Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Criminals Target Tech Students With Job Offers

Zonk posted more than 7 years ago | from the not-the-best-prospect dept.

Education 121

An anonymous reader writes "BBC News is running a story on criminal gangs targeting tech students. Some of these outfits offer to pay for an education in exchange for the student's employment on graduation in criminal hacking activities." From the article: " As the number of criminal gangs looking to move into cyber crime expanded, it got harder to recruit skilled hackers, said Mr Day. This has led criminals to target university students all around the world. 'Some students are being sponsored through their IT degree,' said Mr Day. Once qualified, the graduates go to work for the criminal gangs. As well as the direct route of targeting students, some organised crime gangs were trading on the glamour surrounding the 'hacker' label to help them recruit impressionable youngsters..."

cancel ×

121 comments

Sorry! There are no comments related to the filter you selected.

surprised? (3, Insightful)

Xolom (989077) | more than 7 years ago | (#17171170)

it's a better job offer than the other offers most kids are going to get, and it appeals to their interests... why are people surprised?

This is a good thing (5, Funny)

svunt (916464) | more than 7 years ago | (#17171212)

I'm currently doing an IT internship for the Gambino family. The pay is good, I get medical & dental, and if anyone mods me down, they'll find out about some of the other perks of working in the industry.

Re:This is a good thing (5, Funny)

Lane.exe (672783) | more than 7 years ago | (#17171320)

Eh, getta load of this guy! We pays you good money so you can keep quiet, sit in your little room, and do your computer thing. But what's this? We finds you on this "internet," advertising who you work for! Hey, bambino, leave the singin' to Sinatra, capische?

Whack 'em.

Re:This is a good thing (4, Funny)

Dachannien (617929) | more than 7 years ago | (#17171716)

I had no idea that Joe Pesci was a Slashdotter, until now.

Re:This is a good thing (4, Funny)

idonthack (883680) | more than 7 years ago | (#17173864)

Whack 'em.
So, uh... I understand you have an opening now?

Re:This is a good thing (1)

Broken scope (973885) | more than 7 years ago | (#17171570)

My god, you have no Idea how much I want to waste a mod point now.

Re:This is a good thing (2, Funny)

RareButSeriousSideEf (968810) | more than 7 years ago | (#17175870)

I for one welcome our new tuition-paying overlords.

Re:surprised? (3, Insightful)

ScentCone (795499) | more than 7 years ago | (#17171274)

it's a better job offer than the other offers most kids are going to get, and it appeals to their interests... why are people surprised?

Um... for the same reason people might be surprised if non-crazy students who spend their years in college studying chemistry would look for "sponsorship" from a group that tells them they'll be building suitcase bombs for terrorists? Or an engineering/architecture student that's told they'll get a free ride through college as along as they agree to help break into banks once they graduate? This isn't any different.

Re:surprised? (3, Insightful)

Planesdragon (210349) | more than 7 years ago | (#17172006)

This isn't any different.

It's significantly different. One is treason, another is abandoning a lucrative private enterprise for crime, and the third is a resort of despiration for those with few prosepcts.

The morality, ethics, and legal response to each of these is different. You might as well claim that vehicular manslaughter and driving with a cell phone "aren't any different."

Re:surprised? (2, Interesting)

russ1337 (938915) | more than 7 years ago | (#17172672)

Funny that you mention ethics. I remember a class a few years ago, we tried to determine what set a 'Profession' different from a 'job'. Eventually we settled on something along the lines 'that a professional has a code of ethics'.e.g Doctors, engineers, lawyers (ok, yeah ok i know - stick with me)..

I dont recall IT professionals having a code of ethics. If BSC/SE graduates swore to uphold a code of ethics, it may weed out a few of the more 'innocent' people that would take up this offer. Of course it may always be to late by the time they graduate too....

One could always join the military to get their training. It even has a similar rank structure to the Mob.

Re:surprised? (2, Interesting)

spikedvodka (188722) | more than 7 years ago | (#17173322)

While it may not qaulify as a mandetory code of ethics, I'd encourage you to read the SAGE System Administrator's Code of Ethics
We as professional System Administrators do hereby commit ourselves to the highest standards of ethical and professional conduct, and agree to be guided by this code of ethics, and encourage every System Administrator to do the same.
Professionalism

        * I will maintain professional conduct in the workplace and will not allow personal feelings or beliefs to cause me to treat people unfairly or unprofessionally.

Personal Integrity

        * I will be honest in my professional dealings and forthcoming about my competence and the impact of my mistakes. I will seek assistance from others when required.
        * I will avoid conflicts of interest and biases whenever possible. When my advice is sought, if I have a conflict of interest or bias, I will declare it if appropriate, and recuse myself if necessary.

