Slashdot Mirror
Hack a Million Systems and Earn a Job
An anonymous reader writes "It has been a number of years since the fantasy that hackers will be offered a job by those who they hacked was even a potential reality, but this might still be the case in New Zealand. An 18-year-old hacker responsible for writing a number of applications used by an online group called 'the A-Team' that allowed the creation of a million-plus machine botnet and a range of credit card fraud activities to take place, has walked free from court sans conviction despite pleading guilty. And to top it all off, the NZ police force were interested in talking to the hacker about working for them, and 'several computer programming companies' were also chasing him for his skills."
This has been on the news for awhile in NZ, the funny thing is the paper the other day said tens of thousands, then another one said hundreds and now it's a million!
Awesome.
This guy has already proven that he will break the law. By working for the police department, he can write the systems for them, then later leave and hack their system. The guy has already been proven that he can't be trusted, so why work with him.
Honestly, he's an 18 year old with Asperger's. In other words, he's a lonely teenage nerd, with a literal handicap in the personality department. The only thing to do is give the kid a job.
Asperger's, like autism, makes cause and effect a little difficult to process. That said, people with Asperger's also tend to be very methodical (as his computer expertise can attest.) Setting down a clear set of expectations for him about how to behave in the computing realm is difficult, but it's not the same thing as trying to reform a hardened hacker. He's young, and he's not entirely with it, at least not in terms of personal interaction. I imagine that's exactly why he hasn't been charged.
Some more context might be useful. Walker had mild Aspergers syndrome; criminals were paying him to work, but the judge believed that he was unaware of what they were doing with his work. Even the crown prosecutor acknowledged that he had not profited financially, nor had he used the botnet (which, I guess, he helped make) for fraudulent purposes.
Summary: Aspergers kid develops amazing programming skills; gets exploited by bad guys; when it all blows up his family starts paying more attention to him and he gets more sociable. Judge realises that he done wrong, but he didn't mean wrong; sending him to prison would ruin his life and cost taxpayers money, whereas keeping him out of prison will let his family set him straight and turn him into a profitable, functioning member of society.
Repton.
They say that only an experienced wizard can do the tengu shuffle.
This was not a step back for mankind - that happened many years ago. I saw only steps forward or sideways here - that's a pretty hefty fine for a kid, and he'll actually have a chance at doing something that isn't entirely socially destructive now. The alternatives (conviction and incarceration or parole) would just be destructive to him and worse than useless to the state.
If they jailed every 18-year-old that somehow didn't get a good sense of right and wrong from watching MSM, society would implode overnight. And just jailing some of them won't have any effect on the behavior of the rest.
Sorry, no solutions here - the problems are beyond my ken.
cogito ergo dubito
Yes, that's a brilliant idea. Piss off a hacker and then give him access to sensitive systems. I'm sure they have someone just as smart as he is to check what he's doing.
Random Thoughts From A Diseased Mind (Not For Dummies)
Personality disorders such as Aspergers can be debilitating, but at some point we must all take responsibility for our own actions. No one else can.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
I'm sorry, what was that? I was too busy looking up electric bus timetables with my second-gen iPhone.
Fool me once, shame on you. Fool me twice, watch it -- I'm huge!
Corrective justice > Retributive justice.
Fool me once, shame on you. Fool me twice, watch it -- I'm huge!
who the hell said he'd get access to sensitive systems? He can work independently of their system. Hell, they can force him to work from home. If he violates any more laws, then it's more time.
Help fight spam
1. Nothing is stopping him from doing a little work "on the side". You hiring him does not mean he is not going to write rootkits. It also doesn't mean he's not going to take money to work against you.
2. He's gaining knowledge of your systems. When someone later outbids you, he's not only working against you, but doing so from a stronger position (while at the same time denying you any benefit you might have gotten from him).
Hmm if I believe that it is stated in one of the fables of hackerdom that a hacker will be miserable and unproductive when forced to work 9 till 5 but will happily work from 12 till 2 AM. Perhaps forcing someone to do something they would gladly do of their own free will makes things worse for everyone.
Actually, I think your fable holds at least a little bit true, at least in my case. I work ~9-5 because it allows me to take care of myself and my family financially and because I believe in the work that I do. I worked my butt off in school to prepare myself for that.
