Criminals Target Tech Students With Job Offers 121
An anonymous reader writes "BBC News is running a story on criminal gangs targeting tech students. Some of these outfits offer to pay for an education in exchange for the student's employment on graduation in criminal hacking activities." From the article: " As the number of criminal gangs looking to move into cyber crime expanded, it got harder to recruit skilled hackers, said Mr Day. This has led criminals to target university students all around the world. 'Some students are being sponsored through their IT degree,' said Mr Day. Once qualified, the graduates go to work for the criminal gangs. As well as the direct route of targeting students, some organised crime gangs were trading on the glamour surrounding the 'hacker' label to help them recruit impressionable youngsters..."
surprised? (Score:3, Insightful)
This is a good thing (Score:5, Funny)
Re:This is a good thing (Score:5, Funny)
Whack 'em.
Re:This is a good thing (Score:5, Funny)
Re:This is a good thing (Score:5, Funny)
Re:This is a good thing (Score:5, Funny)
Re: (Score:2)
Re: (Score:3, Funny)
Re: (Score:2)
Re:surprised? (Score:4, Insightful)
Um... for the same reason people might be surprised if non-crazy students who spend their years in college studying chemistry would look for "sponsorship" from a group that tells them they'll be building suitcase bombs for terrorists? Or an engineering/architecture student that's told they'll get a free ride through college as along as they agree to help break into banks once they graduate? This isn't any different.
Re:surprised? (Score:4, Insightful)
It's significantly different. One is treason, another is abandoning a lucrative private enterprise for crime, and the third is a resort of despiration for those with few prosepcts.
The morality, ethics, and legal response to each of these is different. You might as well claim that vehicular manslaughter and driving with a cell phone "aren't any different."
Re: (Score:3, Interesting)
I dont recall IT professionals having a code of ethics. If BSC/SE graduates swore to uphold a code of ethics, it may weed out a few of the more 'innocent' people that would take up this offer. Of course it
Re: (Score:2, Interesting)
We as professional System Administrators do hereby commit ourselves to the highest standards of ethical and professional conduct, and agree to be guided by this code of ethics, and encourage every System Administrator to do the same.
Professionalism
* I will maintain professional conduct in the workplace and will not allow personal feelings or beliefs to
Homer meet Godel (Score:2)
"I will maintain professional" - Doh!
"Professionalism"
"I will maintain professional" - Doh!
"Professionalism"
"I will maintain professional" - Doh!
"Professionalism"
"I will maintain professional" - Doh!
Stupid "professionalism", take that, argg, and that, ugff,....
Re: (Score:2)
Re: (Score:1)
Sweet (Score:5, Interesting)
Maybe they could even get into bidding wars over potential students/employees! This could only be a good thing...right?
Re: (Score:2, Interesting)
Not likely... (Score:2)
It will probably become a felony to accept funding from such groups first (if it already isn't) since its somewhat similar to bribery. Simply because if this were to spread to other professions, the impact could potentially be much worse (and could result in having a government like some third world countries where since the mafia is willing to pay more, the whole government is corrupt).
Re:Not likely... (Score:4, Insightful)
I know that some companies will help pay for your education if you agree to continue working for them for a certain amount of time after your education is complete. It's not so different, right? This is just getting them younger.
Of course, my original comment was more of a joke
Re: (Score:3, Insightful)
Many companies offer benefits in return for service (as you mention), the difference isn't in really in what the companies offer, it's in what they do.
If we just looked at offers - then there is not much difference between a lobbyist giving a politician large sums of money and someone donating to charity. Both are giving money away right? But the law looks at more than action - it looks at intent (thankfully). Which means that accepting money from a criminal enterprise is very
Re: (Score:1)
Actually what's far more likely than either (Score:1, Flamebait)
Apparently Verizon and whiny liberals are both bad at math.
Don't get me wrong -- I love and respect our soldiers. That so many step up to do their duty gives me hope that America may yet survive. But statistically far more Americans are killed by medical accident, influenza, a host of
Re: (Score:1)
Actually, the military route may be even better for a hacker. You get computer training on some advanced tech and you get weapons and other military training.
Organized crime is always looking for ex-cops and ex-military. These guys already know basic tricks of the trade, they know how to use guns, they may have first aid (or better) medical training. They may have covert ops training and if they're really smart and computer-trained, they'll probably have a good handle on military-grade gear as well.
So i
Uh... (Score:2)
Re: (Score:2)
Re: (Score:2)
I do (Score:2)
Re: (Score:1)
Actually... (Score:2)
Re: (Score:2)
If you give the mayor $25,000 with the understanding that he'll give you a zoning variance, it's illegal.
If you give the mayor $25,000 with no understanding he gives you a zoning variance, it's legal.
Re: (Score:2)
If you give the mayor $25,000 with no understanding AND he gives you a zoning variance, it's legal.
