Convicted Hackers Snubbed by Security Firms? 130
Esqueleto sent us an interesting story from Security Focus on convincted hackers and employment in the security field. When you get past the zillions of obnoxious frames, you'll read an article about a wierd problem: the guys who have a criminal record are tougher to hire... in this case they're talking about Mark Abene (Phiber Optik) being snubbed by @Stake, the guys who merged with L0pht. Of course this makes total sense from a corporate perspective, but considering many of the folks in the industry will admit freely to doing the same things, the conviction on your record makes all the difference.
ain't right damnit (Score:1)
LOpht is made of hackers, and @stake merged with LOpht. @stake shouldn't have done the merge if they wouldn't hire hackers. and besides, now that they have merged, space rogue has left HNN, and HNN has gotten less news.
@Stake, HIRE him. He is smarter than you people.
A Reply to THB.... (Score:1)
I could argue that one involves the potential of physical danger and the other involves someone in front of a computer, but I will not.
"Should a delivery person not lose their job if they lose their drivers licesce? What if it is for to many speeding tickets? Even if You speed every day and never get caught? "
I could also argue that if someone loses their job due to having too many traffic (or speeding) tickets, that after a duration of time they could continue their chosen vocation. But I will not.
"Many of the best learned a great deal through their 'stunts', but were never caught. Why wern't they caught? In some cases they better then everyone else, in others they did less damage, but they did not get caught."
I could say that everyone is clumsy and awkward to begin with and that they improve eventually, but I will not.
If someone is caught doing something illegal, then, according to our own laws, they are to repay their debt to society. I have no argument in this, after all, I am no lawyer.
But the point I tried to make, one that you glossed completely over, is that one mistake does not define a person. We, as a species not just a nation, learn from our mistakes.
If you were caught for, let us use your example, speeding and were told that you could never drive for a living again, even if you believed you were justified. How would you react?
I will make no arguments about the feasibility of my examples; after all, everyone views everything a little bit differently. What some consider as an "invalid" point, others see as very valid. I will not begrudge you your opinion.
And as for any legal discussion, I would advise you to talk to a REAL lawyer before you enter any court room anywhere with that as your defense.
And before you retort, READ what I said. Think about it. That is all I ask.
Re:Why? (Score:1)
Point 2: yeah, they might have valuable knowledge about computer security, but who's to say you can't find a "white hat" hacker that has the same knowledge? Or maybe you're really lucky and you hire someone who often finds exploits to troubleshoot your products. He's got a past of posting apps to exploit them prior to even letting the companies that created the products know so that they can ready a patch. Is this who you want auditing your source code? I think a corp would be irresponsible to put someone like that in that position. It's like hiring a career alcoholic to tend the bar. Sure you could do it, but would that really be the wisest thing you can do?
Your line about loyalty springs just a little to mind. Yes, most
Re:Well duh (Score:1)
Not really.
When high ranking corporate officers commit white collar crimes, they hardly ever do jail. It also doesn't affect their future employability like common crime does.
And white collar crimes frequently have wider ranging effects than common crimes.
Re:This is news?? (Score:1)
Whom would you rather have operate on you?
Re:Look at the bigger picture... (Score:1)
Personally, I think they're making a collosal business as well as public relations mistake. Improving technology is making their products more interesting and more valuable to their consumers. Instead of trying to get rich by working with that changing technology (Re: cassette and VCR) they're trying to destroy it to preserve their old ways of doing business. If they weren't trampling over our rights in the process it would almost be funny to watch them work so hard to make less money.
Re:I don't think... (Score:1)
It's a more drastic example, I know, but it goes a long way in this discussion of "well once he's done his time, he's paid his debt to society".
Re:Well duh (Score:2)
Yes, just as it is your right "to think that you really need to wake up and smell the coffee brewing."
So you are telling me that you would like to have most of the talented individuals in the industry out of work?
Hell, I don't care if convicted hackers are employed or not, I do not work at a security firm, I am not an HR person at such a place. Personally I could care less if they are hired or not. I was just arguing that it is the employer's choice. Would the person have a better chance to be employed had they not been convicted of committing a crime? Yes, I'd wager. That was also what I said, if employability is important to you, don't break the law. Doing so will not prevent you from getting a job but it will likely make it tougher.
And no, I am not telling you what to do; I'm simply requesting that you think about the situation a little more
Your earlier statements sure made it seem like you were telling me what to think. The beauty with the situation as is, is that I don't have to think about it extensively since it doesn't effect me. Should a security firm hire someone who's been convicted of a crime. I DON'T CARE. If they want to, sure, OK, cool; if not, fine, that's their call. What I am saying is that: first, just because someone serves their time, my view is a bit slanted on them still (past behavior is the strongest indicator of future behavior); and if you are concerned about your employability, try your best to refrain from committing crimes.
