Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Talent Shortage Hits Cybercrime Groups, Too (csoonline.com)

Posted by BeauHD on from the minimum-wage dept.

itwbennett writes: A report released today by Digital Shadows finds that cybercrime organizations "face many of the same hiring problems as defending security organizations, but with their own particular twists," writes Maria Korolov. In particular, the groups are finding a shortage of qualified candidates for jobs such as malware writers, exploit developers, bot net operators, and mules. But, unlike legitimate organizations, "cybercriminals are limited in their ability to properly vet new hires, to widely advertise for needed talent, and to find people who are both trustworthy and are willing to break the law," writes Korolov. One thing the criminals have in common with defending organizations: entry-level skills are the easiest to find. This is one reason why many attackers use simple tools and attack methods.

40 comments

  1. Maybe they can take the H1b's! by Joe_Dragon · · Score: 4, Funny

    Maybe they can take the H1b's!

  2. Who is sucking up all the top talent and why now? by Katatsumuri · · Score: 1

    Are we on the edge of something big?

  3. Exploit toolkits by Anonymous Coward · · Score: 0

    Exploit toolkits have greatly simplified and steamlined the task of creating malware, which means nearly anyone can create reasonably effective product in 2016. Also, a lot of the work has moved offshore and is done in places like China or the former Soviet Union, which has driven down wages here in the USA for this type of work. It's more cost effective these days to focus on things that are difficult to farm out like social engineering hacks or inside job security breaches.

  4. Small pool of talent by rmdingler · · Score: 3, Insightful

    ...find people who are both trustworthy and are willing to break the law.

    It is also difficult to train a hunting dog to bring you ducks but leave the chickens alone.

    You can do it; just remember that dogs are much easier to train and far more loyal than their human counterparts.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

    1. Re:Small pool of talent by Anonymous Coward · · Score: 1

      Difficult but not impossible. A small number of people have a highly-developed sense of right and wrong. Equipped with critical thinking, it is not unusual for such a person to largely reject the current legal/political system.

      It is not that being trustworthy and being disobedient are incompatible. It's that of the many people with genuine integrity, few have undertaken the philosophical exploration necessary to truly question the state itself.

  5. More of a training shortage by rsilvergun · · Score: 0

    From what I can see. Oh well, whatever gets then more H1-bs, right? Sad thing is we've got exactly two presidential candidates (Trump and Sanders) opposed to this junk and neither is electable.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
    1. Re:More of a training shortage by AchilleTalon · · Score: 1, Insightful

      Sanders is getting his money to campaign from large corporations as Clinton, Cruz, Rubio and the others. They expect a return.

      --
      Achille Talon
      Hop!
    2. Re:More of a training shortage by tsqr · · Score: 1

      Sanders is getting his money to campaign from large corporations as Clinton, Cruz, Rubio and the others. They expect a return.

      Really? I don't see any corporations, large or small, listed here, but if you can cite a source to back up your claim I'd be interested in seeing it.

    3. Re:More of a training shortage by Grishnakh · · Score: 2

      Wrong. Trump is absolutely electable: he's sweeping all the GOP primaries right now. How can you possibly say he's not "electable"? That just defies reality.

      Sanders, OTOH, while a great candidate IMO, is just not winning the primaries it appears, so no, it doesn't look like there's a good chance he'll be on the ballot in November.

      My prediction is that Trump will win the election. He's winning the GOP primaries now, and will probably get the nomination. Then he'll be up against Hillary, and given how much everyone who leans even slightly right absolutely despises her, and combined with how much all the Sanders voters (esp. young people) despise her, this means that all these people will either vote for Trump or sit out the race (or write in Bernie's name or vote for Stein or something).

    4. Re:More of a training shortage by RollTRS · · Score: 2

      Sanders is getting his money to campaign from large corporations as Clinton, Cruz, Rubio and the others. They expect a return.

      Campaign/Political finance reform is literally a main tenet of the man's platform. His well documented unwillingness to take donations from banks or corporations is precisely one of the things that has made his campaign so successful. To the point where his campaign has broken multiple records relating to the numbers of small donors, and the amount of money raised.

      --
      "Perl is my favorite... It's like wiping your ass with unix." - Lord Ender
    5. Re: More of a training shortage by Anonymous Coward · · Score: 1

      What? Every single early pole I saw said Hilary 56%, trump 42%, with a 2% none.

      The question was "who would you vote for"

      Now I know poles mean shit early, but what you are seeing is not lining up with what I am seeing.

