforcement with computer crime convictions would jeopardize any case you touched. Now the spy agencies might be interested but there is no way the law enforcement groups would touch you with a 10 foot pole. And even the spy agencies probably w

Re:

[Threni]

> At least in the US such criminal conduct would automatically exclude you from any work with the law
> enforcement agencies.

I'm pretty sure some Anonymous members worked with US law enforcement!

Others, such as Kevin Mitnick, work privately.

"But even then you will need to be famous to pull a job because the company will have to audit every single thing you do."

Huh? Pull a job? Which company? You just work for - or start - a company and just get on with it.

Re:

[rtb61]

Oh no, you'll get plenty of work but do not expect to get paid much, working release from extended custodial sentences whilst producing good returns for those with the keys, for the tech slave not so much. Perform stay out of prison on token pay, don't perform back in prison and not just threats but, like right now and convince them over the next few weeks how you can produce results, this whilst back in the cells. Some number of years latter after an extended custodial cadet ship you might get a job where

Re:

[stoatwblr]

"From what little I know about Romania, it doesn't seem like a good idea to turn yourself over to the authorities with the corruption scandals going on"

Corrupt countries are more likely to cut a deal.

Neat...

[Anonymous Coward]

So a criminal has decided to get a real job, but he can't because he has committed a bunch of crimes, and employers might not want criminals working for them. Maybe he should have considered not committing crimes in the first place.

I don't feel much sympathy for him since people like him have caused so many problems for law-abiding citizens all over the world.

Re:

[Falos]

>he can't because he has committed a bunch of crimes
He couldn't as John Doe. If a headline screams "no longer incognito" then it follows he previously was.

But John Doe couldn't claim to be author of sketchier accomplishments, and Razvan decided he needed their double-edged merit.

I won't claim those were "right" or "wrong", or even opine on the wisdom-or-not of this latest move.

Re:

[AchilleTalon]

These days it seems crime no longer pays well enough to stay in business. That's hard time for everyone in IT.

Re:

[omnichad]

a criminal has decided to get a real job, but he can't because he has committed a bunch of crimes, and employers don't know it's him. They do want criminals working for them.

Fixed that for you.

Re:

[narcc]

It got down-voted because it was 1) completely offtopic and 2) for the last sentence, which gave away the posts true nature.

You should be modded down as well, as your post is also an obvious troll.

Re:

[Maritz]

Why did that get downvoted? Isn't that what black people believe?

I'm white. Do you think I 'believe' the same shit as you? Are you fucking stupid?

Re:

[tehcyder]

Every time I see the 100-meter dash I figure I'm watching a crime in progress: a gun goes bang and a bunch of blacks start running.

Yes, that is indeed what is meant by "a racist joke". Thanks for providing an example for all the people who have never come across one before.

Re:

[Maritz]

Yuck. Everything about that is creepy as fuck. Mainly that you're posting it here where it's not at all relevant. Your mind cannot be a fun place.

Nope. No way. No chance.

[Opportunist]

Relevant prior convictions are a surefire way that NOBODY in the industry will touch you with a ten foot pole.

Maybe, MAYBE someone would if someone is looking so they can demonstrate that they push you away.

Re:

[110010001000]

Um, you must be joking. Parts of the Infosec industry regularly hires hackers with convictions. It is "street cred" for that industry.

Re:

[gweihir]

Not for the serious part, i.e. the part that pays well.

Re:

[Fire_Wraith]

It depends which part of the industry you're talking about.

The corporate IT, comparatively white collar world? Yes, convictions are a kiss of death here, and even moreso in the government realm. But in the more wild-west style startup world? Maybe not so much.

It used to be much easier, especially for the earlier hackers, because they had expertise no one else did. As time goes on, that's less the case, especially for the more risk-averse sorts in the corporate/government spheres.

Re:

[gweihir]

I do not think his record is any good. LulzSec only ever attacked easy targets. The only difference to the average script-kiddie is the public grandstanding and the publicly celebrated nihilism.

Re:

[Jack Griffin]

I think you've been watching too many movies...

Re:Nope. No way. No chance.

[julien tayon]

What scares me is that given it is harder to recruit black hats and they have access to less qualified work force they do a pretty good job at defeating top notch major in CS.

Our HR recruitment process are clearly recruiting expansive work force, but not a good one.

I feel more and more uncomfortable with the actual lack of practical knowledge of dev/sysadmins/architects that comes out of schools to directly push stuff in production that are shit.

25 years I do this job, 25 years I know how to avoid SQL injections, 25 years I get fired for asking we remove these from our code base, as much as obsolete ciphers, shell injection, cookie theft, mechanism that result in amplification of DOS ...

Well, if computer industry want to lose the trust of their customers by not hiring competent workers, they began by losing mine.

And I do encourage people actively to back all their valuable they can from internet nowadays. This industry is irresponsible.

Re:

[Crashmarik]

There is an overabundance of really useless information in a computer science degree. Even much of what is useful isn't all that great for a particular specialty.

Re:

[Narcocide]

Nobody manually rotates polygons by doing the matrix math anymore, but you still have to learn it.

Its generally useless for most IT people to know how to actually count in binary, but they make you learn that too.

Re:

[Opportunist]

Nobody programs in ASM anymore, but if you know how, you will never ever fall prey to a buffer overflow, because you KNOW how they work.

Re:

[gweihir]

These people could do a good job of securing systems and software, but they are budget-constrained and management-constrained. The hackers have a lot more freedom. Also, the defender is always at a disadvantage. On the other hand, most IT systems never get attacked seriously because nobody tries. The hacker-problem is overblown (due to some obvious political propaganda interests), only those with really bad security get hacked. Yes, that includes quite a few that should know better.