Re:NEWS FLASH: Real Life Not Fair! (Score:2)
~ Signal 11
Read the Communist Manifesto (Score:2)
convictions and such. (Score:1)
Re:Look at the bigger picture... (Score:2)
Unless the unjust law affects powerful people such an approach is unlikely to work. Behind such laws is likely to be a politically powerful lobbying group. Who have the ear of politicans 24x7...
The people who need convincing are judges and police.
Re:It's the same with any convicted felon! (Score:2)
Possibly true, but especially with the second example highly politically incorrect...
Hiring someone convicted of a computer crime has some pretty obvious benefits: yes, the person got caught, so they're probably not The Best. But they're probably also fairly good, and probably knows a bit more about the trade than your average Minesweeper Consultant.
Remember also that the better crook probably dosn't have a conviction...
Re:Well duh (Score:2)
Re:Well duh (Score:1)
Today's society however seems to want to punish "criminals" and criminals forever.
Hiring hackers for security (Score:1)
Whilst I agree with the fact that convicted hackers undoubtedly have certain proven skills, they also have another quality that IMHO makes them unhirable. They have no respect for authority.
While the job you offer them is "kool" or interesting maybe they'll work for you. But I don't believe you can trust them, or expect them to show any loyalty to your corporation.
If they get bored, or someone paying more comes along, whatever, they'll have no qualms using their privileged position within your organisation to do whatever damage they feel like.
I guess it's an argument you can apply to any convicted criminal, but maybe in this case the crime is particularly symptomatic of a lack of respect for society's boundaries.
Re:How it has affected me (Score:2)
Re:Why? (Score:1)
Wonder how many of these corporations wouldn't even think twice about buying their software from a bunch of crooks (who's criminal activities vastly excede any "convicted hacker.)
Re:Guilty or Not doesn't matter much these days... (Score:2)
Even if I win my appeal, and the law is made useless to prosecutors and harmless to the general populus (who seem to be breaking this law at least a half dozen times a day for each person who uses a computer), there will be some who claim "Well, he just got off on a technicality, or because he had enough money to throw at the problem."
And then there's the small matter of the quarter million dollars I've had to spend (subsidized in a small part by my legal defense fund, thank you!) which doesn't automatically come back if I win the appeal. Nor does the community service time, or the time I spent in courts. Or the missed opportunity because of bad timing.
I do not wish what I've been through for anyone else. Even my worst enemies. And that's why I talk about my personal mistakes in public as often as I can (including having given my 90 minute Just another Convicted Perl Hacker talk for user groups, universities, and conferences dozens of times all across the country). The saddest day in my life would be to hear that someone else was taken down for doing their job because they hadn't heard about my case. So please, spread the word!
Re:Well duh (Score:1)
I can understand them asking if you have ever been convicted of a crime, but has anyone ever seen the applications that ask if you have ever been arrested? In a country where you are innocent until proven guilty, and are not required to divulge self incriminating information, how can they ask if you have ever been arrested? This burns me every time I see it, because some holier-than-thu HR person will probably see an arrest, that is, being accused of a crime, as bad. I don't see this as fair to the truely innocent. Legally, I suppose a simple arrest means nothing, but we're dealing with human nature here. Does anybody know more about this?
Lack of Legal Knowledge by ./.er's (Score:1)
possibly, not every illegal action is a crime (Score:1)
Re:Snubbed? (Score:1)
You're confusing 'snubbed' with 'snuffed'. 'Snub' is exactly the right word. When you go to a party and no one wants to talk to you, you've been snubbed.
However, CmdrTaco might want to look up the spelling of 'hypocrisy'.
Re:This is news?? (Score:2)
It's also a mistake to assume that the convicted (and arrested) population mirrors the criminal population. Centain demographic groups are more likely to be arrested, more likely to be convicted (and to receive longer sentences.) (Added to this certain types of crime are specifically defined to only apply to certain catagories of people, e.g. rape.)
You can't trust someone who likes to hurt others. (Score:2)
Were I to crack into some computer or another and leave it as I found it, nothing would happen to me, especially if I contacted the people in charge of that system's security and let them know they were vulnerable. Why? Because it simply doesn't pay to sue or prosecute someone when no harm has been done. It isn't worth the time and money. Even if I didn't contact the sysadmins to warn them the company would have very little incentive to go after me.
On the other hand, if I were going around breaking into people's systems (like Kevin Mitnick), erasing their data (like Kevin Mitnick), and posting their personal files online (like Kevin Mitnick), then I would of course be apprehended and rightfully prosecuted for my crimes.
I wouldn't want a cracker even in the building where I work, let alone working there too. Why? Because you can't trust them. I don't say that because of their criminal record. I say that because they have shown that they derive pleaure from harming others. Sociopaths don't make good employees, no matter what their technical skills.
Lee
I'd Hire Phiber Optik (Score:1)
Re:Why? (Score:1)
We don't hire serial killers to catch serial killers, do we?