Privacy

        * I will access private information on computer systems only when it is necessary in the course of my technical duties. I will maintain and protect the confidentiality of any information to which I may have access, regardless of the method by which I came into knowledge of it.

Laws and Policies

        * I will educate myself and others on relevant laws, regulations, and policies regarding the performance of my duties.

Communication

        * I will communicate with management, users, and colleagues about computer matters of mutual interest. I will strive to listen to and understand the needs of all parties.

System Integrity

        * I will strive to ensure the necessary integrity, reliability, and availability of the systems for which I am responsible.
        * I will design and maintain each system in a manner to support the purpose of the system to the organization.

Education

        * I will continue to update and enhance my technical knowledge and other work-related skills. I will share my knowledge and experience with others.

Responsibility to Computing Community

        * I will cooperate with the larger computing community to maintain the integrity of network and computing resources.

Social Responsibility

        * As an informed professional, I will encourage the writing and adoption of relevant policies and laws consistent with these ethical principles.

Ethical Responsibility

        * I will strive to build and maintain a safe, healthy, and productive workplace.
        * I will do my best to make decisions consistent with the safety, privacy, and well-being of my community and the public, and to disclose promptly factors that might pose unexamined risks or dangers.
        * I will accept and offer honest criticism of technical work as appropriate and will credit properly the contributions of others.
        * I will lead by example, maintaining a high ethical standard and degree of professionalism in the performance of all my duties. I will support colleagues and co-workers in following this code of ethics.

Draft of September 12, 2003, approved September 18, 2003, by the SAGE Executive Committee and September 30, 2003, by the Ethics Working Group.

Co-signed by LOPSA, USENIX, and SAGE 2006.

USENIX grants permission to reproduce this Code in any format, provided that the wording is not changed in any way, that signatories LOPSA, USENIX, and SAGE are included, and that no other signatory or logo is added without explicit permission from the copyright holders.

http://www.sage.org/ethics/ [sage.org]

Homer meet Godel (1)

TapeCutter (624760) | more than 7 years ago | (#17173928)

"Professionalism"

"I will maintain professional" - Doh!

"Professionalism"

"I will maintain professional" - Doh!

"Professionalism"

"I will maintain professional" - Doh!

"Professionalism"

"I will maintain professional" - Doh!

Stupid "professionalism", take that, argg, and that, ugff,....

Re:surprised? (1)

dr_dank (472072) | more than 7 years ago | (#17174074)

Wow, looks like somebody at that group read the BOFH stories before drafting these guidelines...

Re:surprised? (1)

sgt_doom (655561) | more than 7 years ago | (#17174782)

Exactly so! Besides, how many hackers do the two major criminal organizations in the US hire (i.e., the Pentagon and the Blackstone Group)? And it sure beats offshoring....

Sweet (5, Interesting)

presidentbeef (779674) | more than 7 years ago | (#17171172)

Does this mean that legitimate companies, to keep up, will have to do the same thing?
Maybe they could even get into bidding wars over potential students/employees! This could only be a good thing...right?

Re:Sweet (2, Interesting)

phatvw (996438) | more than 7 years ago | (#17171302)

Haven't folks like Peter Norton (Symantec) been doing this for years? Recruiting kids to write worms and viruses so they can sell their shitty "Utilities" and Virus scanning suites to big business? ;)

Not likely... (1)

Marnhinn (310256) | more than 7 years ago | (#17171308)

At least I hope not.

It will probably become a felony to accept funding from such groups first (if it already isn't) since its somewhat similar to bribery. Simply because if this were to spread to other professions, the impact could potentially be much worse (and could result in having a government like some third world countries where since the mafia is willing to pay more, the whole government is corrupt).

Re:Not likely... (4, Insightful)

presidentbeef (779674) | more than 7 years ago | (#17171342)

I kind of see your point...but doesn't the military already do this? They offer to pay for college, you agree to serve for 6 years or whatever. Does it make a difference if it's a private company?
I know that some companies will help pay for your education if you agree to continue working for them for a certain amount of time after your education is complete. It's not so different, right? This is just getting them younger.

Of course, my original comment was more of a joke :)

Re:Not likely... (2, Insightful)

Marnhinn (310256) | more than 7 years ago | (#17171440)

True, but only to an extent.

Many companies offer benefits in return for service (as you mention), the difference isn't in really in what the companies offer, it's in what they do.

If we just looked at offers - then there is not much difference between a lobbyist giving a politician large sums of money and someone donating to charity. Both are giving money away right? But the law looks at more than action - it looks at intent (thankfully). Which means that accepting money from a criminal enterprise is very different than accepting money from a legitimate company.