    6. Re:More of a training shortage by will_die · · Score: 2

      Like alphabet Inc, one of his largest contributor?
      Or American Crystal Sugar, another big contributor. It is a CO-OP so definitions include them as corporations, others don't.

    7. Re:More of a training shortage by Anonymous Coward · · Score: 1

      Trump is Barry Goldwater 2: Electric Boogaloo turned up to 11. He is everything the super-hard-right-wing nuts want, and will absolutely fail to get a single moderate vote in November. The only thing Hillary has to do to win, is not go to jail, and not piss off moderates.

      I'm continuing to vote Libertarian.

    8. Re: More of a training shortage by Hognoxious · · Score: 2

      But what about the Hungarians?

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    9. Re:More of a training shortage by invid · · Score: 2

      Whether someone's voting for Hillary or voting against Trump, the votes go to Hillary. This election is going to be about who people dislike more, and I'm guessing Trump is more disliked than Hillary. Many people don't want to be associated with the white racists supporting Trump.

      --
      The Moore-Murphy Law: The number of things that will go wrong will double every 2 years.
    10. Re:More of a training shortage by tsqr · · Score: 2

      OK, Alphabet has contributed about $163,000 to Sanders over his entire political career. That makes them the largest single contributor, making up approximately 0.4% of his contributions for the current election cycle. That's not quite up to the standard of "Sanders is getting his money to campaign from large corporations". It would be more accurate to say "Sanders is one 250th of his money to campaign from large corporations".

    11. Re:More of a training shortage by Anonymous Coward · · Score: 0

      No he isn't. He isn't even conservative. Cruz is the one the hard-right wing nuts want.

    12. Re:More of a training shortage by Grishnakh · · Score: 1

      That's your own opinion. The polls show otherwise. Hillary is obviously and horribly corrupt, has committed criminal actions, and is a war hawk. I'd rather have a supposedly "racist" bigmouth in the White House than another mideast war.

    13. Re:More of a training shortage by invid · · Score: 1

      That's your own opinion. The polls show otherwise. Hillary is obviously and horribly corrupt, has committed criminal actions, and is a war hawk. I'd rather have a supposedly "racist" bigmouth in the White House than another mideast war.

      Hasn't Trump promised to take out Isis? I think he said he was going to wipe them off the face of the earth. How is he going to do that without another mideast war?

      --
      The Moore-Murphy Law: The number of things that will go wrong will double every 2 years.
  6. Re:Who is sucking up all the top talent and why no by Euphorinaut · · Score: 4, Informative

    The demand is just growing faster than the supply. More things in the world are connected and therefor vulnerable, while most organizations won't start pretending to take security seriously until something bad happens.

  7. Cybercrime needs a stable Windows base by Applehu+Akbar · · Score: 3, Funny

    Cybercrime has gone through a rough patch recently because of the fragmentation of its OS base. So many users still on XP, and the higher-end users cycling rapidly through Windows 7, then 8 and 8.1, and now 10. As soon as the majority of users can be migrated to 10 as Microsoft intends, cybercrime will be off and running again.

    1. Re:Cybercrime needs a stable Windows base by Nunya666 · · Score: 2

      Cybercrime has gone through a rough patch recently because of the fragmentation of its OS base. So many users still on XP, and the higher-end users cycling rapidly through Windows 7, then 8 and 8.1, and now 10. As soon as the majority of users can be migrated to 10 as Microsoft intends, cybercrime will be off and running again.

      In other words, Microsoft is shoving Win10 down our throats for the purpose of alienating their user base, thereby limiting the supply of talent for cybercrime organizations.

      Go Microsoft! Keep alienating your users!

  8. looking up digital deception on alphabet.com by Anonymous Coward · · Score: 0

    almost anecdotal... cease fire...

  9. A pirates creed. by Anonymous Coward · · Score: 0

    But, unlike legitimate organizations, "cybercriminals are limited in their ability to properly vet new hires, to widely advertise for needed talent, and to find people who are both trustworthy and are willing to break the law," writes Korolov.

    Maybe they can start recruiting from all the piracy sites? They all are "trustworthy".

    1. Re:A pirates creed. by Anonymous Coward · · Score: 1

      In the past, when IRC was meaningful, #hack and #warez had almost zero cross-pollination.

      The problem is that it may bring cred to bring a new movie at full resolution... but there isn't any financial gain for doing that, or cracking DRM from a game. The knowledge to do so is so specialized, that it has moved to maybe a few places in China and Russia. The days of a crack being out before the game are long gone.

  10. Re:Who is sucking up all the top talent and why no by khasim · · Score: 1

    I doubt it. More like fewer and fewer people are available with the specialized knowledge at each level.