"Hire," no. But, for example, the investigators looking for the so-called Green River Killer in/around Seattle, when they were stumped, went and asked Ted Bundy for insight into the GRK's methods and advice in apprehending him. It didn't work because they didn't listen to him. There's a book about it, called The Riverman, by Robert Keppel, one of the detectives. It's an accidental case study in cop psychology, showing how their badge-flashing, domineering personalities make them unsuited for dealing with cases involving complex characters like Bundy, who comes off as a weirdly (sym)pathetic antihero, shouting the truth at a brick wall. An odd book.
So, yes, "we" do "hire" serial killersÑwithout paying them; they tend to be very chatty, and love hearing about the 'sploits of others in the field, and getting to hear and talk about it is payment enoughÑto catch serial killers.
Hiring antisocial crackers is silly. (Score:1)
Crackers usually know about a lot of concrete security holes and can help companies fix them. But that's the wrong approach, and it is in part responsible for the poor state of computer security today. Making computers secure requires more fundamental changes than patching a few holes around the edges: it requires new system architectures, cryptographic methods, clear design, and better programming languages. Linux, *BSD, or Windows NT will never be really secure.
Of course, in the short term, all that patching and exploring is lucrative. But if you really want to help make computers secure in the long run, get a good education and stop breaking in.
Re:Look at the bigger picture... (Score:1)
My point (to which you did not respond) is:
While there are valid reasons to not employ (or rent apartments to, or lend money to, or insure, or...) convicted criminals, not all criminal convictions are created equal (and some criminal actions may even be truly just) simply accepting the unfairness of it all will lead greater injustice in the long run.
This is especially true given how pervasive background checks are becoming. Moreover, it is impossible to get background check organizations to treat each case individually because their incentive is to report as much negative information as possible (since if something goes wrong with someone they clear, they're in big trouble while if they fail to clear someone who wouldn't be a problem no one will ever know). And this chain of reasoning is independent of whatever particular unjust law is under discussion. This is a difficult problem and freely admit I don't know how to solve it, but I think the first step is to admit that it is a problem. Your "simple maxim" denies that the problem even exists.
That said, while I am not perfect and I've only just begun to understand how bad things are getting, I am doing more than buying T-shirts and breaking laws to fight the laws I consider unjust. I am registered and do vote (even in primaries), which can be very frustrating because candidates make it very difficult to figure out where they stand on issues I care about. I am an active participant in the dvd-discuss forum, where I am learning more about these issues and I hope I am doing my part to help the defense of 2600. I am also doing what I can to raise public awareness of these issues (I was part of the chain that helped expose that Time Warner's hypocrisy about linking to DeCSS and I wear my T-shirts in public as much as I can). I am "voting with my wallet" by not buying DVDs and trying to make sure that I don't get entangled with unjust license agreements for the products and services I buy and use. I haven't written to my elected representatives yet, though I plan to once I am done with a move I am in the middle of since I will be a constituent of my "new" representatives for a longer time than I was one of my "old" ones.
Getting caught is the real problem. (Score:3)
Of course, there's also the factor of having the sense to do little enough that you won't get busted.
Re:I don't think... (Score:1)
can you honestly say that phiber optik is just a script kiddie out for giggles with someone else's code? hell no. The other consideration is, is what crackers do enough to warrant them the time and the infamy they get?
besides - who better to pay to break into a network than someone who has already shown they have vast amounts of experience with it. And that they won't puss out because they think their tactics are too "shady." - You might call these guys a liability. I would call them an asset.
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
Re:Turd (Score:1)
I know this to be true becasue it takes a turd to know one.
<O
( \
X
8===D
Bowie J. Poag
Pros and Cons (Score:2)
Pros: Cons: Whether or not one should hire convicted criminals is completely up to the employer. It basically depends on whether or not you think you can trust them. It's obvious that they have the experience and knowledge, but whether or not you can trust them with your system is a whole other matter.
Re:NEWS FLASH: Real Life Not Fair! (Score:2)
I'm sure the six year old in Chicago who murdered a child was on a "reckless streak" too. There are laws in this society, and you need to observe them. Minor infratcions can be forgiven easily, but most felonies will stick with you for the rest of your life- and they should.
Re:Why? (Score:2)
And would you argue, say, that the folks auditing code for OpenBSD (and those in similar projects) do NOT know about computer security, simply because they don't break into other folks systems without their consent? That'd be one approach, but they use their judgement. One could train for a rifle competition by targetting pedestrians, but it's far more appropriate, if less challenging, to practice on a range with paper targets. That's discretion.
Getting convicted of a serious crime demonstrates a profound lack of judgement or discretion. I see no reason why a company should trust, let alone ever hire, somebody who utterly lacks such traits.
Re:Media attention is not necessarily bad... (Score:1)
Gosh gee whillikers (Score:1)
Not Good Enough (Score:1)
Re:It's the same with any convicted felon! (Score:1)
Either way, it would be accurate to say that a pedophile would be more likely to know, or be aware of methods used by other pedophiles.
