Former LulzSec Hacker Gets a Job As Security Adviser At Big UK Firm

An anonymous reader writes: Mustafa Al-Bassam, co-founder and former member of LulzSec under the alias tFlow, has announced he'll be joining Secure Trading, a UK-based online payments firm, assuming the role of security adviser. He'll be consulting the company on various ways to secure their upcoming blockchain-based payments system. The announcement comes two days after another hacker (GhostShell) revealed his true identity, just so he could get prosecuted, get it over with, and move on with his life by getting a legitimate job in the security industry.

Rewarding Criminals!

[mlw4428]

It's like giving a rapist a job as a sex toy consultant.

Re:Rewarding Criminals!

[tnk1]

That's almost exactly what it is like. Like a rapist, these folks have documented proof, courtesy of the criminal justice system, that they have done penetrations.

Re:Rewarding Criminals!

[U2xhc2hkb3QgU3Vja3M]

And in the end, it's always the users that get screwed.

Re:Rewarding Criminals!

[vel-ex-tech]

Yep. Yet another sign that things aren't right when it comes to tech jobs. We have massive diversity problems because of asshole managers who demand that workers have zero personal life and 24/7/365 availability, driving women out of the industry.

Those of us who did what we were told, didn't go blackhat with our skills, and didn't try to rock the boat hoping we'd get ahead didn't. Hell, a lot of us here have stories about being harassed, railroaded, and either threatened with criminal prosecution or actually prosecuted by our middle schools and high schools.

Our jobs are getting shipped overseas with H1B visas all the while companies can't figure out either telecommuting or opening branch offices in places with lower costs of living. Meanwhile, hiring managers can't be arsed to even figure out what the fuck it is we do for and can offer to an organization, chalking it up to magic that's somehow just socially below them but intellectually above them and expecting to find people with 10 years experience with Visual Basic 2015 when what they really fucking need is somebody who's been a dot net developer since dot net 1.0 who writes code in a non-brain damaged dialect like C#--it all compiles to the same fucking MSIL.

Oh, but if you're a rock star like Mustafa Al-Bassam here, they'll roll out the red carpet!

Takeaway: if you want to go into tech to make a living, go blackhat. Get creative. Maybe hack some bank accounts. Steal bitcoins. Steal user credentials. Sell credit card numbers on the black market. Cause grief for megacorps. Build botnets and DDOS websites until the owner pays up. Send out trojans that encrypt and hold user data hostage for a modest sum of bitcoins, usually worth less than the data is worth were it to be destroyed. I hear a lot of these data ransom scams actually have good customer service! See, you can even work on your people skills as a blackhat!

Maybe make a load of cash this way, waaay more than you'll make for shit per hour/year. Then when you're ready to get a normal job and are tired of dodging the authorities, just publicly dox yourself, serve a token sentence, and get hired for god knows how much!

Whiskey tango foxtrot?!

Re:Rewarding Criminals!

[Raenex]

We have massive diversity problems because of asshole managers who demand that workers have zero personal life and 24/7/365 availability, driving women out of the industry.

Oh Christ, not this shit again. Women, as a general rule, are not as interested in tech as men are. And having to be available 24/7 seems like a much bigger problem than "massive diversity problems". Then again, not every tech job is like that.

Takeaway: if you want to go into tech to make a living, go blackhat. [..] Then when you're ready to get a normal job and are tired of dodging the authorities, just publicly dox yourself, serve a token sentence, and get hired for god knows how much!

No thanks. I'd rather not spend a year or multiple years in prison. And I'm not a thief.

Re:Rewarding Criminals!

[tehcyder]

Women, as a general rule, are not as interested in tech as men are

No, to paraphrase Raymond Chandler, some women are not as interested in tech as some men.

Re:Rewarding Criminals!

[hoggoth]

You sound upset that you behaved, did as you were told, and didn't get rewarded.

You are a salesperson. Everyone is a salesperson no matter what field you are in, and the product is yourself. Build an interesting 'brand' around yourself and you will get interest. Be a good little worker-ant in a quiet back room and you will not get noticed no matter how good you are. Mustafa isn't being rewarded for his poor ethics, he is being rewarded for having an interesting story that gets attention despite his poor ethics. You can be sure the guy making the decision to put Mustafa in charge of keeping their money safe had to think hard about giving the keys to this hacker. Lulsec was as much about marketing themselves (fame, 'leet cred') as about hacking.

Re:Cha-ching!

[U2xhc2hkb3QgU3Vja3M]

That's why you can only trust male, cross-dressing revolutionaries and insurgents. They don't even want to be the man in the first place.

Re:Ha ha, no.

Except that there are a lot more people with the skill to find vulnerabilities than there are high-profile crackers and DDoSers.

So it's like saying, "This person is obese, so clearly they would make a good food taster." No - all it means is that they're willing to spend a lot of time eating a lot of your food.

money

[softnewsit]

He goes to King's College... damn he has some serious money behind him

Re:Ha ha, no.

[vel-ex-tech]

You have a point here.