    Entry? Lots of people.
    1 step above entry? Fewer people.
    2 steps ... even fewer.
    etc.

    Also, from TFA:

    Some groups also offer incentives for new talent, such as promising fame and notoriety, profit-sharing, and travel expenses.

    Travel is hazardous. And fame/notoriety means that LEO's are looking for you.

    Which reduces the pool of available talent at each level (which is already a small pool at the upper levels).

  11. Maybe they should pay more by Anonymous Coward · · Score: 0

    But crime doesn't pay. Or does it. I'm confused.

  12. Can we play the tiny violin for these creeps? by Anonymous Coward · · Score: 0

    Is there anyone feeling sorry for these scumbags?

  13. Waitaminute by Marginal+Coward · · Score: 2

    ...the groups are finding a shortage of qualified candidates for jobs such as malware writers, exploit developers, bot net operators, and mules.

    Waitaminute! - I thought Dice recently sold off Slashdot to somebody else...

  14. Solution by Anonymous Coward · · Score: 0

    Those cybercrime groups can just offshore their tale...oh wait

    1. Re: Solution by Anonymous Coward · · Score: 0

      I guess i need to get citizenship somewhere else so I can move back to the US with an hb-1 since that apparently is the new standard for being "qualified"

  15. Re:Who is sucking up all the top talent and why no by Bert64 · · Score: 2

    Very true, and has been the case for a long time...
    Criminals however have a lot less constraints on their hiring, for instance many people with a criminal record will be immediately rejected by most companies as will people without the right immigration status or without the right certifications. Companies may also choose an otherwise less suitable candidate in order to fulfil diversity quotas etc. It's also more difficult for companies to get rid of dead wood.

    The current criminal record process means that someone who has committed a crime in the past is driven towards committing more crimes... They will meet new criminal contacts in jail and find it hard to get any decent paying legitimate work. Someone who made a stupid mistake in their youth may end up facing a choice between committing more crimes or going hungry.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  16. Try Disney? by Anonymous Coward · · Score: 1

    Maybe the criminals could hand out fliers in th Disney parking lot? I hear there are lots of talented people there being forced out of their jobs and desperately seeking work.

  17. Re:Who is sucking up all the top talent and why no by Anonymous Coward · · Score: 0

    Nobody is. On the one hand you've got Disney and everyone else outsourcing to India regardless of actual skill level (witness Disney's staff being required to train the H1Bs replacing them), leading to people deciding they'd rather go into flower arrangement then spend tens of thousands of dollars and years of time to learn a useless skill. On the other hand you've got the criminal cartels slaughtering their participants, further shrinking the supply pool of people who both know what they're doing and valuing their life so little that they'd work for the cartels. I'd suspect that anyone with actual skill would rather work to enrich themselves rather than a mexican drug gang or russian mafia don.

  18. Mr. Fantastic by Anonymous Coward · · Score: 0

    They asked me how well I understood theoretical physics. I said I had a theoretical degree in physics. They said welcome aboard.

  19. Yeah by Anonymous Coward · · Score: 0

    Well maybe pay more then. The crims at the top dont need that second yacht.

  20. Where do I sign? by Anonymous Coward · · Score: 0

    and to find people who are both trustworthy and are willing to break the law...... You know where to find me.,

  21. Re: Who is sucking up all the top talent and why n by Anonymous Coward · · Score: 1

    Demand? I guess I am not looking ib the right place because I can only find job postings I ever see are for basic moving computers and plugging them on jobs. No company I have spoken with seems to care that much about a computer forensics certification and a bachelors in computer security and information assurance...

  22. nature of things? by umghhh · · Score: 3

    There have been many different things proposed of which many are valid but what about this that I experienced first hand few times in different areas: you outsource as much as you can leaving only the system architects and some other key jobs in house. Theya re competent and well paid. After a while these key staff loses its fresh experience with the stuff they make but more importantly the normal way of raising among the ranks to become a key staff member is not possible anymore - we hire only experts and gurus that also know our systems well enough - guess what - the paths leading there are not possible anymore as bottom of the pyramid is 'in the cloud'. Other interesting side effect is: the bottom of the pyramid people are not going for the best of technical choices as there is no point - the architects of our own company are only one of the many customers. Looks like win win to me...

  23. incentive by recharged95 · · Score: 2

    Really, that industry is motivated by incentives.

    The market obviously has spoken the current incentives aren't worth it. It's a buyers market right now if you think about it. Bring on the [real] incentives (e.g. money, power, etc... choose one...), and then you'll see a different story.