Criminals Target Tech Students With Job Offers

An anonymous reader writes "BBC News is running a story on criminal gangs targeting tech students. Some of these outfits offer to pay for an education in exchange for the student's employment on graduation in criminal hacking activities." From the article: "As the number of criminal gangs looking to move into cyber crime expanded, it got harder to recruit skilled hackers, said Mr Day. This has led criminals to target university students all around the world. 'Some students are being sponsored through their IT degree,' said Mr Day. Once qualified, the graduates go to work for the criminal gangs. As well as the direct route of targeting students, some organised crime gangs were trading on the glamour surrounding the 'hacker' label to help them recruit impressionable youngsters..."

surprised?

[Xolom (989077)]

it's a better job offer than the other offers most kids are going to get, and it appeals to their interests... why are people surprised?

This is a good thing

[svunt (916464)]

I'm currently doing an IT internship for the Gambino family. The pay is good, I get medical & dental, and if anyone mods me down, they'll find out about some of the other perks of working in the industry.

Re:This is a good thing

[Lane.exe (672783)]

Eh, getta load of this guy! We pays you good money so you can keep quiet, sit in your little room, and do your computer thing. But what's this? We finds you on this "internet," advertising who you work for! Hey, bambino, leave the singin' to Sinatra, capische?

Whack 'em.

Re:This is a good thing

[Dachannien (617929)]

I had no idea that Joe Pesci was a Slashdotter, until now.

Re:This is a good thing

[idonthack (883680)]

Whack 'em.

So, uh... I understand you have an opening now?

Re:This is a good thing

[6Yankee (597075)]

Yeah, but youdonthack. Sorry :P

Re:

[Broken scope (973885)]

My god, you have no Idea how much I want to waste a mod point now.

Re:

[RareButSeriousSideEf (968810)]

I for one welcome our new tuition-paying overlords.

Re:surprised?

[ScentCone (795499)]

it's a better job offer than the other offers most kids are going to get, and it appeals to their interests... why are people surprised?

Um... for the same reason people might be surprised if non-crazy students who spend their years in college studying chemistry would look for "sponsorship" from a group that tells them they'll be building suitcase bombs for terrorists? Or an engineering/architecture student that's told they'll get a free ride through college as along as they agree to help break into banks once they graduate? This isn't any different.

Re:surprised?

[Planesdragon (210349)]

This isn't any different.

It's significantly different. One is treason, another is abandoning a lucrative private enterprise for crime, and the third is a resort of despiration for those with few prosepcts.

The morality, ethics, and legal response to each of these is different. You might as well claim that vehicular manslaughter and driving with a cell phone "aren't any different."

Re:

[russ1337 (938915)]

Funny that you mention ethics. I remember a class a few years ago, we tried to determine what set a 'Profession' different from a 'job'. Eventually we settled on something along the lines 'that a professional has a code of ethics'.e.g Doctors, engineers, lawyers (ok, yeah ok i know - stick with me)..

I dont recall IT professionals having a code of ethics. If BSC/SE graduates swore to uphold a code of ethics, it may weed out a few of the more 'innocent' people that would take up this offer. Of course it

Sweet

[presidentbeef (779674)]

Does this mean that legitimate companies, to keep up, will have to do the same thing?
Maybe they could even get into bidding wars over potential students/employees! This could only be a good thing...right?

Re:

[phatvw (996438)]

Haven't folks like Peter Norton (Symantec) been doing this for years? Recruiting kids to write worms and viruses so they can sell their shitty "Utilities" and Virus scanning suites to big business? ;)

Not likely...

[Marnhinn (310256)]

At least I hope not.

It will probably become a felony to accept funding from such groups first (if it already isn't) since its somewhat similar to bribery. Simply because if this were to spread to other professions, the impact could potentially be much worse (and could result in having a government like some third world countries where since the mafia is willing to pay more, the whole government is corrupt).

Re:Not likely...

[presidentbeef (779674)]

I kind of see your point...but doesn't the military already do this? They offer to pay for college, you agree to serve for 6 years or whatever. Does it make a difference if it's a private company?
I know that some companies will help pay for your education if you agree to continue working for them for a certain amount of time after your education is complete. It's not so different, right? This is just getting them younger.

