Criminals Target Tech Students With Job Offers

An anonymous reader writes "BBC News is running a story on criminal gangs targeting tech students. Some of these outfits offer to pay for an education in exchange for the student's employment on graduation in criminal hacking activities." From the article: " As the number of criminal gangs looking to move into cyber crime expanded, it got harder to recruit skilled hackers, said Mr Day. This has led criminals to target university students all around the world. 'Some students are being sponsored through their IT degree,' said Mr Day. Once qualified, the graduates go to work for the criminal gangs. As well as the direct route of targeting students, some organised crime gangs were trading on the glamour surrounding the 'hacker' label to help them recruit impressionable youngsters..."

surprised?

[Xolom]

it's a better job offer than the other offers most kids are going to get, and it appeals to their interests... why are people surprised?

Re:surprised?

[ScentCone]

it's a better job offer than the other offers most kids are going to get, and it appeals to their interests... why are people surprised?

Um... for the same reason people might be surprised if non-crazy students who spend their years in college studying chemistry would look for "sponsorship" from a group that tells them they'll be building suitcase bombs for terrorists? Or an engineering/architecture student that's told they'll get a free ride through college as along as they agree to help break into banks once they graduate? This isn't any different.

Re:surprised?

[Planesdragon]

This isn't any different.

It's significantly different. One is treason, another is abandoning a lucrative private enterprise for crime, and the third is a resort of despiration for those with few prosepcts.

The morality, ethics, and legal response to each of these is different. You might as well claim that vehicular manslaughter and driving with a cell phone "aren't any different."

A new medium for an age old problem

[Mikachu]

This isn't anything new really. I mean I even feel redundant saying this. Where there's commerce, there's crime. Where there's crime, there's organization. Gangs have simply moved on from convincing kids on street corners to steal some stuff into convincing kids in chatrooms to hack into some websites. It was only a matter of time.

Hack what ?

[jfclavette]

Say what you will, hacking (cracking, don't throw a fit) isn't exactly easy nowadays. Can anyone here honestly tell me that they can get me access to a given business's clients database in the next 48 hours ? Didn't think so. So what are the gangs getting out of this ? Are they getting on a hype bandwagon ?

Re:Hack what ?

Wow, that has got to be the most clueless comments on the topic that I have ever read. No offense meant, but really, c'mon! Where have you been the last five years? Hacking hasn't only gotten a lot simpler, with all the automated tools that exist nowadays, but also become much more profitable. The increased profits are largely a result of botnets and the ease one can build one with using readily available tools and the huge number of clueless people on a broadband connection (something that also didn't really exist 5-10 years ago). You can spam people cheaper, install popups cheaper, steal their banking information cheaper (more people do internet banking now than a couple of years ago), and so on.

In short: there's more of everything. More software with more vulnerabilities. More automated tools. More clueless users. More bandwidth in their pipes. More profitable internet companies to blackmail (using DDoS). More companies interested in buying tools and information. Etc.

If there was ever a time to a criminal on the internet, now is it.

Hoax maybe?

[UbuntuDupe]

This seems like a monumentally stupid way to recruit hackers. Let's see, leave a public record of you funding a student (rather than cold cash), then when he graduates, tell him, oops, you want him to break several laws. "Oh really? Well, thanks for the free education. Hey feds, over here!" *gets witness protection* *gets guaranteed income for life* *eliminates obligation to employer*

In order for this to work, you'd have to credibly threaten or capture a loved one. But if you've got the techie that way, ... er, why do you need to pay for his education again?

Re:Hoax maybe?

[Massacrifice]

Well, if they start by requiring the would be hacker to "prove" himself (or herself?) worthy by doing something illegal, they can then blackmail him into doing more. I would assume that criminal activities start before the end of the studies. If the studies ever get completed, that is.

Re:Hoax maybe?

Would you really be willing to break contact with your family and everyone you know and commit to a life of fear just to pay school tuition?

Re:Not likely...

[presidentbeef]

I kind of see your point...but doesn't the military already do this? They offer to pay for college, you agree to serve for 6 years or whatever. Does it make a difference if it's a private company?
I know that some companies will help pay for your education if you agree to continue working for them for a certain amount of time after your education is complete. It's not so different, right? This is just getting them younger.

Of course, my original comment was more of a joke :)

Re:Hookers as Employee Benefits!

[NotFamousYet]

Actually, it is true that what most tech-savvy people expect from an IT job is a good combination of comfort and challenge (see Google's very long list of fringe benefits).

If you're a student, such an offer is definitely more tempting and self-rewarding than working in a cubicle.

Re:Not Much of a Surprise.

[Lehk228]

if an attacker had access to wal*mart's systems, shutting them down for a few days would be a bad way to do it, instead attack trust and dependability.

screw up certain shipments for holidays, occasionally add an item or three to credit card purchases, add a hundred bucks to random debits.

then at the end transfer all credit card numbers, debit card numbers, signatures, and PINs to a third party


halting operations would be bad for walmart, leaking EVERY SINGLE credit card transaction processed by walmart would be much worse long term.

the attack could be even more effective if the pharmacy/medical records kept could be leaked. people get pissed when their viagra perscription gets posted on the internet

Re:Not likely...

[Marnhinn]

True, but only to an extent.

Many companies offer benefits in return for service (as you mention), the difference isn't in really in what the companies offer, it's in what they do.

If we just looked at offers - then there is not much difference between a lobbyist giving a politician large sums of money and someone donating to charity. Both are giving money away right? But the law looks at more than action - it looks at intent (thankfully). Which means that accepting money from a criminal enterprise is very different than accepting money from a legitimate company.

Hey, wait, it's McAfee

[nbauman]

Did anybody notice that this BBC story is based entirely on a report, "McAfee Virtual Criminology Report http://www.softmart.com/mcafee/docs/McAfee%20NA%20 Virtual%20Criminology%20Report.pdf and an interview with one of its authors?

This report -- from 2005 -- doesn't have anything that you couldn't have already read on Slashdot or the newspapers.

The BBC didn't check McAfee's claims with another source. The McAfee report doesn't say anything about criminals paying tuition for students to study computer science. The McAfee security analyst didn't give any details. The BBC didn't ask him the obvious question, "How do you know?" Did he talk to a student like this? Did he find it in court records? Or did he hear it from another security expert after a few drinks?

Has McAfee been reliable in the past?