Re:Not likely... (1)

Reservoir Penguin (611789) | more than 7 years ago | (#17172524)

I think the difference is that you're unlikely to get blown up to pieces or spend the rest of your life paralyzed while doing hacking jobs for a shady group.

Actually what's far more likely than either (0, Flamebait)

symbolset (646467) | more than 7 years ago | (#17174324)

Is that the college student will be killed or maimed by a drunk driver : http://www.cdc.gov/nchs/products/pubs/pubd/hestats /finaldeaths04/finaldeaths04_tables.pdf#2 [cdc.gov] , or any one of a dozen other pointless unnecessary ways.

Apparently Verizon and whiny liberals are both bad at math.

Don't get me wrong -- I love and respect our soldiers. That so many step up to do their duty gives me hope that America may yet survive. But statistically far more Americans are killed by medical accident, influenza, a host of other causes.

Let's not pretend that for an American going to war is more dangerous than commuting on the freeway. It was so once, but it isn't any more.

If you want to be honest and still win points with Hanoi Jane, argue that it costs money. That at least is true.

Uh... (1)

Belial6 (794905) | more than 7 years ago | (#17171466)

Uh... Bribery is not illegal. There are certain types of bribes that are illegal, but much like being a monopoly, it is not inherently illegal. You know, if I offer may local mayor a new car in exchange rezoning some land I own, it's a crime. If I offer my son a new car in exchange for mowing the lawn, I may be a crappy parent, but I certainly have not committed a crime.

Re:Uh... (1)

Rix (54095) | more than 7 years ago | (#17171650)

You're confused about the definition of bribe.

Re:Uh... (1)

Belial6 (794905) | more than 7 years ago | (#17171712)

Funny, I got my definition for Bribe [webster.com] from Merriam-Webster. If you have a better authority on the definition, I'm happy to hear it.

I do (1)

Rix (54095) | more than 7 years ago | (#17172206)

Webster's can't even be counted on for correct spelling. Here [askoxford.com] is the definition of the English word.

Re:Uh... (1)

Maxo-Texas (864189) | more than 7 years ago | (#17171654)

If you give the mayor $25,000 for his reelection commitee it's also legal.
If you give the mayor $25,000 with the understanding that he'll give you a zoning variance, it's illegal.
If you give the mayor $25,000 with no understanding he gives you a zoning variance, it's legal.

Re:Uh... (1)

Maxo-Texas (864189) | more than 7 years ago | (#17171884)

Grr... 3 little letters.

If you give the mayor $25,000 with no understanding AND he gives you a zoning variance, it's legal.

Re: $25,000 and Variances (1)

TaoPhoenix (980487) | more than 7 years ago | (#17172794)

If you give the mayor $25,000 and he understands what a zoning variance is, it's a good value for the money.
If you give the mayor $25,000 and he doesn't understand what a zoning variance is, it's a bad value for the money.
If you give the mayor $25,000 and neither of you understand what a zoning variance is, then it's your fault for not giving your money to a better candidate.

Re:Sweet (2, Interesting)

neoform (551705) | more than 7 years ago | (#17171382)

Not if the companies are employing black hat hackers to take down their competition.. (i worked shortly for such a company, quit out of disgust).

The Godfather (1)

Nomihn0 (739701) | more than 7 years ago | (#17171184)

Sonny: Hey, whaddya gonna do, nice college boy, eh?

Hack, that's what!

Hooray! (0)

Anonymous Coward | more than 7 years ago | (#17171194)

Shit, where do I sign up?

interesting... (2, Interesting)

Anonymous Coward | more than 7 years ago | (#17171196)

how do i sign up?

The year for this article is 2006 (0)

Anonymous Coward | more than 7 years ago | (#17171204)

For Slashdot users in the future, the year for this article is 2006. I'm just tired of having to guess the year of old Slashdot articles from their context.

Of course, I could be lying.

Re:The year for this article is 2006 (3, Funny)

xrayspx (13127) | more than 7 years ago | (#17171304)

Back in The Day, Slashdot listed only the day and date, which if I gave a shit, would be sufficient to narrow it down to the year. However, sometime in the last 2 years I was pleasantly surprised to see they started putting the year as well attached to every post.

Don't believe me? Read everything to the right of my name on this post.

Of course, I suppose I could be lying too.

Re:The year for this article is 2006 (3, Informative)

mincognito (839071) | more than 7 years ago | (#17171558)

The point is, you can set a date format that includes the year in your Slashdot preferences (in the homepage section).

Re:The year for this article is 2006 (1)

Schraegstrichpunkt (931443) | more than 7 years ago | (#17171394)

You could always look at the URL.

Re:The year for this article is 2006 (1)

VGPowerlord (621254) | more than 7 years ago | (#17171546)

Lets see if I can figure out the year from some obvious source... lets see... not the submittion text...