This speaks to the complete state of disrepair the various fields in tech are in. Fast talking con artists can play bullshit buzzword bingo and get in even though they can't code their way out of a paper box.

I don't know what the answer is. Certifications have clearly shown to be inadequate. Degrees are so hopelessly watered down as to be meaningless (not to mention the cost of obtaining one is spiraling out of control thanks to the student-loan-college-industrial-complex).

I mean, I don't doubt the guy's skills. I haven't really maintained my skills lately because I no longer want to have anything to fucking do with tech, so he could probably take me to school. On the other hand, I doubt he could break into webapps I publish because I understand the underpinnings and RFCs and generally know what the fuck I'm doing. I may have said I'm not maintaining my skills, but the old rule of "validate all input and trust no input" is as true as the day I got into this field. Who says he's not just a metasploit jockey? I have that installed on my server in the clouds, just haven't had time or lately interest to learn how to use it for penetration testing.

You're point is valid if we remove all ethical concerns from the question. Do you really want somebody who had no problem defacing websites and stealing user data working for you? Maybe you do. I don't know. It's a free country.

It's just a damned shame that the state of the field is in such shambles.

Re:Growing up

[hyades1]

Yeah...OK. So when Bush, Cheney, Blair and the rest of that foul crew own up and get held accountable, give me a call.

Re:Ha ha, no.

[lucm]

At least they didn't give that one his own tv show

Re:Growing up

[lucm]

Roosevelt committed crimes against the economy and against the American people, and got away with it. There's quite a backlog when it comes to politics, Bush is minor leagues at best in that list.

Re:Stupid Hire

[KGIII]

Actually, the dude who did all the counterfeiting ended up working for the FBI and then for the banks as a consultant and now designs things that are more difficult to counterfeit. He even got a movie named after him. Buggered if I can recollect the name but the person is a real person who has since moved on to do some computer security stuff if I recall the eWeek article.

Re:Growing up

[tnk1]

That's sort of like saying we can't hold a murderer accountable because Bush started a war that got more people killed.

Of course we can. These kids fucked up. Now, if there is a punishment, it should certainly fit the crime, to be sure. 20 years in prison doesn't seem like it would be fair, but it shouldn't be a slap on the hand either.

I am definitely a little iffy on people hiring "retired" black hat hackers for their Red Team, if only because that tends to encourage hackers to black hat as a career path. When serving time is simply considered your stepping stone to a better non-criminal job, there's something wrong going on.

Note, he's not doing it to atone or because he cares if he screwed anyone. He's doing it so he can take credit so everyone knows he's a well-known hacker. Which then *improves* his resume. Would Bush admitting that he ran an impressive scam to start a war mean that he'd get kudos and a job offer because he clearly knows how to get things done? I wouldn't think so.

Hacker wannabe Ghostshell

[georgech]

There's an interview on a romanian website with GhostShell where he explains why he doxed himself (it's in romanian, but google can translate it). I'm surprised this article didn't get pricked up by more news agencies: http://www.hotnews.ro/stiri-es... He's been working in a UK factory for the last 3 years, 12 hour shifts because nobody in the IT industry would hire him. He doesn't really have marketable skills and he looks like a script kiddie that probably can't hack specific targets, but aims scripts and tools at the internet hoping for the best.

Re:Mustafa

[tehcyder]

Isn't that a Lion King character or something ?

That'll be Mustafa Pee, the incontinent hyena.

Re:Stupid Hire

[tehcyder]

When you hire a criminal, you get a criminal.

It depends on your view of rehabilitation.

Personally, I can see how a paedophile who has served his time in prison should be allowed to work so he's not just a drain on society, but that doesn't mean you'd employ him as a school caretaker.

Re:Stupid Hire

[KGIII]

That's his name and yeah, he had some computer fraud detection or counterfeit detection stuff going the last time I saw him mentioned somewhere. He's got his own business now (or did) and I think they even have some software that they sell. I'm pretty sure it's not typical end-user stuff.

It was a pretty good movie. I actually watched "Hackers" last night. Well, I tried to. I made it about halfway through. Given by the completed ratio, you can probably guess my opinion. I was less than impressed and could only make it so far into the movie.

I don't think I've seen the Mitnick movie. I'll definitely remember to look for it. I had no idea that there was a movie - there are a few documentaries. I typically only watch documentaries. As in, I've probably watched less than a dozen regular movies in the past year. I'm going to guess that the total number is less than ten, now that I think about it. I do, on the other hand, have documentaries going quite often, that or some streaming news radio.

At any rate, thanks. I'll check into the Mitnick movie tonight *if* I am still here and able to do so. Netflix or Hulu might have it. If not then, it's Mitnick, I'm sure one of the other sites will have it available for the low price of a few well crafted search terms.

Re:Cha-ching!

[TheCarp]

Or, "Never trust anyone over 30" :)

There is a great quote often mis-attributed to Churchhill:
"If you're not a liberal when you're 25, you have no heart. If you're not a conservative by the time you're 35, you have no brain."