Re: felons as pentesters
- From: "J. Oquendo" <sil@xxxxxxxxxxxxxxx>
- Date: Tue, 07 Dec 2010 09:27:25 -0500
On 12/4/2010 2:25 PM, Mark Brunner wrote:
Using wolves to herd sheep is probably counter-productive. Unless those
wolves come with an iron-clad guarantee and a commitment from a reputable
and solvent company that will compensate for or replace any missing sheep...
Can your rehabilitated wolf do that? Probably not. Best pursue a position
This is a humorous and misguided comment, sorry - that's my opinion. I
implore you and anyone else to take a look around at 1/3rd of the
"cybercrimes" committed (I say one third because its easy pickins).
If we do some quick math, of the 12 cases that immediately sprout up on
Cybercrime.gov, you should be fearing normal individuals more than you
should be fearing a "convicted" felon with regards to "cybercrime." In
fact, not ONE CASE on that site mentions ANYONE as having "former record"
OMG, even an FBI agent...
United States Attorney Jane J. Boyle announced that a federal grand jury
in Dallas returned a ten-count indictment today charging Lancaster,
Texas, resident, Jeffrey D. Fudge, with various felony charges related
to the misuse of his position of trust as a Federal Bureau of
Investigation (FBI) investigative analyst.
Not wolves, trusted insiders...
According to the indictment, Camp and Fowler developed a computer virus,
which they used to infect UCM computers – including an attempt to infect
the computer used by the university’s president.
Not a wolf a normal ordinary person...
David C. Kernell, 23, today was sentenced to one year and one day in
prison for intentionally accessing without authorization the e-mail
account of former Alaska governor Sarah Palin and obstruction of justice,
Not a wolf a normal person...
charged Frost with causing damage to a protected computer system and
possessing 15 or more unauthorized access devices.
Not a wolf... normal person...
On June 29, 2010, Darnell H. Albert-El, 53, of Richmond, pleaded guilty
to one count of intentionally damaging a protected computer without
authorization. Albert-El was sentenced today by Senior U.S. District
Judge Robert E. Payne in the Eastern
Not a wolf, normal employee
Makwana’s laptop and other evidence, revealed that Makwana had
transmitted the malicious code on October 24, 2008 which was intended to
execute on January 31, 2009. The malicious code was designed to
propagate throughout the Fannie Mae network of computers and destroy all
data, including financial, securities and mortgage information.
Not a wolf, normal employee/insider
Bruce Raisley, 49, of Kansas City, Mo. – formerly of Monaca, Pa. –
following a six-day trial before United States District Judge Robert B.
Kugler in Camden. Raisley was convicted of the count charged in the
Indictment on which he was tried: launching a malicious computer program
designed to attack computers and Internet websites, causing damages.
Not a wolf normal person...
DANIEL CHRISTOPHER LEONARD, 32, of Olympia, Washington, pleaded guilty
today in U.S. District Court in Tacoma to one count of cyber-stalking
and four counts of making threatening communications. ... Many of the
victims altered their lives because of the phone calls; quitting jobs,
moving, and altering their activities because of the threatening and
harassing calls. Many cancelled their cell phone numbers, only to start
receiving the calls at home or at work.
Not a wolf, normal employee/insider
Shelnutt was a former CariNet employee. Between October 2008 and
November 9, 2008, Shelnutt repeatedly accessed CariNet’s computer
network without authorization and caused damage.
So back to this theory/notion about felons and cybercrime, of all the
cases listed on that site, do the breakdown of "repeat offenders" as
opposed to making misguided comments "omg they will always be vile,
vicious attackers who can't be trusted!" I guarantee you that you have
more to fear from normal individuals than you do from someone with a
felony. This is NOT TO SAY that there aren't bad apples but the reality
is, bad apples fall everywhere period.
*DISCLAIMER - it should come as no surprise to most who recognize my
name that I was convicted of a "cybercrime" and spent 27 months in club
fed. Guess what, life goes on. I currently work at a company where I've
been for 5 years. I have access to over 150 million (that's million)
customer records and accounts. "Shocking!; the notion that people move
on with life and progress positively." Am I an enigma/anomaly? In my
current position I'm *always* vigilant against *ANYTHING* and EVERYTHING
that occurs including virus and malware outbreaks. From my perspective,
I'd be the first targeted/looked at it something were to occur, so I do
my damnest to ensure that *NOTHING* occurs. I do my best to make sure
*EVERYTHING IS DOCUMENTED*, and there is full auditing and accounting
across the board. I do this for various reasons 1) should something
occur, (as I stated) I'd be the first to be looked at 2) I'm very well
aware of the attack vectors and vulnerabilities blackhats are looking
for 3) I make sure everything I do is cross-checked/referenced/logged
and audited for my OWN safety/security
People are people period and all of this "not in my backyard" is
hypocrisy at best. What's that saying: "Let he who is without sin cast
the first stone." ... I know of PLENTY of individuals in this industry
who have skated a felony record by turning on their family, friends,
etc., and they are in positions of "great trust" and I often scratch my
head at others' ignorance when it comes to this matter. As a security
professional, my PERSONAL goals are 1) to be the best that I can be 2)
to ensure that the things I do are accounted for, audited 3) ensure
wherever I am employed is provided with the utmost security I can
provide/learn/give/design. That's just me though.
So back to that statement: "Why would I trust a wolf with sheep..." I
say "why would you trust ANYONE/THING with ANYONE/THING without keeping
a close eye. You'd be the idiot to allow checks and balances to be
missed/overlooked. While you're watching/fearing a felon, its often
going to be someone innocuous that's going to be the "troublemaker."
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT
"It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently." - Warren Buffett
227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
- Prev by Date: Re: Nessus will work on MPLS
- Next by Date: Re: Passive PenTesting
- Previous by thread: RE: felons as pentesters
- Next by thread: Re: felons as pentesters