Oh, hey, how about the article url!

http://yro.slashdot.org/article.pl?sid=06/12/09/05 8252 [slashdot.org]

Lets see... today is 2006/12/09... nope, I'm not seeing it.

A new medium for an age old problem (2, Insightful)

Mikachu (972457) | more than 7 years ago | (#17171206)

This isn't anything new really. I mean I even feel redundant saying this. Where there's commerce, there's crime. Where there's crime, there's organization. Gangs have simply moved on from convincing kids on street corners to steal some stuff into convincing kids in chatrooms to hack into some websites. It was only a matter of time.

sneakers (1)

Skadet (528657) | more than 7 years ago | (#17172210)

Where there's crime, there's organization.

Don't kid yourself. It's not that organized.

i really can't believe... (0)

non (130182) | more than 7 years ago | (#17171210)

that this article followed the one below. then again, i had friends who were offered support to finish medical school by the mob. kids, don't believe the hype! its not like that david duchovny movie 'playing god;, you don't always wind up with the boss's girlfriend; more often than not you wind up in the east river :)

to top it off, the watcha-mathingy is 'murders'

Re:i really can't believe... (2, Informative)

OmniBeing (838591) | more than 7 years ago | (#17171290)

A close friend of mine and I were offered "work" for a criminal organization years ago when we were fresh out of high school (we developed quite a rep, did some stupid things like send all the account usernames and passwords for the district to the main laser in the library. Nobody knew who did it till a friend ratted us out. That's another story though.)

The offer was nice, new machines and $10,000 each for a weeks work attacking ADT's system so they could stage a b&e spree.

Scared the crap out of me, I had friends that ran with those people, one was a runner who shortly there after went missing after he embezzled. I left the city (for other reasons) no idea what happened to Jamie...

There are other things to consider other than renumeration, like physical safety.

Re:i really can't believe... (0)

Anonymous Coward | more than 7 years ago | (#17171492)

Jamie went into witness protection and now he is on mythbusters and that is how they are able to get the FBI to let them blow stuff so easily

Great News! (1)

iOsiris (944032) | more than 7 years ago | (#17171216)

This will reassure CS students that there are jobs lined up for them after they graduate!

pft! (4, Funny)

tloh (451585) | more than 7 years ago | (#17171230)

No! No! No! Any hacker with even an ounce of skill is more than capable of setting up shop on his own. What you gotta do is offer the guy something he would never EVER get legitimately. What these criminal types REALLY ought to do is come on slashdot here and promise they can arrange regular *private* meetings with our favorite adult performers from the pr0n we all download.

Re:pft! (1)

non (130182) | more than 7 years ago | (#17171252)

dude, i don't know about favorite, but there are many you can get; look here [exoticretreat.net] . at least one of the met-art girls is available!

Re:pft! (1)

nettdata (88196) | more than 7 years ago | (#17171568)

Cool... some place where "Blowjob Friday" might not just be a tale of lore...

Where do I sign up?

Re:pft! (0)

Anonymous Coward | more than 7 years ago | (#17172192)

The stereotype "hackers" drop out of school. Ask Bill Gates. ;P

Stay in School and you'll getting paid the big bucks when you graduate working for
the mob boss. May be this will help keep kids in school?

Re:pft! (0)

Anonymous Coward | more than 7 years ago | (#17172716)

I think the Mafia could do better than that. How does a lifetime supply sound? [wikipedia.org] All you need to do is keep hacking...

US Military (0, Flamebait)

Bios_Hakr (68586) | more than 7 years ago | (#17171236)

The US military has been doing this for years. Sign up and kill people for 4 years and we pay for your degree. The GI Bill is quite nice. Also, while you are still in, the Veterans' Administration pays for 100% of your tuition and 50% of your wife's tuition.

Re:US Military (0)

Anonymous Coward | more than 7 years ago | (#17173232)

Shame you have been modded down for saying this, because you are right! Like the mob, the army takes other people's property by deadly force: legalized murder and theft, as the incident in Iraq shows. It's tax-funded organized crime on a massive scale. Hey, at least the mafia never pretended to be the good guys.

Benefits (1)

phorm (591458) | more than 7 years ago | (#17171240)

Ahhhh, but do they offer dental? If not, they could probably manage to add you to somebody else's plan :-)

Re:Benefits (3, Funny)

Massacrifice (249974) | more than 7 years ago | (#17171322)

Oh yeah, they have a dental plan... Tony, gimme the pliers.

Re:Benefits (1)

rlanctot (310750) | more than 7 years ago | (#17171380)

Well, they offer oral...