It's a fact that if you're a career criminal at [bank-robbing | child-molesting | computer-cracking] that finally got your self a stay at the state bed-and-breakfast, and you're now looking for a security job in the private sector guarding against whatever you used to do, you'd have an edge over some luser who's out of the latest training proggie in security for whatever...
Re:possibly, not every illegal action is a crime (Score:1)
Kinda makes you wonder why they would bother tracking down and prosecuting those "hackers that don't do any harm", doesn't it?
And BTW, showing a child your penis in a park doesn't do anybody any harm either. You still go to jail though.
Re:It's the same with any convicted felon! (Score:1)
The right to choose who one associates with. (Score:1)
However, normal lives are one thing - but nowhere does it say that they have the right to do whatever they like.
Personally, there are a lot of professions that I'd love to be able to pursue - but for which I am unemployable for various reasons (I can't be an astronaut, for instance, because there are plenty more fit candidates).
Some of these professions I am ineligible for, because of a single "mistake" in my past. I can't be an architect because I chose to study history instead.
Do I have the right to demand that I be given a job as an architect, from the reasoning that "a single mistake in my past should not be allowed to determine the rest of my life"?
Of course not. To employ me as an architect would be foolish, and any company that I applied to would be perfectly within their rights to judge me an unacceptable risk in that job.
In other words, it is the company's decision who to hire, so long as they decided on the basis of objective criteria - i.e. can you do the job satisfactorily, and without constituting an unacceptable risk?
Convicted hackers have shown that, at least once in their lives, they were security risks. Like it or not, that makes them unemployable by all but the most risk-willing employers.
A reputation for trustworthiness is an asset, and a fragile thing. Break it, and it is not magically restored when you get out of jail.
- Ravn
Re:It's the same with any convicted felon! (Score:1)
As an example I had to terminate an employee a few months back. Recently, I ran into a router whose password wouldn't work. After checking other routers, I found a total of 7 routers whose passwords had been changed which I didn't have easy physical access to. "PasswordListGenerator" and "Brutus" (don't have URLs at home, sorry) saved my company several thousand dollars in travel costs due to the former employee changing passwords and forgetting to document them. (I am in no way, shape, or form saying these changes were malicious, as they followed our definition and contained nothing libelous.
That was three days of brute force. Thank God I'm not in Oregon, or I would be in jail right now.
-- Talonius
Re:It's the same with any convicted felon! (Score:1)
Apart from the fact that embezzlement is a matter of how you steal, not how much, this all seems to suppose that the only thing that counts is technical knowledge or skill. But surely the point is that you have to be able to trust people to whom you give control of, say, your accounts, or your system. Past behavior may be far from perfect as a predictor of future behavior, but it's surely relevant; and past dishonesty is surely at least relevant to the question of trustworthiness. Aren't you just a little less inclined to believe people who have lied to you in the past? If you were to discover that the financial manager you'd entrusted your life savings to had a history of embezzlement, would that make you feel reassured?
As for the child-molester example: I don't think you've thought this through. Even assuming that child molesters are particularly adept at spotting other child molesters, what importance would such an ability have as a criterion for hiring day-care employees?
Re:Well duh (Score:1)
Re:The fact of the matter is... (Score:2)
It's the same with any convicted felon! (Score:3)
If a person is convicted and goes to jail while on the job, an employer might have to expend effort in replacing them w/o notice, even if the conviction is not related to the job.
This is different from time off for injury (say under the FMLA). Being ill/injured is not something that is a person's fault. Committing a crime is a person's fault.
Putting a person convicted of computer stealing computer data in conputer security is similar to putting an embezzler in a cash counting room or a child molester in a job at a day care provider or a convicted drunk driver as a school bus driver or a perjurer as an attorney.
Michael Milken anyone? (Score:1)
--
And Justice for None [geocities.com]
Re:It's the same with any convicted felon! (Score:2)
I refer to the law, notes from congress, and the courts.
Murder is illegal, but people still kill.
Everything that happens to a person dis not always their fault. You stop for a red light, someone rear-ends you, is it yoour fault? Is it your fault your kid gets leukemia? Is it your fault Windows98 has bugs? Nut comes into the office, starts shooting, is it your fault?
Re:Well duh (Score:2)
http://www.unm.edu/~finaid/eform01/drugconviction0 1.html
I did, and sorry, but it made a liar out of you. The debt is not "forever" as you claim unless you have been convicted of taking drugs three times, or selling them twice. And even then, even for selling, all you have to do is complete a drug treatment program. Basicly the prohibition looks to boil down to "we won't give you money if you have a drug problem, stay out of trouble for a few years or complete a program to demonstrate you don't have a problem anymore, and we're all set." Nothing like your orriginal claim.
-Kahuna Burger
Second-guessing the law... (Score:1)
"...or it should not be a crime in the first place"?
