As my statement before, I'm with Mark on this one. Those weren't normal people when they bent their morals and committed crimes. There are plenty of upstanding individuals out there to hire, and train even.
--
Kevin L. Shaw, CISSP, GCIH, GPEN
240.593.4261
Sent from my Android

"Mark Brunner" <kohi10 (at) rogers (dot) com [email concealed]> wrote:

>J.
>
>Feel free to have an opinion, misguided or otherwise. BTW, cybercrime?
>It's just plain old crime. All that has changed is the vehicle. Why
>not an
>FBI agent. Temptation is everywhere, and few are immune. If the
>return was
>right, the risk appeared low, and the probability of success was
>positive,
>even a saint can be tempted! I wouldn't hire a known child molester to
>look
>after my granddaughter, I won't hire a proven thief to manage my stock
>portfolio, and if I have a choice between a convicted felon and someone
>with
>a clean record, I am going to take a chance on the unknown quantity,
>and add
>to the mix my best preventive controls and detective measures.
>
>As soon as the people listed below decided to commit crime, hurt
>someone,
>damage something not their own, they became wolves.
>That is my 2¢ and humorous, misguided opinion, be the first on your
>block to
>collect all ten!
>
>M. Brunner
>Information Security Manager & Consultant
>Greater Toronto Area, Ontario Canada
>
>-----Original Message-----
>From: listbounce (at) securityfocus (dot) com [email concealed]
>[mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
>Behalf Of J. Oquendo
>Sent: Tuesday, December 07, 2010 9:27 AM
>To: Mark Brunner; pen-test
>Subject: Re: felons as pentesters
>
>On 12/4/2010 2:25 PM, Mark Brunner wrote:
>>
>> Using wolves to herd sheep is probably counter-productive. Unless
>those
>> wolves come with an iron-clad guarantee and a commitment from a
>reputable
>> and solvent company that will compensate for or replace any missing
>sheep...
>> Can your rehabilitated wolf do that? Probably not. Best pursue a
>position
>> less "interesting".
>>
>
>This is a humorous and misguided comment, sorry - that's my opinion. I
>implore you and anyone else to take a look around at 1/3rd of the
>"cybercrimes" committed (I say one third because its easy pickins).
>Ready? (http://en.wikipedia.org/wiki/Lies,_damned_lies,_and_statistics)
>
>If we do some quick math, of the 12 cases that immediately sprout up on
>Cybercrime.gov, you should be fearing normal individuals more than you
>should be fearing a "convicted" felon with regards to "cybercrime." In
>fact, not ONE CASE on that site mentions ANYONE as having "former
>record"
>
>From http://www.cybercrime.gov/cc.html
>
>OMG, even an FBI agent...
>United States Attorney Jane J. Boyle announced that a federal grand
>jury
>in Dallas returned a ten-count indictment today charging Lancaster,
>Texas, resident, Jeffrey D. Fudge, with various felony charges related
>to the misuse of his position of trust as a Federal Bureau of
>Investigation (FBI) investigative analyst.
>http://www.cybercrime.gov/fudgeIndict.htm
>
>Not wolves, trusted insiders...
>According to the indictment, Camp and Fowler developed a computer
>virus,
>which they used to infect UCM computers Â? including an attempt to
>infect
>the computer used by the universityÂ?s president.
>
>Not a wolf a normal ordinary person...
>David C. Kernell, 23, today was sentenced to one year and one day in
>prison for intentionally accessing without authorization the e-mail
>account of former Alaska governor Sarah Palin and obstruction of
>justice,
>
>Not a wolf a normal person...
>charged Frost with causing damage to a protected computer system and
>possessing 15 or more unauthorized access devices.
>
>Not a wolf... normal person...
>On June 29, 2010, Darnell H. Albert-El, 53, of Richmond, pleaded guilty
>to one count of intentionally damaging a protected computer without
>authorization. Albert-El was sentenced today by Senior U.S. District
>Judge Robert E. Payne in the Eastern
>
>Not a wolf, normal employee
>MakwanaÂ?s laptop and other evidence, revealed that Makwana had
>transmitted the malicious code on October 24, 2008 which was intended
>to
>execute on January 31, 2009. The malicious code was designed to
>propagate throughout the Fannie Mae network of computers and destroy
>all
>data, including financial, securities and mortgage information.
>
>Not a wolf, normal employee/insider
>Bruce Raisley, 49, of Kansas City, Mo. Â? formerly of Monaca, Pa. Â?
>following a six-day trial before United States District Judge Robert B.
>Kugler in Camden. Raisley was convicted of the count charged in the
>Indictment on which he was tried: launching a malicious computer
>program
>designed to attack computers and Internet websites, causing damages.
>