Hack what ? (4, Insightful)

jfclavette (961511) | more than 7 years ago | (#17171242)

Say what you will, hacking (cracking, don't throw a fit) isn't exactly easy nowadays. Can anyone here honestly tell me that they can get me access to a given business's clients database in the next 48 hours ? Didn't think so. So what are the gangs getting out of this ? Are they getting on a hype bandwagon ?

Re:Hack what ? (5, Interesting)

ScentCone (795499) | more than 7 years ago | (#17171288)

Can anyone here honestly tell me that they can get me access to a given business's clients database in the next 48 hours ? Didn't think so. So what are the gangs getting out of this ? Are they getting on a hype bandwagon ?

Getting access to a company's database is so 1990's. These days, you need smart computer science types to design better malware to create botnets so that you can practice good old fashioned extortion against Costa Rican casino web sites. Simple as that.

Re:Hack what ? (1)

prtsoft (702850) | more than 7 years ago | (#17174438)

Getting access to a company's database is so 1990's Not really. Crackers still attempt to gain access to DB in search of creditcard and SS Numbers. With the proliferation of SQL injects available script kiddie can steal information from online shopping carts. Take the recent issue with mastercard and the intrusion into their customer DB. Thousands of credit card number were released. To say that it doesn't happen any more, is to, at best, be a bit naive.

Re:Hack what ? (1)

ScentCone (795499) | more than 7 years ago | (#17175764)

Take the recent issue with mastercard and the intrusion into their customer DB. Thousands of credit card number were released. To say that it doesn't happen any more, is to, at best, be a bit naive.

I don't meant to suggest it isn't happening, or isn't a target. But most of that stuff is insider badness, not 133t h@xx0rs coming in from the outside while on Jolt buzz. The malware is where all the action is - because that's how you plant keyloggers, etc., and GET inside access if you don't have an inside man. But, for now at least, the botnets are the real heavy artillary - and then also lead to spaminizing, which can deploy tools for id theft, etc. Malware is a bigger deal than ultra-crafty sneak-into-the-db-like-in-the-movies stuff I think, but YMMV.

Re:Hack what ? (1)

phantomcircuit (938963) | more than 7 years ago | (#17171514)

The types of attacks that are being carried out are not single target attacks, they are broad attacks used to secure large botnets or to retrieve sensitive information on smaller targets.

The major breach of security events where large amounts of personal information is either pure dumb luck (enhanced by a larger drag net or malware) or the combination of social engineering, physical break in, and computer based attacks.

Re:Hack what ? (2, Insightful)

Anonymous Coward | more than 7 years ago | (#17171532)

Wow, that has got to be the most clueless comments on the topic that I have ever read. No offense meant, but really, c'mon! Where have you been the last five years? Hacking hasn't only gotten a lot simpler, with all the automated tools that exist nowadays, but also become much more profitable. The increased profits are largely a result of botnets and the ease one can build one with using readily available tools and the huge number of clueless people on a broadband connection (something that also didn't really exist 5-10 years ago). You can spam people cheaper, install popups cheaper, steal their banking information cheaper (more people do internet banking now than a couple of years ago), and so on.

In short: there's more of everything. More software with more vulnerabilities. More automated tools. More clueless users. More bandwidth in their pipes. More profitable internet companies to blackmail (using DDoS). More companies interested in buying tools and information. Etc.

If there was ever a time to a criminal on the internet, now is it.

No... (1)

Rix (54095) | more than 7 years ago | (#17171966)

Not a specific one, but *any* business' client database? Yes, definitely.

Re:Hack what ? (1)

Geoffreyerffoeg (729040) | more than 7 years ago | (#17172106)

Can anyone here honestly tell me that they can get me access to a given business's clients database in the next 48 hours ?

No, but I can get access to a given business's clents database in 48 hours plus flight time, given an appropriate plane ticket and an appropriate change of clothes.

Re:Hack what ? (1)

owlnation (858981) | more than 7 years ago | (#17172344)

I would have thought that phishing and eBay / Criagslist fraud was the quickest and easiest way of making money for criminals. The tech ability for phishing doesn't need to be that high.

What I've often wondered though is, why do phishers just go for the harder targets like eBay, Paypal and Banks? Since a significant proportion of sites these days require a login and password, and that many people will simply use the same login and password, why not phish for some forum or news site, where users are off guard and more likely to fall for the phish? Then you take their login and password and plug in into sites like eBay etc. Seems a piece of cake to me, and more effective.

Re:Hack what ? (1)

Lord Ender (156273) | more than 7 years ago | (#17175572)

I can honestly tell you that I could get access to most business's databases within 2 weeks. I won't do it, but I could.

I work in the security industry for a company that does financial software. Despite all our efforts, at best we can only stop poorly-funded, poorly-motivated attackers. And our security is much better than most.

Most people, even those in IT, have NO FREAKIN IDEA how complicated information security is.