Re:

[Maritz]

Everyone but him maybe.

Re:

[Opportunist]

There is one single reason we "overblow" it: Because it's very hard to get PHBs to understand that matter at all. They don't understand why a, say, SQL injection in the customer database is a problem. You have to give them a threat scenario they can understand. Sometimes this does seem a bit overdone, but that's not really far from what is actually possible if the risk hits you with its impact.

It is very hard to "sell" security to PHBs. Security costs money but will never earn any. It protects you against d

Re:

[Anonymous Coward]

Look it's very simple. Just because someone gets a CS degree does NOT mean the have the passion for the job at hand. This often means that people entering the field get a relatively good paying job, doing fairly low-end stuff and end up quite satisfied with where they are, and have no reason to expand their skills further.

This is exacerbated not only by burnout where people leave the field entirely, but also by the sheer lack of any qualitative measure of productivity or quality.

How many of us labour unde

Re:

[Opportunist]

Agile = micromanagement? Pffft, harmless. The norm is "agile = chaos, changing at the whim of the PM".

Re:

[quantaman]

What scares me is that given it is harder to recruit black hats and they have access to less qualified work force they do a pretty good job at defeating top notch major in CS.

Our HR recruitment process are clearly recruiting expansive work force, but not a good one.

There are a ton of extremely competent and trustworthy devs/sysadmins/architects who have never been blackhats, they just cost a lot of money because everyone wants an extremely competent and trustworthy dev/sysadmin/architect.

There's a tiny handful of extremely competent and really untrustworthy devs/sysadmins/architects who have been blackhats, they might do good work, but they also might get pissed off and decide your organization needs to be taught a lesson.

Do you really think Ghostshell will do such fa

Re:

[Narcocide]

Sadly, I have to concur with all your points, but I'm afraid that probably the incompetent hiring practices of the industry as a whole today is evidence that they never were counting much on the trust of their customers in the first place, and perhaps never really thought they had it, or cared. (Microsoft's general behavior since the mid-90's being a case in point.)

Re:Nope. No way. No chance.

[spacepimp]

Kevin Mitnick called; he said you are talking out of your ass.

Re:

[Opportunist]

Dude, that was the OLDEST trick in the book. How do you know it was really Mitnick? Dammit, didn't you read his book?

On a more serious note, Mitnick was long, long before corporations learned (sometimes the hard way) that people who don't like to play by rules don't like to play by their rules either. You can use that at the offensive side, but that's a part that few corporations have (and if, there sure won't be an ad on Craiglist), but you do NOT want such a person protecting your assets.

And while good se

Re:

[fredrated]

Didn't Mitnick get a job in the industry?

Re:

[Opportunist]

Maybe it depends on what you aim for. Personally, I wouldn't like to know that there is a glass ceiling keeping me from climbing any further because I did something to ensure no corporation trusts me enough, so I have to watch duds and idiots climb past me and create ridiculous rules I have to abide by.

Yes, the people you list there are all great security researchers. Well, except li'l Kim there. He's more the Kim Yong Un of IT security research, a loudmouth without anything to back it up, and the embarrass

Epic

[softnewsit]

Wouldn't be epic if authorities would just ignore him :))))

Re:

[iggymanz]

oh I think he'll get half his wish. he'll get arrested.

of course, he'll then go to pound-your-ass prison but hey free room, board, and sexual partners. if he smokes he could marry the one with the most cigarettes.

Re:

[Bob_Who]

he spent two weeks at one of those touchy-feely "find yourself" courses and thought he should capitalize on it.

Yeah maybe...but I was thinking he finally got a girlfriend.

Perhaps she goes to church, and she won't live in sin. He can worship at her alter, or take vows there, after he repents

Why hack for pr0n when you can finally milk a holy cow.

Young love....

Moo.

No chance

[gweihir]

Too young, not enough experience, no proven skills (hacking _something_ is easy, as long as it does not have to be a specific target), criminal record.

Not so sure about this ploy ....

[King_TJ]

I mean, if you're a "well known" hacker, people in the industry doing hiring should be aware of you already. Getting arrested doesn't seem like a big benefit to me? (If you were good enough not to get caught, that should say enough about your talent. With the criminal record, you just limited your employment options, even if it enhanced your credibility in a few other, select areas.)

I can't speak for the situation over in Romania, mind you. But here in the U.S., there's apparently a real problem where law

Re:

[Joe_Dragon]

well we need to change the pot laws like we did with prohibition. Just think how hard it would of been to find people if just drinking beer got you black listed for life.

Re:

[Megol]

If you are proud of that why not post logged in?

Re:

[Maritz]

You think you're making a brilliant point, don't you. ooh, people call people racist, and they're stupid and mean and wrong.

I don't give a fuck about labelling you racist. All I care about is that you're a petty small minded fuck. Racist tendencies just come along for the ride with that.

It's a bold strategy Cotton...

[barc0001]

I got nothin' else. This just seems to be one of these "insane enough it might work once" moves.

Easier Job Choice: Cybercrime?

[Noble713]

What does it say about the state of the Eastern-European cybercrime industry if a hacker would rather transition to a White Hat instead of "lat moving" into full-on cybercrime? Is it not financially viable, even for a guy with his skill level? Is it too risky due to violence from competitors (cybercrime mafias are still *MAFIAS*)?

I think the opportunity costs of his options are more interesting than him doxing himself.

*turns himself in

[fph il quozientatore]

s/doxes/turns himself in.

Can we please stop using random neologisms-du-jour and get back to real language?