Of course, my original comment was more of a joke :)

Re:

[Marnhinn (310256)]

True, but only to an extent.

Many companies offer benefits in return for service (as you mention), the difference isn't in really in what the companies offer, it's in what they do.

If we just looked at offers - then there is not much difference between a lobbyist giving a politician large sums of money and someone donating to charity. Both are giving money away right? But the law looks at more than action - it looks at intent (thankfully). Which means that accepting money from a criminal enterprise is very

Uh...

[Belial6 (794905)]

Uh... Bribery is not illegal. There are certain types of bribes that are illegal, but much like being a monopoly, it is not inherently illegal. You know, if I offer may local mayor a new car in exchange rezoning some land I own, it's a crime. If I offer my son a new car in exchange for mowing the lawn, I may be a crappy parent, but I certainly have not committed a crime.

Re:

[Rix (54095)]

You're confused about the definition of bribe.

Re:

[Maxo-Texas (864189)]

If you give the mayor $25,000 for his reelection commitee it's also legal.
If you give the mayor $25,000 with the understanding that he'll give you a zoning variance, it's illegal.
If you give the mayor $25,000 with no understanding he gives you a zoning variance, it's legal.

Re:

[neoform (551705)]

Not if the companies are employing black hat hackers to take down their competition.. (i worked shortly for such a company, quit out of disgust).

The Godfather

[Nomihn0 (739701)]

Sonny: Hey, whaddya gonna do, nice college boy, eh?

Hack, that's what!

interesting...

[by Anonymous Coward]

how do i sign up?

A new medium for an age old problem

[Mikachu (972457)]

This isn't anything new really. I mean I even feel redundant saying this. Where there's commerce, there's crime. Where there's crime, there's organization. Gangs have simply moved on from convincing kids on street corners to steal some stuff into convincing kids in chatrooms to hack into some websites. It was only a matter of time.

pft!

[tloh (451585)]

No! No! No! Any hacker with even an ounce of skill is more than capable of setting up shop on his own. What you gotta do is offer the guy something he would never EVER get legitimately. What these criminal types REALLY ought to do is come on slashdot here and promise they can arrange regular *private* meetings with our favorite adult performers from the pr0n we all download.

Re:

[non (130182)]

dude, i don't know about favorite, but there are many you can get; look here [exoticretreat.net]. at least one of the met-art girls is available!

Re:

[nettdata (88196)]

Cool... some place where "Blowjob Friday" might not just be a tale of lore...

Where do I sign up?

Benefits

[phorm (591458)]

Ahhhh, but do they offer dental? If not, they could probably manage to add you to somebody else's plan :-)

Re:Benefits

[Massacrifice (249974)]

Oh yeah, they have a dental plan... Tony, gimme the pliers.

Hack what ?

[jfclavette (961511)]

Say what you will, hacking (cracking, don't throw a fit) isn't exactly easy nowadays. Can anyone here honestly tell me that they can get me access to a given business's clients database in the next 48 hours ? Didn't think so. So what are the gangs getting out of this ? Are they getting on a hype bandwagon ?

Re:Hack what ?

[ScentCone (795499)]

Can anyone here honestly tell me that they can get me access to a given business's clients database in the next 48 hours ? Didn't think so. So what are the gangs getting out of this ? Are they getting on a hype bandwagon ?

Getting access to a company's database is so 1990's. These days, you need smart computer science types to design better malware to create botnets so that you can practice good old fashioned extortion against Costa Rican casino web sites. Simple as that.

Re:

[by Anonymous Coward]

Wow, that has got to be the most clueless comments on the topic that I have ever read. No offense meant, but really, c'mon! Where have you been the last five years? Hacking hasn't only gotten a lot simpler, with all the automated tools that exist nowadays, but also become much more profitable. The increased profits are largely a result of botnets and the ease one can build one with using readily available tools and the huge number of clueless people on a broadband connection (something that also didn't real

Hoax maybe?