Hoax maybe? (3, Insightful)

UbuntuDupe (970646) | more than 7 years ago | (#17171244)

This seems like a monumentally stupid way to recruit hackers. Let's see, leave a public record of you funding a student (rather than cold cash), then when he graduates, tell him, oops, you want him to break several laws. "Oh really? Well, thanks for the free education. Hey feds, over here!" *gets witness protection* *gets guaranteed income for life* *eliminates obligation to employer*

In order for this to work, you'd have to credibly threaten or capture a loved one. But if you've got the techie that way, ... er, why do you need to pay for his education again?

Re:Hoax maybe? (1)

another_fanboy (987962) | more than 7 years ago | (#17171316)

Good point, but there is also the other perspective. The gang will have the cracker's personal information (required to pay the tuition bills), making it more of a challenge for him to hide if things don't go well. There would have to be a strong trust beyond the average employer/employee mindset or else a false move by either side will cause everyone to get caught.

Re:Hoax maybe? (3, Insightful)

Massacrifice (249974) | more than 7 years ago | (#17171358)

Well, if they start by requiring the would be hacker to "prove" himself (or herself?) worthy by doing something illegal, they can then blackmail him into doing more. I would assume that criminal activities start before the end of the studies. If the studies ever get completed, that is.

Re:Hoax maybe? (0)

Anonymous Coward | more than 7 years ago | (#17171592)

"Hey Josh, meet Candi and Bunni. They love to make out with each-other while they watch you hack some corporate net. And here is Cindi, she'll keep you company while the other two are busy."

And next morning you find out that Candi just happened to have a pinhole camera to record your hacking, Cindi was underage, and Bunni overdosed on the "insulin" she shot up with your help.

Who is going to hire you with three felonies on your record? The Mob or Microsoft, that's about it.

Re:Hoax maybe? (0)

Anonymous Coward | more than 7 years ago | (#17171788)

...or SCO... Sony... EA... RIAA... MPAA... Halliburton... hmmm now that you mention it there's plenty of job opportunities. Thanks for the tip!

Re:Hoax maybe? (1, Insightful)

Anonymous Coward | more than 7 years ago | (#17171692)

Would you really be willing to break contact with your family and everyone you know and commit to a life of fear just to pay school tuition?

Re:Hoax maybe? (3, Interesting)

Beryllium Sphere(tm) (193358) | more than 7 years ago | (#17172072)

>In order for this to work, you'd have to credibly threaten or capture a loved one.

The old recipe for recruiting a spy was MICE: Money, Ideology, Compromise, Ego. If organized crime really is troling computer students, they could use at least three of those, and maybe even ideology ("stick it to the greedy corporate exploiters and their fascist tools in government", or something like that).

The other problem is, what's a CS degree going to do for a blackhat?

Put them through drama school and psychology if you want to raise a crop of social engineers, use an apprenticeship system if you need vulnerability finders, but CS? There are only a few problems in the criminal world (robust scalable botnet control, untracable communications) that are computer science problems. And there can't be room for many people to work on those.

The article was way too light on any of the specifics that would have inclined me to trust it.

Re:Hoax maybe? (1)

toganet (176363) | more than 7 years ago | (#17173614)

I agree, although the article actually says "IT Degree", which probably translates to a degree from DeVry or the like.

What they should be paying for is an Informatics [washington.edu] degree -- it includes the technical aspects of hacking (programming languages from a pragmatic standpoint), but combines it with the social and communication elements you mentioned.

Re:Hoax maybe? (1)

dr_dank (472072) | more than 7 years ago | (#17174164)

The article reminded me of this story [slashdot.org] from years ago about Columbian drug cartels having an actual IT staff to keep its organization running.

The most remarkable part of that article was the IBM mainframe they'd have datamining phone switch info, cross-referencing it with known numbers of government agents in order to ferret out rats.

Re:Hoax maybe? (1)

Lord Ender (156273) | more than 7 years ago | (#17175780)

Understanding computer and network architecture is useful in the art of penetration. Understanding discrete math, probability, and counting is ESSENTIAL for being able to pick the right attack vector. I imagine a professionally-employed hacker will want to be able to tell his boss "it will take 27 days to have a 50% chance of defeating this password based on their password policy." Most people can't do that stuff without a college education.

Not Much of a Surprise. (4, Interesting)

PixieDust (971386) | more than 7 years ago | (#17171250)

Everything internet related means lots of dollar signs. What's intruiging here is how it could also play out amongst large corporations. We all know about the difference between a White Hatter, and a Black Hatter. Now consider a network of say, 20 people, top to bottom. At the top, is some poor twit either finishing up college, or already working for a fairly large business (as this article indicates some targets are). At the bottom (in this case, origin), is Company A, that really wants to see company B go down. High profile, but they're paying a pretty penny. Think about it.

