Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese Worm Creator Gets High-Paying Job Offer In Prison

Posted by Zonk on from the now-i-see-what-it-takes dept.

martinsslaves writes "The recently imprisoned creator of China's worst computer virus ever (worm.whboy) has now been offered a job paying millions of yuan from his prison cell. He's actually been offered several, and one of the companies that has offered him the position of Technology Director was actually affected by his virus. The General Manager there now believes the virus writer may have just been 'led astray'. The media is reporting that author Li Jun originally wrote the virus due to frustrations over being jobless. 'So far, about 10 network companies across the country have offered jobs to Li, whom they regarded was a "precious genius," the report said citing Li's lawyer Wang Wanxiong. Li's cyber bug, which earned him about 145,000 yuan after selling it to other hackers from December 2006 to February this year, can prevent infected computers from operating anti-virus software and all programs using the "exe" suffix.'"

19 of 148 comments (clear)

  1. This used to happen in the US by kill-9-0 · · Score: 3, Interesting

    In the 80's if you got caught hacking, you might get some jail time, and get your gear confiscated, but often you were also offered a job.

    --
    Liberalism...the next best thing to thinking.
    1. Re:This used to happen in the US by Opportunist · · Score: 2, Funny

      Not only in the US. There've been others who were found and offered the choice of jailtime or working for the company.

      I wonder how many look back and wish they'd have taken jail...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:This used to happen in the US by Creepy · · Score: 2, Interesting

      Not just companies - the FBI. One of the first major pirate groups busted in the United States had members that worked for the feds in lieu of jail time or juvenile hall (the Super Pirates of Minneapolis [SPM]).

          As a kid I went to church with an FBI computer crime guy (and his kid) and knew a good chunk of the group that replaced the SPM - a group called the Midwest Pirates Guild - from school friends and hanging out on BBS's, so I heard a lot of info from both sides. It was kinda weird knowing the "good guys" and the "bad guys" and almost humorous watching the FBI guy give computer crime talks and use cracks by people I knew as examples. All the people I knew personally that were involved moved on to respectable careers not involving crime, so it isn't always a bad thing to employ them (and many were involved in other crimes such as hacking and credit card fraud, the latter of which would make me want to string them up, having been a victim).

      If you've seen the movie "Catch Me If You Can" you'll see another criminal-turned-FBI informant.

  2. Oh god... I predict "resume spam" soon by erroneus · · Score: 4, Funny

    The more people like this get tremendous job offers, the worse I see things getting since they are ultimately being rewarded for their behavior.

    To that end, instead of "stocks" in images and PDFs, I predict the next round will be resumes flying around!

    1. Re:Oh god... I predict "resume spam" soon by scubamage · · Score: 3, Insightful

      Are you kidding? This is HOW security comes into being. If no one compromises security, exploits holes, and shows people the errors that exist they will never get patched. That is why black, white, and gray hats exist. Its like yin and yang. Devs write something, black hats find holes, and the white hats fix it. If they can do it all in house, everyone is better off. Whose the one really to blame, the company who writes the shoddy software with gaping holes in it, or the guy who walks in through those holes?

    2. Re:Oh god... I predict "resume spam" soon by Nos. · · Score: 2, Insightful

      Its a little more complicated than you make it out to be. "Black hats" should never be offered a job by a company that gives a damn about its reputation. You don't reward people for committing crimes. Secondly, you don't have to be a black hat to look for security holes, and you don't have to look for security holes in other peoples' things.

    3. Re:Oh god... I predict "resume spam" soon by Jarjarthejedi · · Score: 4, Insightful

      Better yet let's be a little more specific. Let's ask victims of lock-picking burglars who were caught (the burglars) if that burglar should be offered a job making sure that other, uncaught, burglars can't pick the locks of that company any more?

      I'd feel a lot safer if a burglar who was extremely good at lock picking was unable to pick the locks I was using. Same goes for security, if you have someone who is a professional hacker trying to penetrate your system you're going to find problems a lot faster than if you just have another White Hat, whose more concerned with patching holes than finding them, looking around.

      --
      There are two kinds of fool One says 'This is old therefore good' Another says 'This is new therefore better'- Dean Ing
    4. Re:Oh god... I predict "resume spam" soon by jollyreaper · · Score: 4, Funny

      The more people like this get tremendous job offers, the worse I see things getting since they are ultimately being rewarded for their behavior. CEO's get rewarded for ruining companies, isn't it time the same courtesy is extended to the IT set?
      --
      Kwisatz Haderach
      Sell the spice to CHOAM
      This Mahdi took Shaddam's Throne
  3. Maybe not so new by east+coast · · Score: 4, Funny

    From the blurb: Li's cyber bug, which earned him about 145,000 yuan after selling it to other hackers from December 2006 to February this year, can prevent infected computers from operating anti-virus software and all programs using the "exe" suffix.'