[UbuntuDupe (970646)]

This seems like a monumentally stupid way to recruit hackers. Let's see, leave a public record of you funding a student (rather than cold cash), then when he graduates, tell him, oops, you want him to break several laws. "Oh really? Well, thanks for the free education. Hey feds, over here!" *gets witness protection* *gets guaranteed income for life* *eliminates obligation to employer*

In order for this to work, you'd have to credibly threaten or capture a loved one. But if you've got the techie that way, ... er, why do you need to pay for his education again?

Re:Hoax maybe?

[Massacrifice (249974)]

Well, if they start by requiring the would be hacker to "prove" himself (or herself?) worthy by doing something illegal, they can then blackmail him into doing more. I would assume that criminal activities start before the end of the studies. If the studies ever get completed, that is.

Re:Hoax maybe?

[Beryllium Sphere(tm) (193358)]

>In order for this to work, you'd have to credibly threaten or capture a loved one.

The old recipe for recruiting a spy was MICE: Money, Ideology, Compromise, Ego. If organized crime really is troling computer students, they could use at least three of those, and maybe even ideology ("stick it to the greedy corporate exploiters and their fascist tools in government", or something like that).

The other problem is, what's a CS degree going to do for a blackhat?

Put them through drama school and psychology if you want to raise a crop of social engineers, use an apprenticeship system if you need vulnerability finders, but CS? There are only a few problems in the criminal world (robust scalable botnet control, untracable communications) that are computer science problems. And there can't be room for many people to work on those.

The article was way too light on any of the specifics that would have inclined me to trust it.

Not Much of a Surprise.

[PixieDust (971386)]

Everything internet related means lots of dollar signs. What's intruiging here is how it could also play out amongst large corporations. We all know about the difference between a White Hatter, and a Black Hatter. Now consider a network of say, 20 people, top to bottom. At the top, is some poor twit either finishing up college, or already working for a fairly large business (as this article indicates some targets are). At the bottom (in this case, origin), is Company A, that really wants to see company B go down. High profile, but they're paying a pretty penny. Think about it.

Wal-Mart. Big huge massive retail company. How much do you think it would be worth to K-Mart, or Target, or various other retailers, for Wal-Mart to just be down for a few days? Easily into tens of millions, if not hundreds of millions of dollars.

Sad part is, the person at the top doesn't even have to know what's going on. They just say "Hey write a program that will do this, and propogate. We'll give you a cool 100Gs." Kid says hells yea, takes a few hours, whatever, writes it, and gives it to them, collects.

Two weeks later, Wal-Mart plant sticks the little nasty into the Wal-Mart mainframe, and it gets disseminated to every single store in the company. The plant is nice and safe (removed by organization, or perhaps just left to fend for themselves, whatever), many of the people involved will never be caught, and the person that wrote it may not even know they were responsible!

Perhaps I should take off my tin-foil hat, but still, it's a helluva "What-If".

Re:Not Much of a Surprise.

[Lehk228 (705449)]

if an attacker had access to wal*mart's systems, shutting them down for a few days would be a bad way to do it, instead attack trust and dependability.

screw up certain shipments for holidays, occasionally add an item or three to credit card purchases, add a hundred bucks to random debits.

then at the end transfer all credit card numbers, debit card numbers, signatures, and PINs to a third party


halting operations would be bad for walmart, leaking EVERY SINGLE credit card transaction processed by walmart would be much worse long term.

the attack could be even more effective if the pharmacy/medical records kept could be leaked. people get pissed when their viagra perscription gets posted on the internet

Hookers as Employee Benefits!

[LinuxLuver (775817)]

Criminal gangs should be able to offer some very "creative" fringe benefit packages. You want $200,000 a year? Or maybe $150,000 and a two hookers / week? Tax that!

Re:

[NotFamousYet (937650)]

Actually, it is true that what most tech-savvy people expect from an IT job is a good combination of comfort and challenge (see Google's very long list of fringe benefits).

If you're a student, such an offer is definitely more tempting and self-rewarding than working in a cubicle.

Criminal gangs are targeting tech students?

[rampant mac (561036)]

SCO is hiring? I'm so in there...

Had to be said

[NotFamousYet (937650)]

And what's their motto?

DO evil? :P

If they were good hackers

[antifoidulus (807088)]

they could just get a degree the same way "Michael Parker" from Mitnick's first book got one.

