Slashdot Mirror
Hack a Million Systems and Earn a Job
An anonymous reader writes "It has been a number of years since the fantasy that hackers will be offered a job by those who they hacked was even a potential reality, but this might still be the case in New Zealand. An 18-year-old hacker responsible for writing a number of applications used by an online group called 'the A-Team' that allowed the creation of a million-plus machine botnet and a range of credit card fraud activities to take place, has walked free from court sans conviction despite pleading guilty. And to top it all off, the NZ police force were interested in talking to the hacker about working for them, and 'several computer programming companies' were also chasing him for his skills."
According to a local story he was discharged without conviction because he didn't show criminal intent, rather he was he motivated by proving his abilities, and conviction would be unduly detrimental to his future prospects.
The NZ Police force have stated they are not offering him a job, yet somehow all the NZ media are saying companies are lining up to offer him a job. I've seen nothing but speculation and rumours.
While it's unfortunate that he has a form of Aspergers, the kid should have been convicted.
In a situation like this, why *not* co-opt them? If the damages can be undone or leave no lasting harm, it surely makes sense to channel and redirect that skill. Sure, credit card scams and phishing attacks can ruin lives in worst case scenarios, or otherwise cause a great deal of inconvenience, but no extraordinary or lasting damage should have been done in this case once things have been set straight. Chalk up another point for the perils of data security in the modern world and put him to work in community service, have him serve a jail sentence, or...make use of his skills to help better the community he put at risk. Criminals are not always prone to repeating their crimes and he wouldn't do anyone much good if he's left uneducatced or put behind bars - the best he can hope for then is a job that won't pay much and leaves room for him to consider using his skills for selfish reasons. Better to put valuable skills to good use in the midst of professionals who could keep an eye on him and train him. It's not their place to try and instill a desire to follow the law, but they can certainly make it to his advantage to do so. And I'd think it more of a deterrent to know you're working with professionals that would be slightly harder to sneak something past than your average law enforcement. You run the risk of just creating a better criminal, but you also have the chance to create a better law enforcer.
An 18-year-old hacker responsible for writing a number of applications used by an online group called 'the A-Team' that allowed the creation of a million-plus machine botnet and a range of credit card fraud activities to take place,
Hah, I'm assuming there's some exaggeration taking place here... and from the sounds of it they're on the same Old English ego boosting bender those kids are probably on after doing something remotely notable.
On the Oregon Cost born and raised, On the beach is where I spent most of my days
Why would you want to be a F1 driver? It's the Rally drivers who get all the hot girls.
As for the NZ Police trying to employ the best hacker they failed to convict? Freaking Briliant IMHO.
Sure it will be togh to keep him out of crime and they may have to imprison him at a future date. On the upside, monitor him will be a lot easier when the police own his hardware and network. And all without violating any kind of civil liberties since he is an employee.
On top of that, Ciber crime, Fraud, Forgery etc.. are crimes of misdirected intellect. It takes a mind at least within the range of a clever criminal to capture him. Making this kid potentially quite useful.
--= Isn't it surprising how badly I spell ?
Without going into details, I got my start as a software engineer by hacking into a well known corporate system and being offered a job. I didn't get caught, but rather let them know about it (in a very nice way!) This was more than 20 years ago now, so I dare say the climate towards benign systems hacking is probably a tad more hostile today. Intent and methods probably saved my bacon, even then.
}#q NO CARRIER
I worked as tech support for a small local isp a few years back, and this kind of thing happened to a guy who was hired with me. When we were all sitting in the conference room getting the legal brief, one of the stipulations was something like, "You cannot work here if you've ever been convicted of a computer hacking-related crime" or something to that effect.
The lady said it with that haha-I-know-no-one-in-this-room-is-that-smart kind of way, but the guy sitting next to me got real quiet and asked if he could talk to her outside. Turns out he cracked into a bunch of university computers down in georgia or someplace and it was a pretty big deal, and he had used this local isp as his springboard. It was iffy for a while but they gave him the job anyways, since he did the crime when he was a young teenager.
Reubens, if you're reading this, feel free to correct me if my details were wrong.
-b
No offense, but I've stopped responding to AC's.
Followed this case closely.... especially the thing that brought him down: a UPenn student named Ryan Goldstein, aka Digerati...
http://lamp.dailypennsylvanian.com/thespin/2007/11/29/penn-student-enters-the-matrix/
A wannabe hacker who got kicked out of an IRC group frequented by a group called Splinter Security for being a pedophile:
http://www.scriptkitty.net/files/Digerati-Exposed.zip
[NSFW]
Whose teenage angst could not be contained... and hired a NZ skript kiddie named AKILL... who agreed to use his botnet to do a DDOS against TAUnet... as this would somehow make Splinter Security Group realize how much of a mistake they'd made in banning Ryan for being a pedo and beg for him back.
IN EXCHANGE FOR THIS: Ryan offered up some bandwidth on an engineering lab server so that AKILL could update the code on his botnet.
The way they got caught: As it turns out, people notice when your 40,000 node botnet tries to download an executable off of a server that normally sees no activity.... ALL AT THE SAME TIME. As it turns out, that server crashes, the traffic doesn't stop, people notice something's wrong and call the feds.
