Re: felons as pentesters



On 12/4/2010 2:25 PM, Mark Brunner wrote:

Using wolves to herd sheep is probably counter-productive. Unless those
wolves come with an iron-clad guarantee and a commitment from a reputable
and solvent company that will compensate for or replace any missing sheep...
Can your rehabilitated wolf do that? Probably not. Best pursue a position
less "interesting".


This is a humorous and misguided comment, sorry - that's my opinion. I
implore you and anyone else to take a look around at 1/3rd of the
"cybercrimes" committed (I say one third because its easy pickins).
Ready? (http://en.wikipedia.org/wiki/Lies,_damned_lies,_and_statistics)

If we do some quick math, of the 12 cases that immediately sprout up on
Cybercrime.gov, you should be fearing normal individuals more than you
should be fearing a "convicted" felon with regards to "cybercrime." In
fact, not ONE CASE on that site mentions ANYONE as having "former record"

From http://www.cybercrime.gov/cc.html

OMG, even an FBI agent...
United States Attorney Jane J. Boyle announced that a federal grand jury
in Dallas returned a ten-count indictment today charging Lancaster,
Texas, resident, Jeffrey D. Fudge, with various felony charges related
to the misuse of his position of trust as a Federal Bureau of
Investigation (FBI) investigative analyst.
http://www.cybercrime.gov/fudgeIndict.htm

Not wolves, trusted insiders...
According to the indictment, Camp and Fowler developed a computer virus,
which they used to infect UCM computers – including an attempt to infect
the computer used by the university’s president.

Not a wolf a normal ordinary person...
David C. Kernell, 23, today was sentenced to one year and one day in
prison for intentionally accessing without authorization the e-mail
account of former Alaska governor Sarah Palin and obstruction of justice,

Not a wolf a normal person...
charged Frost with causing damage to a protected computer system and
possessing 15 or more unauthorized access devices.

Not a wolf... normal person...
On June 29, 2010, Darnell H. Albert-El, 53, of Richmond, pleaded guilty
to one count of intentionally damaging a protected computer without
authorization. Albert-El was sentenced today by Senior U.S. District
Judge Robert E. Payne in the Eastern

Not a wolf, normal employee
Makwana’s laptop and other evidence, revealed that Makwana had
transmitted the malicious code on October 24, 2008 which was intended to
execute on January 31, 2009. The malicious code was designed to
propagate throughout the Fannie Mae network of computers and destroy all
data, including financial, securities and mortgage information.

Not a wolf, normal employee/insider
Bruce Raisley, 49, of Kansas City, Mo. – formerly of Monaca, Pa. –
following a six-day trial before United States District Judge Robert B.
Kugler in Camden. Raisley was convicted of the count charged in the
Indictment on which he was tried: launching a malicious computer program
designed to attack computers and Internet websites, causing damages.

Not a wolf normal person...
DANIEL CHRISTOPHER LEONARD, 32, of Olympia, Washington, pleaded guilty
today in U.S. District Court in Tacoma to one count of cyber-stalking
and four counts of making threatening communications. ... Many of the
victims altered their lives because of the phone calls; quitting jobs,
moving, and altering their activities because of the threatening and
harassing calls. Many cancelled their cell phone numbers, only to start
receiving the calls at home or at work.

Not a wolf, normal employee/insider
Shelnutt was a former CariNet employee. Between October 2008 and
November 9, 2008, Shelnutt repeatedly accessed CariNet’s computer
network without authorization and caused damage.

So back to this theory/notion about felons and cybercrime, of all the
cases listed on that site, do the breakdown of "repeat offenders" as
opposed to making misguided comments "omg they will always be vile,
vicious attackers who can't be trusted!" I guarantee you that you have
more to fear from normal individuals than you do from someone with a
felony. This is NOT TO SAY that there aren't bad apples but the reality
is, bad apples fall everywhere period.

*DISCLAIMER - it should come as no surprise to most who recognize my
name that I was convicted of a "cybercrime" and spent 27 months in club
fed. Guess what, life goes on. I currently work at a company where I've
been for 5 years. I have access to over 150 million (that's million)
customer records and accounts. "Shocking!; the notion that people move
on with life and progress positively." Am I an enigma/anomaly? In my
current position I'm *always* vigilant against *ANYTHING* and EVERYTHING
that occurs including virus and malware outbreaks. From my perspective,
I'd be the first targeted/looked at it something were to occur, so I do
my damnest to ensure that *NOTHING* occurs. I do my best to make sure
*EVERYTHING IS DOCUMENTED*, and there is full auditing and accounting
across the board. I do this for various reasons 1) should something
occur, (as I stated) I'd be the first to be looked at 2) I'm very well
aware of the attack vectors and vulnerabilities blackhats are looking
for 3) I make sure everything I do is cross-checked/referenced/logged
and audited for my OWN safety/security

People are people period and all of this "not in my backyard" is
hypocrisy at best. What's that saying: "Let he who is without sin cast
the first stone." ... I know of PLENTY of individuals in this industry
who have skated a felony record by turning on their family, friends,
etc., and they are in positions of "great trust" and I often scratch my
head at others' ignorance when it comes to this matter. As a security
professional, my PERSONAL goals are 1) to be the best that I can be 2)
to ensure that the things I do are accounted for, audited 3) ensure
wherever I am employed is provided with the utmost security I can
provide/learn/give/design. That's just me though.

So back to that statement: "Why would I trust a wolf with sheep..." I
say "why would you trust ANYONE/THING with ANYONE/THING without keeping
a close eye. You'd be the idiot to allow checks and balances to be
missed/overlooked. While you're watching/fearing a felon, its often
going to be someone innocuous that's going to be the "troublemaker."

--

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT

"It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently." - Warren Buffett

227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Wolf
    ... The grey wolf or gray wolf, ... Gray wolves are typically apex predators in the ... arose among domestic dogs and later migrated into the wolf-population ...
    (de.etc.finanz.misc)
  • Wolf Gray Wolf
    ... Wolf Gray Wolf ... The grey wolf or gray wolf, ... Gray wolves are typically apex predators in the ... size of a wolf pack's territory is close to 200 km2.Wolf packs ...
    (de.etc.finanz.misc)
  • Re: wasps
    ... I could find no reference to a human killed by wolf in Yellowstone. ... The bottom line is wolves are large powerful social meat eaters. ... As long as they are afraid of humans and can find other food they will most likely leave humans alone. ... attacks on humans. ...
    (rec.knives)
  • OT / Update on Helicopter Wolf Massacre
    ... Palin Administration Calls in the Helicopters for Sweeping Wolf Massacre ... hundreds of wolves despite objections from the National Park Service ... the hours after the killing initiated. ... Department of Fish and Game staff, ...
    (alt.true-crime)
  • Re: teaching a child - console or GUI
    ... The website link I provided goes over many issues involved - IE wolves ... Even if an altruistic wolf ... if he had helped his companion to kill a deer. ... The Lion went once a-hunting along with the Fox, the Jackal, ...
    (comp.lang.pascal.delphi.misc)