Wal-Mart. Big huge massive retail company. How much do you think it would be worth to K-Mart, or Target, or various other retailers, for Wal-Mart to just be down for a few days? Easily into tens of millions, if not hundreds of millions of dollars.

Sad part is, the person at the top doesn't even have to know what's going on. They just say "Hey write a program that will do this, and propogate. We'll give you a cool 100Gs." Kid says hells yea, takes a few hours, whatever, writes it, and gives it to them, collects.

Two weeks later, Wal-Mart plant sticks the little nasty into the Wal-Mart mainframe, and it gets disseminated to every single store in the company. The plant is nice and safe (removed by organization, or perhaps just left to fend for themselves, whatever), many of the people involved will never be caught, and the person that wrote it may not even know they were responsible!

Perhaps I should take off my tin-foil hat, but still, it's a helluva "What-If".

Re:Not Much of a Surprise. (3, Insightful)

Lehk228 (705449) | more than 7 years ago | (#17171436)

if an attacker had access to wal*mart's systems, shutting them down for a few days would be a bad way to do it, instead attack trust and dependability.

screw up certain shipments for holidays, occasionally add an item or three to credit card purchases, add a hundred bucks to random debits.

then at the end transfer all credit card numbers, debit card numbers, signatures, and PINs to a third party


halting operations would be bad for walmart, leaking EVERY SINGLE credit card transaction processed by walmart would be much worse long term.

the attack could be even more effective if the pharmacy/medical records kept could be leaked. people get pissed when their viagra perscription gets posted on the internet

Re:Not Much of a Surprise. (1)

littlerubberfeet (453565) | more than 7 years ago | (#17172182)

This is a sticky subject...

The probable mechanism for profit would be to short NYSE:WMT just before a viral attack is executed. If that attack were to happen on thanksgiving, just in time for 'black Friday', the profit could be huge.

The long-term is a better strategy in monetary terms, but risk is proportional to time. A single event is much harder to get caught at then a bunch of events. Introducing endemic shrinkage in the credit handling system would require a large number of (potentially) traceable events.

Now watch us all get watchlisted for discussing this...

Re:Not Much of a Surprise. (1)

icepick72 (834363) | more than 7 years ago | (#17173846)

Ya, I saw that movie too where the computers worked all the time, people got in and out without being detected and the law enforcement was bumbling the issues and couldn't catch up to the criminals.

Re:Not Much of a Surprise...Yes,but... (1)

E++99 (880734) | more than 7 years ago | (#17174286)

Yes, but this is not how "hackers" make money. They make money by selling spam and pop-ups sent through bot nets. And also by phishing email/websites. (Although the latter is extremely traceable, so it only seems to be done by people in countries where they don't do anything about it, like the former Soviet bloc.)

The Firm :) (1)

thinkingpen (1031996) | more than 7 years ago | (#17171260)

Ok,so now techies are also supposed to watch out when getting hired; not just lawyers like those in that John Grisham novel. :)

Hookers as Employee Benefits! (5, Funny)

LinuxLuver (775817) | more than 7 years ago | (#17171318)

Criminal gangs should be able to offer some very "creative" fringe benefit packages. You want $200,000 a year? Or maybe $150,000 and a two hookers / week? Tax that!

Re:Hookers as Employee Benefits! (3, Insightful)

NotFamousYet (937650) | more than 7 years ago | (#17171416)

Actually, it is true that what most tech-savvy people expect from an IT job is a good combination of comfort and challenge (see Google's very long list of fringe benefits).

If you're a student, such an offer is definitely more tempting and self-rewarding than working in a cubicle.

Re:Hookers as Employee Benefits! (0)

Anonymous Coward | more than 7 years ago | (#17171480)

Only on /. does offering Hookers as benefits get modded Insightful.

Re:Hookers as Employee Benefits! (1)

SoVeryTired (967875) | more than 7 years ago | (#17175346)

At $500 a go, those would want to be some pretty special hookers. I prefer mine to be the $10 motel variety. Plus, you can put your cigarettes out on them.

Tech Student target Criminals with refusals (0, Redundant)

Che Guevarra (85906) | more than 7 years ago | (#17171352)

Obviously, this is an avenue that criminals will pursue, especially with the way video games are emersing our youth with violence and crime, but aren't the smart ones going to figure this out and rise above?

Getting caught - who does the catching? (1)

Che Guevarra (85906) | more than 7 years ago | (#17171388)

The low risk of being caught and the relatively high-rewards on offer helped the criminal gangs to paint an attractive picture of a cyber criminal's life, said Mr Day.