Hey, wait, it's McAfee

[nbauman (624611)]

Did anybody notice that this BBC story is based entirely on a report, "McAfee Virtual Criminology Report http://www.softmart.com/mcafee/docs/McAfee%20NA%20 Virtual%20Criminology%20Report.pdf [softmart.com] and an interview with one of its authors?

This report -- from 2005 -- doesn't have anything that you couldn't have already read on Slashdot or the newspapers.

The BBC didn't check McAfee's claims with another source. The McAfee report doesn't say anything about criminals paying tuition for students to study computer science. The McAfee security analyst didn't give any details. The BBC didn't ask him the obvious question, "How do you know?" Did he talk to a student like this? Did he find it in court records? Or did he hear it from another security expert after a few drinks?

Has McAfee been reliable in the past?

The Wired Article

[Phat_Tony (661117)]

Three years ago, Wired had an article [wired.com] written by a guy who does tech support for the Mafia.

Stetson Tailored Tin Foil Hat

[not_hylas( ) (703994)]

What we *had* here was a failure to communicate.
That seems to be clearing up, somewhat.

If you remember just a few, scant years ago, this discussion would be full of:
* "Your a moran"
"How about that tin foil hat"
"You watch too much TV"
"I guess you are a leet hacker dude :-P"

and so on.

Perhaps Kevin (TM) has helped us understand what has been perpetrated on us for years (witting or unwitting social engineering).

The Art of Deception: Controlling the Human Element of Security

http://www.amazon.com/exec/obidos/tg/detail/-/0471 237124/ref=ase_mitnicksecuri-20/103-6052457-813506 9?v=glance&s=books [amazon.com]

So the internet does make us smarter, eh?

For example:
The Kennedy assassination made the word "conspiracy" a knee jerk, almost unconscientious reaction to discount whatever followed as ludicrous.

As an exercise let me roll this past you.

If the Japanese in WWII could have attacked every home in the US by way of their radio set top box (a "brown note" for electronics), to start fires in every home ...

http://www.schmarder.com/radios/crystal/ [schmarder.com]

http://en.wikipedia.org/wiki/Brown_note [wikipedia.org]

do you think they would have conspired with College (engineering) students to help them?

Criminals are now MBAs, Engineers and Rocket Scientists.
Your desktop could be mocking you.

* [yes, it's misspelled]

Re:

[OmniBeing (838591)]

A close friend of mine and I were offered "work" for a criminal organization years ago when we were fresh out of high school (we developed quite a rep, did some stupid things like send all the account usernames and passwords for the district to the main laser in the library. Nobody knew who did it till a friend ratted us out. That's another story though.)

The offer was nice, new machines and $10,000 each for a weeks work attacking ADT's system so they could stage a b&e spree.

Scared the crap out of me, I

Re:The year for this article is 2006

[xrayspx (13127)]

Back in The Day, Slashdot listed only the day and date, which if I gave a shit, would be sufficient to narrow it down to the year. However, sometime in the last 2 years I was pleasantly surprised to see they started putting the year as well attached to every post.

Don't believe me? Read everything to the right of my name on this post.

Of course, I suppose I could be lying too.

Re:The year for this article is 2006

[mincognito (839071)]

The point is, you can set a date format that includes the year in your Slashdot preferences (in the homepage section).

Re:

[Schraegstrichpunkt (931443)]

You could always look at the URL.

Re:

[VGPowerlord (621254)]

Lets see if I can figure out the year from some obvious source... lets see... not the submittion text...

Oh, hey, how about the article url!

http://yro.slashdot.org/article.pl?sid=06/12/09/05 8252 [slashdot.org]

Lets see... today is 2006/12/09... nope, I'm not seeing it.

Re:

[ZachPruckowski (918562)]

The people who get caught by the RIAA are the "low hanging fruit" most of the time. They're either hitting ten year olds or they're hitting the superseeders (or the guys who run the sites). People with IT degrees who pirate would use safer, and harder to trace, methods. Even just using PeerGuardian or pirating via proxy (or stealing wireless) is going to help you a great deal in terms of not getting caught. Additionally, they "stay in the middle" in terms of threat level.

Same for these hackers. They'r