Working on hacking systems, gaining unlawful access, collecting random accounts, etc? That was just juvenile fun that I got a great kick out of back in my youth - And it was all done mostly for free (my only benefit was free internet access through hacked accounts - that was all that my conscience would allow me to steal, although I had ample opportunity and admit to getting an ego-boost out of that fact - I was a just a talented juvenile delinquent). And, 12-2 AM were preferred hours for that kind of work. I stopped because I wanted to avoid jeopardizing future employment. But, despite being more satisfying on a number of levels, I would not say that my ~9-5 work now is ever as "enjoyable" as my history of 12-2 AM residence in hackerdom.
He's getting rather old, but he's a good mouse.
Consider: 1% (or thereabouts) of the adult population of the US is in prison. Is this application of justice serving us?
If it keeps people with a history of burglary from robbing me? Yes. If it keeps the people with a history of murder from killing me? Yes. If it keeps the kids off my lawn? Well, kind-of.
OT - If it keeps otherwise law-abiding adults from smoking weed or people from using sex-toys in their own homes? Fuck no.
He's getting rather old, but he's a good mouse.
Do you see prison and tougher sentances as a deterrant? I don't. Unlike what I hear quite a lot of, I'm not personally convinced that the possibility of longer sentances even occur to most people before they commit a crime. Many are probably not even considering the possibility of getting caught, or just thinking it's unlikely.
Personally I'd prefer that people didn't offend in the first place, and that people didn't re-offend when they got out of prison. There are much more fundamental and more complex issues to deal with in that respect.
Like I wrote back in 2001 Hiring hackers - why it might not be a good idea
There has been a long, ongoing debate about this issue, and recently it has resurfaced in public. Should companies hire hackers convicted of computer crimes? The general theory is that these "hackers" are elite commando style computer security experts that can tighten up your network in a weekend marathon of pizza and pop. Often nothing is further from the truth.
The first concern I would have is: are these people really any good at computer security? Now this may sound like a rather silly question, but it bears asking. The most obvious clue would be that they have been caught and convicted of a computer related crime. If they are such great "hackers" why did they get caught? Kevin Mitnick, a very famous hacker, was caught several times, and spent time in jail. Most hackers possess very little actual skill. They simply follow in the footsteps of others. It is very easy to download precompiled exploit scripts from sites such as rootshell and then use them to break into systems. Even assuming for a moment that this person has any advanced computer security skills related to breaking into networks, this does not mean they have the skills needed to secure networks. It is one thing to find a weakness and exploit it, but it is an entirely different matter to fix it properly.
Securing a network takes a lot more then plugging a few technical holes. Even if I were to walk into your network and fix every single existing problem, it would not make your network secure. Security is a procedure with many steps, assessment, definition of needs, planning, implementation, review, and so forth, which amounts to a never ending cycle. Even if you hire a brilliant hacker that secures you against all known attacks, new problems will crop up. Even if your hacker has these qualities, their ethics are extremely questionable. There is a famous saying among lawyers: "never put a perjurer on the stand", which boils down to "if you know he's lied before, chances are, he might do it again". How can you trust your newly hired hacker not to slip backdoors into the system that they might later exploit. While it is true that any trusted employee might try to do something like this it certainly seems silly to put yourself in a higher risk category.
A company has a fiduciary responsibility to stockholders. They are entrusted with their stockholders' money and are expected to make decisions that will increase it without unnecessary risk. Engaging in high risk behavior means legal liability. For example, would it be reasonable to sue the corporation for not taking proper care and responsibility in hiring someone they know to have offended before? Considering the position of trust most security administrators are placed in (they have administrative access to servers, monitor users' network usage, read incoming and outgoing e-mail and so on) is it really wise to hire these people? A person with administrative access to a server, or physical access to the network can break into systems and leave backdoors with nary a trace. Would you expect a bank to hire criminals convicted of armed robbery to transport money on the grounds they know what to look out for? Would you hire a burglar to install the alarm system for your house?