Why exactly isn't there a fear of getting caught? Considering the way the RIAA and other orgs (FBI) is able to track internet users, why so anon? -devils advocate

Re:Getting caught - who does the catching? (2, Interesting)

ZachPruckowski (918562) | more than 7 years ago | (#17171668)

The people who get caught by the RIAA are the "low hanging fruit" most of the time. They're either hitting ten year olds or they're hitting the superseeders (or the guys who run the sites). People with IT degrees who pirate would use safer, and harder to trace, methods. Even just using PeerGuardian or pirating via proxy (or stealing wireless) is going to help you a great deal in terms of not getting caught. Additionally, they "stay in the middle" in terms of threat level.

Same for these hackers. They're semi-safe because they're smarter than the average script-kiddie, and they're not quite as dangerous as the guys who hack the Pentagon or whatever. Law enforcement will feel two pressures: Go after the major crimes and close a lot of cases. They close the easy cases quickly, and catch the high-profile cases for the headlines. These guys probably feel safe since they're neither.

That said, the reason crime doesn't pay is that a cops only needs to get lucky once, but the criminal needs to be lucky everytime.

Criminal gangs are targeting tech students? (5, Funny)

rampant mac (561036) | more than 7 years ago | (#17171404)

SCO is hiring? I'm so in there...

I Condemn All These Crackers! (1)

Kiba Ruby (1037440) | more than 7 years ago | (#17171414)

All "hackers" who choosen to work for criminal organizations are not true hackers.

They are against the ways of the hackers! They choose to harm the internet! They don't deserve the title "hackers". What they really deserve is the title "crackers". For they have chosen such unspeakable unethical career!

          -Happy Hacking, Kiba

Re:I Condemn All These Crackers! (0)

Anonymous Coward | more than 7 years ago | (#17173164)

You're 12, just seen the movie "hackers" and found a place you feel right at home to come to and relate...

Had to be said (2, Funny)

NotFamousYet (937650) | more than 7 years ago | (#17171426)

And what's their motto?

DO evil? :P

What an efficient world we live in. (0)

Anonymous Coward | more than 7 years ago | (#17171468)

Previously they were called "CEO's".

Now we just come out and say it.

If they were good hackers (1)

antifoidulus (807088) | more than 7 years ago | (#17171482)

they could just get a degree the same way "Michael Parker" from Mitnick's first book got one.

How about 'recruiters' phishing? (1)

maggotbrain_777 (450700) | more than 7 years ago | (#17172452)


I just had a headhunter call me the other day regarding an open position at SomeBigSearch Engine.
I had never conducted business with me before. We had never talked. In order to submit my application to the company, he stated that he needed me to give him my SSN#. I spent several minutes explaining that I do not give out my SSN to strangers, never mind when I initially submit my resume to a company. He was incredulous at my reluctance.
Now, I'd imagine there is a huge untapped market, of soon to be graduating students, here.
I'd bet there is a good entry level organized crime position just waiting to be filled cold-calling prospective employees.

Awww (1)

b.burl (1034274) | more than 7 years ago | (#17173052)

...I thought it was going to be about the new ms recruitment drive.

Great, where do I need to send my CV? (0)

Anonymous Coward | more than 7 years ago | (#17173588)

nt

Microsoft fits the definition of 'gang' (0)

Anonymous Coward | more than 7 years ago | (#17174262)

To many people Microsoft is an illegal 'gang'. This is based on its numerous convictions for illegal activities in many countries of the world, and its ongoing defiance of the laws in basically all jurisdictions of the world.

To the best of my knowledge, Microsoft hires IT grads.

Hey, wait, it's McAfee (4, Insightful)

nbauman (624611) | more than 7 years ago | (#17174524)

Did anybody notice that this BBC story is based entirely on a report, "McAfee Virtual Criminology Report http://www.softmart.com/mcafee/docs/McAfee%20NA%20 Virtual%20Criminology%20Report.pdf [softmart.com] and an interview with one of its authors?

This report -- from 2005 -- doesn't have anything that you couldn't have already read on Slashdot or the newspapers.

The BBC didn't check McAfee's claims with another source. The McAfee report doesn't say anything about criminals paying tuition for students to study computer science. The McAfee security analyst didn't give any details. The BBC didn't ask him the obvious question, "How do you know?" Did he talk to a student like this? Did he find it in court records? Or did he hear it from another security expert after a few drinks?

Has McAfee been reliable in the past?

So what? (1)

ghostbar38 (982287) | more than 7 years ago | (#17174908)

That's isn't new, they always pay better than anyone!

If the value of the IT were more then this could be different, but is not.

The Wired Article (2, Interesting)

Phat_Tony (661117) | more than 7 years ago | (#17174974)

Three years ago, Wired had an article [wired.com] written by a guy who does tech support for the Mafia.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>