Look, like it or not, society's rules are clear enough. Someone who cracks knows that he is committing an illegal action (or, if he doesn't, then he should be locked up for criminal stupidity).
We could debate whether a particular action should be criminalised or not - but that is what the entire legislative system is set up to do. Whatever we decide is immaterial, unless we can make the legislative system follow suit.
Now, I will be the first to stipulate that there are numerous crimes on the books that in my opinion are stupid and counterproductive at best, and downright unjust at worst. That does not change the fact that if I choose to deliberately set myself above those laws, I am asking for the full weight of society's retribution to come down on me.
There are situations where defying the law can be a reasonable thing to do. But when you get caught, it's time to pay the piper - and one of the prices you pay for breaking security is that nobody will ever trust you with important stuff again.
Re:Media attention is not necessarily bad... (Score:2)
From reading the article it appears (and I only have this single media representation to judge by) that PO was a straight shooter who did not steal and was mostly interested in exploring and understanding.
Perhaps the biggest crime committed here was a failure to play the political games. During the 80's and early 90's as I remember the internet was more of a wild west where Academic turf was protected vigilante style. An unfortunate explorer might find themselves strung up for being on the wrong port at the wrong time.
Re:I don't think... (Score:2)
I completely understand why the guy who got caught as a young man breaking into computers (probably just for fun) did what he did. I know I did the same thing, and just never got caught. I don't see what he did as a 'sickness', and don't see it as any worse than a *lot* of technically illegal things younger people do.
A child molester, on the other hand, treads into animilastic behavior and the roots of civilised society; I belive that child molesters don't deserve prison, they deserve death.
Guilty or Not doesn't matter much these days.... (Score:1)
For the competent enough, it works backwards (Score:1)
(And if the person in question is actually having a hard time finding a job, s/he should switch states - or countries)
Re:Well duh (Score:2)
Perhaps they believe that you have shown yourself unable to handle money responsibly. :)
More seriously, are you stating that this prohibition applies only to those convicted of drug crimes, or is it more broad based against covicted criminals? Also, are you talking about grants, loans, state aid, merit based, institutional, all of the above, what?
-Kahuna Burger
Duh! (Score:2)
How it has affected me (Score:5)
This makes me less up-to-date on the latest technologies, and cost me opportunities to do really cool things and be part of a team somewhere, a part of my "former" life that I sorely miss.
As the requirement for a formal disclosure and acknowledgement of my current legal status ends in just a few more days, I can once again look at being involved in direct consulting, rather than training. (Although being directly employed will almost certainly still not be possible, I can look for opportunities where a company contracts with my Stonehenge company once again.) But the six years in the middle have been very tiring.
For more information about my ongoing legal battles, please visit the Friends of Randal Schwartz [stonehenge.com] website or send a blank mail message to my autoreply bot [mailto].
Re:Why? (Score:2)
Simply because a statement is true does not mean that its converse it true--you know that. The fact is that convicted computer criminals have (1) name recognition and (2) valuable knowledge about computer security. One of the other posts mentioned the lack of loyalty that computer criminals possess, but that is true of almost all employees in the computer industry. If
Computer criminals would be a valuable asset to any security consulting firm and can be had for a bargain price. Corporations would be irresponsible to not hire these people.
Hmm... (Score:2)
Media attention is not necessarily bad... (Score:1)
are hackers somehow "different" ? (Score:1)
Does anybody read HNN? (Score:1)
Re:and todays spelling lesson... (Score:1)
<O
( \
X
8===D
Bowie J. Poag
Re:It's the same with any convicted felon! (Score:1)
Bzzzt! You lose.
An embezzeler who has stolen cash (presumably at least with some success, otherwise he'd be "petty thief," and not "embezzeler,") knows how other embezzelers work, and can help guard against them. I'm also willing to bet that a pedophile is far better at picking out other possible pedophiles by just looking, etc. etc.
Hiring someone convicted of a computer crime has some pretty obvious benefits: yes, the person got caught, so they're probably not The Best. But they're probably also fairly good, and probably knows a bit more about the trade than your average Minesweeper Consultant.
Re:Why? (Score:3)
Really? The FBI sure as hell interviews them, utilizes and implements what they have to say. They also interview, and occasionally hire people convicted of computer crime. Take the recent ex-disney exec for example. It often takes a crook to catch a crook. Knowing how a hacker /thinks/ is as important as modus operandi.
While I certainly agree with you that you that getting convicted of a serious crime demonstrates a profound lack of judgement, I think dismissing someone who was convicted of such out of hand also exhibits a profound lack of judgement. People complain that they don't want an ex-con working with them. So where do these people want ex-cons working? As Reagan put it, "trust, but verify". I'm not saying to go light on these people or the like, but take advantage of what they know. They'll be the first person to thank you for doing so.
Whoop de Shit (Score:1)
So we are complaining that people who break the law are suffering because of it? That's how society works. As for the corporate people who do the same thing but just haven't been caught: Innocent until proven guilty.