It's all quite funny.
As a society, we need to realize that criminals or 'outcasts' (for whatever reason) can be extraordinarily intelligent. As a society, we need to learn how to harness their skills.
Frank Abagnale (the main character of said movie) turns from a check-forger into a designer of secure checks... by using his knowledge of what's hard to forge. We're all better off as a result.
There was a kid a couple of months ago who had the creative and technical skill to make a CounterStrike map of his school. I sure as hell can't do that. Now instead of letting him do an independent study in game design or 3d modeling, or even teach a class (after school or whatever), they sent him to a 'special' school (where they send all the stupid bullies).
We need to give people who possess this intelligence another outlet.... otherwise they'll continue to eat our lunch. Being on the wrong side of the law is obviously more interesting, which is presumably the appeal - a Google-style approach of 'work on cool projects on a flexible schedule' ought to keep them interested enough to do productive work.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
letting some criminals off easy due to their "usefulness", then yes, it's a step backwards for justice.
damaged by dogma
This guy has already proven that he will break the law.
No he hasn't. He wasn't convicted, so the judge considers that what he did didn't break her interpretation of the law.
From TFA:
"despite admitting to his role and his authoring of the software that is certain to have led to real losses (estimated by the FBI at more than US$20 million) for not only the owners of the machines infected in the botnet but also those who had their credit card details stolen, and those who were targeted by machines in the botnet"
He's guilty whether or not the court found him so because he admitted to the criminal activity. Given that he did so the prosecution might well have good grounds for appeal.
If there's one thing society needs to reward, it's extortion. Hiring this asshole is no better than hiring the mafia for traditional police services. They've shown excellent judgement and social conscience up to this point, so surely we can expect them to continue to do so once hired, right? Pay me, or I'll hack/beat/rape/kill you!
Hmm if I believe that it is stated in one of the fables of hackerdom that a hacker will be miserable and unproductive when forced to work 9 till 5 but will happily work from 12 till 2 AM. Perhaps forcing someone to do something they would gladly do of their own free will makes things worse for everyone.
I may agree with what you say, but I will defend to the death your right to face the consequences of saying it.
Why is this modded Funny? In this case it's a perfectly reasonable justice system. He's already been fined NZ$15,000 (~US$11,000) which would likely be a lot for him.
The judge looked at the situation and the context (including the fact that he's autistic), took into account that the police weren't too interested in seeing him in jail (NZ police are interested in actually preventing crime rather than simply locking people up), decided he's young and is probably unlikely to do it again if given a second chance, took into account that he's received other forms of discipline already, noted that he'd actually realised and accepted the consequences of what he did and was willing to try and pay reparations, noted that an on-the-record criminal conviction would limit him in a lot of ways for the rest of his life and probably put him in a position where he'd more likely offend again, and determined that all of this information outweighed the possibility of a discharge-without-conviction encouraging others.
This seems like a very good justice system to me. The judge is actually considering the case on its merits and taking into account that throwing someone into jail will just make it more likely they'll re-offend when they get out.
Well the article is a bit light on details and I can't be bothered researching any more, but if all the guy did was write the software then it's entirely plausible he didn't do anything technical illegal, in a "guns don't kill people, people do" kind of way.
On the other hand, he almost certainly knew exactly what the software he was writing was being used for, so it'd be like selling guns to people you knew were committing armed robberies.
If that's the case, then maybe the prosecution simply tried to get him for the wrong crime. Just like if someone brought charges of armed robbery against someone selling guns, I would expect them to be thrown out by the judge (though one would imagine such an obviously false charge wouldn't make it to court in the first place).
I don't know if NZ law will allow them to try again with a more appropriate charge or not.
Perhaps that's because the NZ system knows that punishment doesn't really do much to prevent crime?
I currently work in the computer security industry, and am working towards getting my Certified Ethical Hacker certificate. Hiring some kid who went and did a load of stuff that was at the very least unethical kind of devalues the certificate and makes a mockery of those who seek to obtain it in order to rise in this industry. Loads of places require that their penetration testers/security analysts obtain the cert and having some other employer just ignore that shows that no, the cert isn't really required, and ethics are unimportant.
So, explain to me how having aspergers should get him benefits - he's socially retarted, then again, most geeks are ... and he's extra smart.
sorry if I don't feel bad for him...
The geekiest way I ever got free access to anything was in junior high, when I downloaded the source for a skeleton terminal program for Turbo Pascal 6, which used a fossil driver. I hacked the super-basic terminal to play a MajorBBS game called Archery, which was quite hard for humans, but perfectly winnable for a machine; the game cost credits, and on the occasion that you won would pay out quite a bit more.
I got someone to give me some starter credits, because I had no way to pay for a BBS account those days (I mostly called free ones). Then, I ran my terminal, let it play archery perfectly for a while, and ended up with millions of credits. The sysop didn't notice, or care if he did, and I played those stupid MajorBBS games for free :-)
This wasn't illegal, or "hacking" in the sense used in this article, but at the time I was pretty pleased with myself.