>Not a wolf normal person...
>DANIEL CHRISTOPHER LEONARD, 32, of Olympia, Washington, pleaded guilty
>today in U.S. District Court in Tacoma to one count of cyber-stalking
>and four counts of making threatening communications. ... Many of the
>victims altered their lives because of the phone calls; quitting jobs,
>moving, and altering their activities because of the threatening and
>harassing calls. Many cancelled their cell phone numbers, only to start
>receiving the calls at home or at work.
>
>Not a wolf, normal employee/insider
>Shelnutt was a former CariNet employee. Between October 2008 and
>November 9, 2008, Shelnutt repeatedly accessed CariNetÂ?s computer
>network without authorization and caused damage.
>
>So back to this theory/notion about felons and cybercrime, of all the
>cases listed on that site, do the breakdown of "repeat offenders" as
>opposed to making misguided comments "omg they will always be vile,
>vicious attackers who can't be trusted!" I guarantee you that you have
>more to fear from normal individuals than you do from someone with a
>felony. This is NOT TO SAY that there aren't bad apples but the reality
>is, bad apples fall everywhere period.
>
>*DISCLAIMER - it should come as no surprise to most who recognize my
>name that I was convicted of a "cybercrime" and spent 27 months in club
>fed. Guess what, life goes on. I currently work at a company where I've
>been for 5 years. I have access to over 150 million (that's million)
>customer records and accounts. "Shocking!; the notion that people move
>on with life and progress positively." Am I an enigma/anomaly? In my
>current position I'm *always* vigilant against *ANYTHING* and
>EVERYTHING
>that occurs including virus and malware outbreaks. From my perspective,
>I'd be the first targeted/looked at it something were to occur, so I do
>my damnest to ensure that *NOTHING* occurs. I do my best to make sure
>*EVERYTHING IS DOCUMENTED*, and there is full auditing and accounting
>across the board. I do this for various reasons 1) should something
>occur, (as I stated) I'd be the first to be looked at 2) I'm very well
>aware of the attack vectors and vulnerabilities blackhats are looking
>for 3) I make sure everything I do is cross-checked/referenced/logged
>and audited for my OWN safety/security
>
>People are people period and all of this "not in my backyard" is
>hypocrisy at best. What's that saying: "Let he who is without sin cast
>the first stone." ... I know of PLENTY of individuals in this industry
>who have skated a felony record by turning on their family, friends,
>etc., and they are in positions of "great trust" and I often scratch my
>head at others' ignorance when it comes to this matter. As a security
>professional, my PERSONAL goals are 1) to be the best that I can be 2)
>to ensure that the things I do are accounted for, audited 3) ensure
>wherever I am employed is provided with the utmost security I can
>provide/learn/give/design. That's just me though.
>
>So back to that statement: "Why would I trust a wolf with sheep..." I
>say "why would you trust ANYONE/THING with ANYONE/THING without keeping
>a close eye. You'd be the idiot to allow checks and balances to be
>missed/overlooked. While you're watching/fearing a felon, its often
>going to be someone innocuous that's going to be the "troublemaker."
>
>--
>
>=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
>J. Oquendo
>SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT
>
>"It takes 20 years to build a reputation and five minutes to
>ruin it. If you think about that, you'll do things
>differently." - Warren Buffett
>
>227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E
>http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E
>
>
>-----------------------------------------------------------------------
-
>This list is sponsored by: Information Assurance Certification Review
>Board
>
>Prove to peers and potential employers without a doubt that you can
>actually
>do a proper penetration test. IACRB CPT and CEPT certs require a full
>practical examination in order to become certified.
>
>http://www.iacertification.org
>-----------------------------------------------------------------------
-
>
>
>-----------------------------------------------------------------------
-
>This list is sponsored by: Information Assurance Certification Review
>Board
>
>Prove to peers and potential employers without a doubt that you can
>actually do a proper penetration test. IACRB CPT and CEPT certs require
>a full practical examination in order to become certified.
>
>http://www.iacertification.org
>-----------------------------------------------------------------------
-

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]