Re: $25,000 and Variances (Score:1)
If you give the mayor $25,000 and he doesn't understand what a zoning variance is, it's a bad value for the money.
If you give the mayor $25,000 and neither of you understand what a zoning variance is, then it's your fault for not giving your money to a better candidate.
Re: (Score:3, Interesting)
The Godfather (Score:2)
Hack, that's what!
interesting... (Score:2, Interesting)
Re:The year for this article is 2006 (Score:4, Funny)
Don't believe me? Read everything to the right of my name on this post.
Of course, I suppose I could be lying too.
Re:The year for this article is 2006 (Score:4, Informative)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Oh, hey, how about the article url!
http://yro.slashdot.org/article.pl?sid=06/12/09/0
Lets see... today is 2006/12/09... nope, I'm not seeing it.
A new medium for an age old problem (Score:3, Insightful)
sneakers (Score:2)
Don't kid yourself. It's not that organized.
i really can't believe... (Score:1)
to top it off, the watcha-mathingy is 'murders'
Re: (Score:2, Informative)
The offer was nice, new machines and $10,000 each for a weeks work attacking ADT's system so they could stage a b&e spree.
Scared the crap out of me, I
Great News! (Score:1)
pft! (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
Where do I sign up?
Benefits (Score:2)
Re:Benefits (Score:4, Funny)
Hack what ? (Score:5, Insightful)
Re:Hack what ? (Score:5, Interesting)
Getting access to a company's database is so 1990's. These days, you need smart computer science types to design better malware to create botnets so that you can practice good old fashioned extortion against Costa Rican casino web sites. Simple as that.
Re: (Score:1)
Re: (Score:2)
I don't meant to suggest it isn't happening, or isn't a target. But most of that stuff is insider badness, not 133t h@xx0rs coming in from the outside while on Jolt buzz. The malware is where all the action is - because that's how you plant keyloggers, etc., and GET inside access if you don't have an inside m
Re: (Score:1)
The major breach of security events where large amounts of personal information is either pure dumb luck (enhanced by a larger drag net or malware) or the combination of social engineering, physical break in, and computer based attacks.
Re: (Score:2, Insightful)
No... (Score:2)
Re: (Score:2)
No, but I can get access to a given business's clents database in 48 hours plus flight time, given an appropriate plane ticket and an appropriate change of clothes.
Re: (Score:2)
What I've often wondered though is, why do phishers just go for the harder targets like eBay, Paypal and Banks? Since a significant proportion of sites these days require a login and password, and that many people will simply use the same login and password, why not phish for some forum or news site, where users are off g
Re: (Score:2)
Re: (Score:2)
I work in the security industry for a company that does financial software. Despite all our efforts, at best we can only stop poorly-funded, poorly-motivated attackers. And our security is much better than most.
Most people, even those in IT, have NO FREAKIN IDEA how complicated information security is.
lavoro di squadra ("teamwork" in italian) (Score:1)
Hoax maybe? (Score:4, Insightful)
In order for this to work, you'd have to credibly threaten or capture a loved one. But if you've got the techie that way,
Re: (Score:1)
Re:Hoax maybe? (Score:4, Insightful)
Re: (Score:1, Insightful)
Re: (Score:1)
Yeah...student loans can be a real bitch sometimes.
Re:Hoax maybe? (Score:4, Interesting)
The old recipe for recruiting a spy was MICE: Money, Ideology, Compromise, Ego. If organized crime really is troling computer students, they could use at least three of those, and maybe even ideology ("stick it to the greedy corporate exploiters and their fascist tools in government", or something like that).
The other problem is, what's a CS degree going to do for a blackhat?
Put them through drama school and psychology if you want to raise a crop of social engineers, use an apprenticeship system if you need vulnerability finders, but CS? There are only a few problems in the criminal world (robust scalable botnet control, untracable communications) that are computer science problems. And there can't be room for many people to work on those.
The article was way too light on any of the specifics that would have inclined me to trust it.
Re: (Score:1)
I agree, although the article actually says "IT Degree", which probably translates to a degree from DeVry or the like.
What they should be paying for is an Informatics [washington.edu] degree -- it includes the technical aspects of hacking (programming languages from a pragmatic standpoint), but combines it with the social and communication elements you mentioned.
Re: (Score:2)
The most remarkable part of that article was the IBM mainframe they'd have datamining phone switch info, cross-referencing it with known numbers of government agents in order to ferret out rats.
Re: (Score:2)
Not Much of a Surprise. (Score:4, Interesting)
Wal-Mart. Big huge massive retail company. How much do you think it would be worth to K-Mart, or Target, or various other retailers, for Wal-Mart to just be down for a few days? Easily into tens of millions, if not hundreds of millions of dollars.
Sad part is, the person at the top doesn't even have to know what's going on. They just say "Hey write a program that will do this, and propogate. We'll give you a cool 100Gs." Kid says hells yea, takes a few hours, whatever, writes it, and gives it to them, collects.