If I were a stockholder of @Stake, I'd be a little concerned if they did hire convicted "hackers" (btw, Slashdot, don't complain about the media using the word that way if you do it to). Doing so would expose them to lawsuits if that individual ever screwed up.
My mom is not a Karma whore!
Re:Look at the bigger picture... (Score:2)
I am curious as to how you are fighting these unjust laws? By breaking them? By buying t-shirts? Hopefully you also have spent some time writing your Senators and Representatives. Hopefully you have taken the time to register to vote. Hopefully you have taken the time to discuss this with other voters, be it in person or on the Net.
Of course I say this all out of hyprocicy. I'm not registered to vote, I've written a Congressman but once (a couple years ago), and I rarely, if ever, discuss politics with others. Of course I am not the one professing my distaste for such laws...
Teenagers are not all *ackers. (Score:1)
reason, or for whatever mistakes they made."
Or maybe people who obeyed the law as teenagers look down their noses on convicted felons.
I'm 15 and _really_ tired of the sterotype that places me as little script kiddie who likes to r00t windows boxen for fun. I don't root computers, I don't have an urge to, and I know many other teens who don't get off on uploading root kits or using NetBus. I quote one of them "I'd be about as fun as shoving a 1 1/2 inch marble up my ass".
Don't get me wrong, but all the little kiddies I know don't know shit. I could (theoretically) do a lot more than they could towards cracking computers, but I have no desir to. It seems that they only know how to run pre-made programs to break poorly secured computers.
Don't get me wrong, there are very good crackers out there, but most of them aren't teenagers. If I was a security firm, I'd hire someone who knew what they were doing, not a kid with a script. Security firms don't want the people to crack existing systems (with scripts), they want people who can find security errors before they release the software. There is a large difference.
Re:What about accused, but case dismissed? (Score:1)
The U. and ISP are framing him for all their network problems?
and that he was dumb enough to trust his "friend" at the ISP and coworkers at the
The issue of course is that the case was dismissed, which means that there is no conviction and thus no record/ guilty plea.
Either he got off easy (if he had done it), or was royally screwed by his friends/coworkers just so that they can cover their asses.. Since there was no trial, many probably just think that he "beat the system" since the evidence never got to be publicy entered as "proof"... and therefore torn down as you say it should have....
I would like to say it it doesnt happen, but I am painfully aware of situations where trusting co-workers can lead to huge problems...
Another question is where did the person that thought he was from Jordan get HIS information? Was it from the U. staff, the UPD, the TV station or the ISP? and thus how biased is THAT information?
Re:I don't think... (Score:1)
He probably molested the kid, just for fun... as you so put it. yet, molesting kids is breaking the law. If the hacker didn't want to break the law, he or she could have set themselves up a system to break into, or else contract their skills out to a company that wanted to have their security tested...
Maybe I should carry a brick with me and call myself a "security consultant". If people don't try to hire me, i'll smash their windows and snoop around their house. Maybe I'll even leave a few micro-cams laying around so i can spy on them...
But then maybe someone will see that brick I'm carrying me and ask if i do security consults. I'll say "yes". We'll arrange a meeting. After shaking hands, he walks away, I bonk him on the head with the brick, take his wallet, and announce 'you're not secure', here's how i did it:
does that person deserve a job? He just took a brcik and smashed a window. Or else he took the brick and bonked someone over the head with it. Anyone can do that. Guido can do that. That's not skill. That's not anything but showmanship.
On a side note, I'm sure you've read, but in case you haven't... the ACLU? You like them? You like how they defend "our rights"? Well, they've decided to step in and defend "our rights" to molest children, by providing legal counsel for NAMBLA. Fucked up, isn't it?
Re:Well duh (Score:2)
http://www.unm.edu/~finaid/eform01/drugconvicti
Interesting editorial here:
http://wildcat.arizona.edu/papers/93/109/03_1_m
Re:What about accused, but case dismissed? (Score:1)
I remember him helping me out in learning how to use Linux when everyone on campus was saying that Linux sucked and that they would never run linux on campus since it was not a "real os". (The university was using a Sun based Unix box, an AIX based RS6000, and a Prime box, MS windows Web servers, and novell fileservers/mail)
They seem to have changed their minds about linux now... only its a little too late. Anyone with linux/opensource know-how left that university a while back... {nobody wanted to be accused of being a hacker since the university portreyd Linux as being a Hacker OS)
{as an example of the harassment that happened to Linux users: I got my account suspended for printing the net3 and firewall howto. The explanation was that they did not condone printing of hacking documents)
Hackers OK, crackers not! (Score:1)
Hackers who hack for the thrill or the experiment of it, I can accept, once they've reformed and grown up. Crackers, on the other hand, who are essentially thieves who hack for their own monetary gain, I would stay the hell away from.
Re:are hackers somehow "different" ? (Score:1)
Why?