    Navidad did kind of the same thing but it seems to be a coding mistake more then the intended purpose of the virus.

    Just for the record: I didn't read the article.

    --
    Dedicated Cthulhu Cultist since 4523 BC.
    1. Re:Maybe not so new by Anonymous Coward · · Score: 2, Funny

      One guy wrote a virus that tricked users to think the virus was update to their windoze boxes.. After users installed the virus it wrote annoying messages to them all the time.

      He was hired later as a WGA expert-developer.

  4. well yeah by circletimessquare · · Score: 4, Insightful

    the only real way to ensure security is to have it constantly challenged. that's a job. and this guy did a good job of doing that. thus, he earned the income

    which means 2 things:

    1. there is no security in an environment where the security doesn't get challenged and defeated every now and then. or get's challenged, and the fallout kept secret

    2. go ahead and make virii and worms. just make damn sure the payload is harmless or simply annoying. if the worm this guy wrote did something really nasty, you can be sure he wouldn't be getting kudos and job offers

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  5. Re:Pfft by Applekid · · Score: 4, Informative

    and all programs using the "exe" suffix. so.... how did windows boot?

    IIRC, the virus modified the registry entries which tell Windows how to handle .exe files. Booting up is fine. Once the system's up, every time explorer tries to launch an .exe, Windows wound up checking the registry for what it should do with the file. The registry modification removed the "magic" that told it that it's an executable.

    I remember at work someone convincing me it was a good idea to copy the .exe registry class into another one, say, .myinitials, so if the .exe registry settings got clobbered I could always rename regedit.exe to regedit.myinitials and fix it.
    --
    More Twoson than Cupertino
  6. The familiar meme evolves by Dystopian+Rebel · · Score: 2, Funny

    1. Lose job.
    2. In despair, write a Windows worm.
    3. PROFIT.
    4. Get caught, go to jail.
    5. ???
    6. PROFIT.

    --
    Rich And Stupid is not so bad as Working For Rich And Stupid.
  7. The Chinese will learn, too, eventually... by Opportunist · · Score: 5, Insightful

    The "West" learned in the 80s. You do NOT want those people in your security department. Yes, they have the skill, but they don't have the ethics. And that's the big deal here.

    You will not get a job offer here for writing a virus. No reputable IT sec company will touch you with a 10 foot fiber cable. Yes, you obviously have the skill, but you lack the morals not to use it for what you've done.

    What is really lacking in today's IT world is lectures and courses about the topic. Do you see many universities teach you something about malware? How to exploit a system? How to look for security holes? Yes, very controversial topic, but it's necessary. I mean, where are you supposed to learn that? Self study takes a long, long time, time you don't have in today's IT sec world where what you learn today is dead weight in a month. And, well, self study is usually only done by people who have an interest in applying that knowledge, and rarely for good...

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:The Chinese will learn, too, eventually... by dark404 · · Score: 2, Informative
      Do you see many universities teach you something about malware?

      Um... yes? Actually, where I go there's an entire CS Masters concentration dealing with the subject along with digital forensics topics...

  8. Offered a job for your crime by craigkup · · Score: 3, Interesting

    It's like you robbed a bank, but you did it so well the bank wanted to hire you as security to protect them.

  9. Re:Pfft by dcollins · · Score: 4, Funny

    Dammit. Screwed again.
    - Eugene Xavier Edwards

    --
    We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
  10. on hiring the insecure and the vengeful by westlake · · Score: 2
    The media is reporting that author Li Jun originally wrote the virus due to frustrations over being jobless.

    You hire a guy with a record with of lashing out against the world when he meets with life's frustrations. What next? Do you offer him lifetime job security and rebuild your IT infrastructure every time he twitches?

  11. Give him a job only after... by Simonetta · · Score: 2, Interesting

    I believe in fairness. Everyone needs to work productively. So yes, give this guy a job.

        But only after he has spent MANY years in jail, and has reimbursed all the people who lost work and data directly resulting from the virus being on all the computers affected by this crime.

        So if this criminal has written and released a bit of secret code that wipes out data a hard drive, then he (always a he) should be required to compensate for the cost of collecting and entering this data. He must also be responsible for loss of income and profit in all the companies infected by his virus code.

        If he is still interested in coding after all the effort and expense that he must do to correct the bad effects of his deliberate action of writing and releasing a destructive virus, then he should be allowed to do so.

        But not until all the compensation has been made. It doesn't matter if this criminal is a coding genius, we can always get the same results from having more ordinary people working on the same coding problem as a lone genius.

        What I'm saying is that regardless of any individual's coding skills, if this individual causes millions of dollars of damage, he should not be allowed to work in this industry.