Two weeks later, Wal-Mart plant sticks the little nasty into the Wal-Mart mainframe, and it gets disseminated to every single store in the company. The plant is nice and safe (removed by organization, or perhaps just left to fend for themselves, whatever), many of the people involved will never be caught, and the person that wrote it may not even know they were responsible!
Perhaps I should take off my tin-foil hat, but still, it's a helluva "What-If".
Re:Not Much of a Surprise. (Score:4, Insightful)
screw up certain shipments for holidays, occasionally add an item or three to credit card purchases, add a hundred bucks to random debits.
then at the end transfer all credit card numbers, debit card numbers, signatures, and PINs to a third party
halting operations would be bad for walmart, leaking EVERY SINGLE credit card transaction processed by walmart would be much worse long term.
the attack could be even more effective if the pharmacy/medical records kept could be leaked. people get pissed when their viagra perscription gets posted on the internet
Re: (Score:1)
The probable mechanism for profit would be to short NYSE:WMT just before a viral attack is executed. If that attack were to happen on thanksgiving, just in time for 'black Friday', the profit could be huge.
The long-term is a better strategy in monetary terms, but risk is proportional to time. A single event is much harder to get caught at then a bunch of events. Introducing endemic shrinkage in the credit handling system would require a large number of (potentially) traceable even
Re: (Score:2)
posting bots that roam VBullitin sites, spam mailers, usenet, and IRC would together make a very large receptical for a data dump.
Re: (Score:2)
Re:Not Much of a Surprise...Yes,but... (Score:2)
The Firm :) (Score:1)
Hookers as Employee Benefits! (Score:5, Funny)
Re: (Score:3, Insightful)
If you're a student, such an offer is definitely more tempting and self-rewarding than working in a cubicle.
Re: (Score:1)
Re: (Score:1)
Getting caught - who does the catching? (Score:1)
Why exactly isn't there a fear of getting caught? Considering the way the RIAA and other orgs (FBI) is able to track internet users, why so anon? -devils advocate
Re: (Score:3, Interesting)
Same for these hackers. They'r
Criminal gangs are targeting tech students? (Score:5, Funny)
Re: (Score:1)
Re: (Score:1)
Had to be said (Score:2, Funny)
DO evil?
If they were good hackers (Score:2)
How about 'recruiters' phishing? (Score:1)
I just had a headhunter call me the other day regarding an open position at SomeBigSearch Engine.
I had never conducted business with me before. We had never talked. In order to submit my application to the company, he stated that he needed me to give him my SSN#. I spent several minutes explaining that I do not give out my SSN to strangers, never mind when I initially submit my resume to a company. He was incredulous at my reluctance.
Now, I'd imagine there is a huge untapped market, of soon to be graduating
Re: (Score:1)
Actually, I think I may have already fallen for one such scam. I was contacted by a student at my university claiming to be the student recruiter for AnotherBigICManufacturer asking for a resume. I fired it off without a glance. Tried to email him again, it bounced. Fuck.
I mean, you could really screw someone with their resume, I
Awww (Score:1)
Hey, wait, it's McAfee (Score:4, Insightful)
This report -- from 2005 -- doesn't have anything that you couldn't have already read on Slashdot or the newspapers.
The BBC didn't check McAfee's claims with another source. The McAfee report doesn't say anything about criminals paying tuition for students to study computer science. The McAfee security analyst didn't give any details. The BBC didn't ask him the obvious question, "How do you know?" Did he talk to a student like this? Did he find it in court records? Or did he hear it from another security expert after a few drinks?
Has McAfee been reliable in the past?
The Wired Article (Score:3, Interesting)
Do they offer benefits? (Score:1)
Stetson Tailored Tin Foil Hat (Score:3, Interesting)
That seems to be clearing up, somewhat.
If you remember just a few, scant years ago, this discussion would be full of:
* "Your a moran"
"How about that tin foil hat"
"You watch too much TV"
"I guess you are a leet hacker dude
and so on.
Perhaps Kevin (TM) has helped us understand what has been perpetrated on us for years (witting or unwitting social engineering).
The Art of Deception: Controlling the Human Element of Security
http://www.amazon.com/exec/obidos/tg/detail/-/047
So the internet does make us smarter, eh?
For example:
The Kennedy assassination made the word "conspiracy" a knee jerk, almost unconscientious reaction to discount whatever followed as ludicrous.
As an exercise let me roll this past you.
If the Japanese in WWII could have attacked every home in the US by way of their radio set top box (a "brown note" for electronics), to start fires in every home
http://www.schmarder.com/radios/crystal/ [schmarder.com]
http://en.wikipedia.org/wiki/Brown_note [wikipedia.org]
do you think they would have conspired with College (engineering) students to help them?
Criminals are now MBAs, Engineers and Rocket Scientists.
Your desktop could be mocking you.
* [yes, it's misspelled]