Are you saying that child molesters can never better their ways? Once a child molester always a child molester? How about: "once a thief always a thief"? Then how about: "once a hacker, always a hacker"? Can a company that hires a felon convicted for hacking be sure that this hacker will not turn against the company? Or is it OK to hire this hacker, as long as you keep him away from the financial department's computers? How about the clients, can they be sure that this hacker will not probe their systems just a little bit further than what they hired him for?
Re:Well duh (Score:1)
Re:What about accused, but case dismissed? (Score:1)
Much of the networking staff/IT [wtamu.edu] there has changed completely. Kenneth is no longer there; but James is still there.
They (the current networking staff) really have worked hard to fix the problems that plagued their system.
It is not fair to continue to block them for mistakes in their past.
Just a guess, but it is most probably James H. and/or the dean of Tech. Dr. Nelson, who follows all of James's "recommendations" blindly, who "advised" the Police department to continue not to allow him access to the campus.
The police/admins. may not have handled the situation as well as they could have. What they should have done was allow him access to the campus with a restriction on computer access. The problem with that is that his abilities as mentioned here probably meant that they were afraid of his ability to still "get through". Of course the next logical question is.. If he really IS that good, doesnt it mean that if he wanted to harm the campus network, he would have been able to do so remotely anyways, and most probably WITHOUT detection?
Most of the case file, including a copy of the trespass warnings, and other details can be obtained from him (if you ask nicely) or from the court records (if you are willing to go through the red tape).
As for the UPD, [writing "forever" on a trespass warning that has a normal limit of 1 year clearly shows a deeper hatred than normal]
I am surprised he did not go further legally {but funds may have been an issue} since it was obvious that the UPD was most probably abusing the law(s) that allowed them to ban him from campus in the first place.. A law that was meant to stop drug dealers and gang members and other VIOLENT offenders from accessing campuses was possibly being abused by the police to further their own personal prejudices and fears or agendas.
Some of the same problems on the networks mentioned above; many that seem to have been fixed were some that supposedly the "accused" informed them of a long time ago, but was ignored, and was later on blamed for when they were most probably exploited.
His "defense" file if they went to trial contains copies of emails to both the ISP and his bosses at the university about some of the problems, as well as an "explanation" of most of the circumstancial evidence that they had..
Something else that gets me, and was mentioned in that newspaper article, is that the university allows a CONVICTED murderer {manslaughter) [briandeneke.org] to access the campus freely, but yet they deny someone else access to the University...
One really has to wonder if other factors are in effect here other than the network issues.
It seems more of a personal grudge than a network/computer issue.
Something that no-one else has mentioned here is that there is also another third party involved. A third party who initiated the accusation/complaint (their web page was also allegedly erased by the accused), who turns out was applying for the same job position as the "accused" at the ISP [arn.net]
makes you wonder......
er... (Score:1)
the terms aren't fuct. the laws are.
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
Re:What is a felon? (Score:1)
Re:Teenagers are not all *ackers. (Score:1)
And usually to gain *complete* control over a box you must gain root or some other super-user power/permission, directly or indirectly. Therefore his statement of "rooting a box" can be construed as correct.
root(unix) = Administrator(Win NT/2k) = normal user( Win 9x/ME ).
if you use this simple conversion his statement can again be construed as correct.
If you can state an example of having *complete* control over a box without root/Admin permissions please tell me.
Re:are hackers somehow "different" ? (Score:1)
Re:perjurer as an attorney? (Score:1)
"You mean like X president/X husband Bill Clinton practicing law in Arkansas?
Not the same thing though (Score:2)
You maintain that you're *innocent*. (And from what I know of what happened, my personal belief is that you are).
That's a world away from being convicted and not appealing, thereby implicitly putting your hands up and saying, "it's a fair cop, guv. You got me bang to rights".
--
Fuck you all.. You're nothing but fools. (Score:1)
Re:Pros and Cons (Score:1)
<O
( \
X
8===D
Bowie J. Poag
Re:This is news?? (Score:3)
The problem is that a felony conviction doesn't mean as much as it used to. When most people think of felonies, they think of rape, murder and armed robbery. Today, a wide swath of crimes are considered felonies, and politicians and so-called activists for various causes, lobby for the reclassification of misdemeanor crimes as felonies, to "prove" they are serious about fighting crime or to advance some agenda. Some animal rights groups are trying to get "animal cruelty" reclassified as a felony, and some of them have very broad ideas about what constitutes "animal cruelty".
The fact of the matter is... (Score:2)
Frankly, I'd rather have them working for me...
Kierthos
Well duh (Score:3)
Why? (Score:2)
MindPixel [mindpixel.com] -- help build the world's largest neural network and get free stock!
Re:Hiring antisocial crackers is silly. (Score:2)
People have ample opportunity to practice those skills on-campus, in situations where they are not likely to get a felony conviction. It's when people direct that kind of effort against e-commerce, military, and financial sites and when they obtain credit card numbers and other sensitive information, that it suggests both an anti-social inclination and a lack of good sense. Whether they also have a good education or not has nothing to do with it.
