Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/28/2007
03:34 PM
Sharon Gaudin
Sharon Gaudin
Commentary
50%
50%

Would You Hire This Hacker?

Convicted hacker Robert Moore started serving his two-year prison sentence yesterday. He has high hopes that a security company will scoop him up when he gets out. The question is: Would you hire this man?

Convicted hacker Robert Moore started serving his two-year prison sentence yesterday. He has high hopes that a security company will scoop him up when he gets out. The question is: Would you hire this man?Moore, who's just 23, surrendered himself at the Federal Correctional Institution in Sheridan, Ore. He's doing time because he pleaded guilty to committing computer fraud for participating in a scheme to steal voice over IP services and sell them through a separate company. Moore wasn't the mastermind. He was the high-tech muscle. He was the one who scanned and broke into telecoms and other corporations around the world.

During one of a few phone calls I had with Moore, he told me he considers himself a "mega geek," even saying that his computer is the "love of his life." So what's a mega geek to do when he gets out of prison? Moore told me his path is pretty much laid out. He wants to work for a security company and he thinks the stolen VoIP operation and his time served will be the calling card that opens those corporate doors for him.

"The cool thing about cybercrime is when you get this much publicity it's pretty much like a resume when you get out," said Moore, who hasn't gone to college and doesn't hold a degree. "When they say, 'Where's your degree?,' you just show them your prison record."

Really? I'm not so sure about Moore's take on the situation. He must have a pretty low standard for "celebrity."

First off, he got suckered into working with his cohort, Edwin Pena, who the government said netted more than $1 million and then fled the country. Moore reportedly only got about $20,000 of that haul -- and now he's in jail. He also confessed to breaking into corporate networks. Are companies going to trust him with their own system or their customers?

I don't know if confessing to a crime makes you cool or just a criminal.

And the VoIP scheme wasn't Moore's first brush with the law. Back in 2003, the FBI paid him a visit and gave him a warning for blasting out about 40,000 text messages to Cricket Communication customers. Moore told me he did it one afternoon when he was house sitting and bored. He said he figured he'd invite a bunch of people over and see who showed up. Well, I'll just take him off my list of potential house sitters.

But Moore does seem to see all of this as his claim to fame. "I guess you really don't know you're good at computers until the FBI comes after yah," he said, laughing. And he told me just this week he was bummed out that famed hacker Kevin Mitnick hasn't called him yet.

Maybe Mitnick will write to him in prison. Maybe he'll get out of jail and make money that I can only dream of. After all, researchers at security company Sophos reported this week that the Chinese virus writer who was sentenced to four years in prison for creating the Fujacks worm already has a job. Li Jun, who is 25, has been offered a technology director position that will pay him one million yuan, or $133,155 U.S., according to Sophos. And who made the offer? It reportedly was Jushu Technology, a company that itself was hit hard by the Fujacks worm.

It will be interesting to see if this works out the way Moore has envisioned.

You tell me. Would you hire him?

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
Robert Lemos, Contributing Writer,  7/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16271
PUBLISHED: 2020-08-03
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection.
CVE-2020-16272
PUBLISHED: 2020-08-03
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection.
CVE-2020-8574
PUBLISHED: 2020-08-03
Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.
CVE-2020-8575
PUBLISHED: 2020-08-03
Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS).
CVE-2020-12739
PUBLISHED: 2020-08-03
A vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices. The vulnerability is due to improper design or implementation of the Ethernet communication modules of the CNC. An attack...