While it would be nice if all criminals that got caught were rehabilitated, used their skills for good rather than evil, and never offended again, this is not a perfect world. By breaking the law, for whatever reason (curiosity, maliciousness, etc.) they have chosen to violate rules generally accepted in most countries and societies. They have (at a bare minimum) shown poor decision making, and while they may not specifically want to re-offend, they may be tempted by a short term gain and take a chance (as they have in past).
Summary
While it is possible to find a convicted hacker with the skills you want, it is exceedingly ra
I'm not sure I trust that setup. At the very least wouldn't he need an honest desire to help out? You really can't "force" somebody to do work like that if they don't want to.
Maybe not
Yeah, because criminals are evil people who need to be locked up! Not fellow humans with issues. I'm not saying compassion absolves a person of their responsibility, it doesn't, but too many people seem to have this black and white view on justice, crime, and human nature.
Owen is a friend of mine. Perhaps you can refrain from that sort of comment.
Yeah, because criminals are evil people who need to be locked up! Not fellow humans with issues. I'm not saying compassion absolves a person of their responsibility, it doesn't, but too many people seem to have this black and white view on justice, crime, and human nature.
Criminals need to be locked up rather than given consultancy jobs because that will encourage other people not to be criminals. I'm sorry if this is too black and white for you.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
The guy has Aspergers Syndrome. If you don't know what it is or haven't lived with it then you wouldn't understand that the court decision was made to gain the best outcome for him and for society. Punishment for the sake of punishment would not benefit anyone here.
We have laws. People that break them get locked up. Otherwise criminals could just bullshit about how they have assburgers and ADHD and poor relatives when they were caught and get away with it. In fact in your scheme they might actually get rewarded with a cushy consultancy job.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
Actually, people that get caught get locked up. You probably have broken the law a few times yourself, whether it's speeding or recording songs of the radio and listening to them more than once, whatever. Going over the speed limit by 1mph makes very little difference out on a freeway, and you're saying that even if you do that by mistake, or because your car's speedo is slightly off, you're suddenly a 'criminal'? GP was simply trying to point out that not every person who has broken the law is a murderer or evil person, they could be someone who has otherwise been just like you or me, but were in a bad situation and made some stupid calls. They still should be held responsible for their actions, but it's not a great attitude to always think you're somehow "better" than someone who has never broken the law. Especially considering some of the crappier laws that are in existence. Are people who fight against things like prohibition deserving of prison?
which is totally what she said
We have laws. People that break them get locked up.
I shed a tear for the human race every time I hear a someone claiming that you should always stay on the right side of the law.
Laws should follow morality, not the other way round. Government by the people, for the people.
This guy was helping people steal credit card numbers, he's not someone that broke the law because of his conscience.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
I would agree - usually young hackers and pirates don't really feel that they are doing anything wrong in a moral sense, and I was right there with them when I was a teenager. We thought it was fun and challenging to hack and pirate (and phreak, but that died shortly after I got into it in the early 1980s). Should people that didn't do it maliciously be punished for a crime they didn't think was harming anyone? It's a very subjective issue - are you hurting someone because of what you are doing? Did you know that you were hurting someone? Were you acting maliciously?
Put another way, consider a yourself with a gun. You know guns are dangerous, but somehow you point it at me and shoot me in the face. Pertinent questions like did you know it was loaded? Did you intentionally point it at me? Did you intend to kill me, or were you completely surprised there was a bullet in it at all? Did you trip over a log and accidentally pull the trigger while falling? Some of these conditions will get you thrown in jail (or worse), others you'll walk away scot-free.
Yep, this makes me sick. Let's see, hire a hacker to protect your systems. What a great idea! I mean, what are the chances that he will steal all our sensitive information and sell it? What are the chances he will steal our customer's data and ruin our reputation as a business so no one will ever deal with us again? I have a better idea, we will be proactive about it and make the whole thing public, so people can stop doing business with us now rather than after we get screwed! Hire a professional. Hire someone with ethics. There are a lot of people who know how to hack. Some of us choose not to because of this, umm, ethical thing. We realize that we should do the right thing. Next thing you know assassins will be hired to protect people, and bank robbers will be hired as Brinks truck drivers. When will business "get it?" Wait, that was a stupid question. Morons.
Open Source: Eroding the Digital Divide