That's basically the distinction between "crackers" and "hackers". Both crackers and hackers may enjoy a good beer afterwards, and both may know how to break into any system, but I would hire a hacker to work on security. I wouldn't hire a cracker.
Ha. (Score:3)
Why would it make a difference? Risk analysis. If Phiber ever did something bad (which I have no doubt he would never do.. but that's not how risk management works), and the client who was violated could show that the company *KNEW* he was a convicted felon.. who's negligent? This is the US man.. they would sue @stake for knowingly hiring a convicted hacker.
Sucks, eh?
Re:Well duh (Score:2)
That notion should be on a person-by-person basis. If someone commits a crime and serves his time and you want to forgive them, kudos to you, but why should I have to fogive them as well? What if I never want to forgive them for their crime? Don't I have that right as well?
Companies are like individuals, too. It is solely their decision if they want to hire criminals or not. It's like with GWB... we, the citizens, are his potential employers. It is our judgement call if we wish to elect someone with his... past.
Re:I don't think... (Score:2)
It is valid to not want the convict working for you.. but the reason should be fear of litigaton *if* something happens, not fear that he will actually do something.
I would trust someone equally, had they been conviceted or not. What I don't trust is my clients feeling the same way.
Re:Well duh (Score:2)
Here the point is that criminals should be treated like ordinary citizens because they've paid for their crimes
How you treat someone is your perogative, and do as you may, but don't expect to instruct me on what choices I need to make.
So you are telling me that if someone broke into your home, robbed you, was caught and served his or her jail time, that after his or her sentence, you'd embrace this person as a law-abiding, innocent person? One who you wouldn't mind having in your house for tea? Would you hire this person to do yardwork around your house? If you answered yes to both of these, fine, that is your call, but I would have answered no. And for you to tell me that I should and would have to answer yes, that is criminal.
I don't think... (Score:4)
1)I don't want, as a corporation, to hire someone who is known to have done illegal things to break other people's security, if his job is to know all waeknesses of security we make. This guy could easily put an obscure back door into all of the security measures, and then exploit it at a later time.
2)I don't want someone who is known to be a cracker sitting on a computer behind my corporate firewall.
Now, as an individual, he may be a great, upstanding guy who's only crime was curiosity, but I don't think that a company should have to take a risk on the fact that he may be an idealist.
NEWS FLASH: Real Life Not Fair! (Score:5)
It is a rhetorical question, but one HNN felt that they had to bring up. No, life is not fair. Yes, some people are wrongly convicted. Yes, there is a stigma attached to computer "crime". Regardless, these are the rules you play by.
On the other hand, who better to hire than someone who has had real experience, as opposed to a paper cert? No wet-behind-the-ears MCSE is going to know how to craft security policy, how to do risk management, and how to do cost benefit analysis and everyone in the industry knows it.
It is a calculated risk every time you hire someone who has a criminal past. As a manager, it is your job to evaluate each person one by one and weigh the benefits. Most of the time if you're doing your job right, you'll find most people have had minor brushes with the law (reckless kids get drunk, smash mailboxes, etc), and computers are no different. We may be geeks, but many of us have a reckless streak - it's called being young. To outright deny these people a job is a failing on your part as a manager. Judge each person individually, and not as a group.
This is news?? (Score:2)
What customer would open up their server room for a week to let convicted fellons "audit" their network?
It's those 2 words combined, convicted and fellon, that sends chills down the spines of anyone listening, but should it?? ?
You bet it should! What is says is not only have you been accused of commiting a crime and dispite every possible civil right extended to you (as well as appeals) you still managed to get CONVICTED! That's a dumb move, and you deserve 2 flip burgers in silence while contemplating your mistake.
Re:Well duh (Score:2)
Many of the best learned a great deal through their 'stunts', but were never caught. Why wern't they caught? In some cases they better then everyone else, in others they did less damage, but they did not get caught. Many people in this discussion believe laws are only to punish, when in reality they are a deterrent. If you are not caught, you are not guilty, that is why the statue of limitation exists.
Should a delivery person not lose their job if they lose their drivers licesce? What if it is for to many speeding tickets? Even if You speed every day and never get caught? Would you trust your personal information to someone who was convicted of stealing it in the past? Even if they are very good at what they do? Well I certainly do not.
No Security Clearance (Score:2)
I can tell you that being a convicted felon makes it impossible for one to get a security clearance of any sort from the U.S. Gov't. The FBI will sniff that one out in a second, and if you've got a felony conviction on your record, no clearance. One or two misdemeanors might make it.
So, if you're a security firm, and you hope to land fat gov't contracts which will require your people to get cleared to some level of security, do you want to hire convicted felons, who can't be cleared?
L0pht's background (Score:2)
Also a computer security company that wasn't aware of this Phiber Optik's past kinda worries me.