Microsoft's hacker says he deserves a job in Redmond

Apocalypse now

By Nick Farrell: Monday 11 July 2005, 21:34
THE HACKER who turned over Microsoft’s UK website last week has written to the INQ suggesting the Vole should hire him and his mate Rafa.

The hacker, who goes by the handle of Apocalypse, said that he just wanted to show to Microsoft that any server or any company is vulnerable.

"As long people build something, somebody else is two steps ahead," he said.

Apocalypse also implied that if he had the new X-Box 360 with a lot games he would not have done it.

"Remember I don’t damage or erase or destroy anything just post a message of support of my friend RaFa. They are charging him with things he didn't do and that’s why I piss up," he said.

We think he knows what he means.

He added: "If Microsoft can give me job and my friend RaFa we can made sure it will never happen again."


How old is this "hacker" ... 13 ... "Give me a job I hacked your website" ... did he read to much comics or did he play too much with his X-Box... Mr. Apocalypse in his pants...

Anywho I didn't know where to put this ... under the news section or the humor section ... you folks decide

C.

Next time before I go for a job interview, I'm going to deface their website and during the interview get them to bring up their site. Yeah, that'll get me hired

I agree, this kid has no clue how the world works. In one statement he says that "that any server or any company is vulnerable", and then in the next says , "we can made sure it will never happen again". Kid, go back to english class and look up the definition for contradiciton.

This concept seems to be a very big misconception within the hacker community. Granted, a lot these kids who try this approach really do have some technical skills... they just don't understand that no serious company will be impressed by criminal activity; they will simply press charges instead. There are always stories (though few are ever proven) about "yeah, i knew this dude. he was 1337 and had so much uber-micro that he broke into the FBI networks... then they hired him as secret agent hacker" type of story. People need to realize that the corporate world DOES NOT WORK THIS WAY. They might impress their hacker buddies, but no one wants to hire a criminal. Just that simple.

Tats kindda like saying hey I burnt down McDonalds now hire me so I wont do it again.

I think someone watched "Catch me if you can" too many times.

Well, If I was in charge of running the site that was hacked, I may pull this guy into my office simply to have a discussion of what he did, and how he entered. Alot of times in programming production, this kind of penetration testing can not be simply "bought".

Now don't get me wrong, I would press charges still, but if say, a whitepaper of his entire process of the intrusion were handed over, with possible fixes, then I may drop a few of the charges. But by no means would I hire someone that has already shown themselves to break the law. Companies spend countless money setting up firewalls to prevent people like this from entering their networks. With that in mind, what makes this guy think I would place him anywhere near the internal network.

Apocolypse: go to school and pursue this career the correct way.

agreed to all so far but i do wanna bring to mind what happened with the ultra HLE project (HLE stands for (High Level Emulator) it was a project to try to emulate the nintendo 64
the orginal programmer was really good but in this case he "did nothing wrong" save the DCMA
anyway to stop him nintendo hired him
he could no longer work on the project because he had to sign a disclosure if my memory serves me it was picked up by someone else

My point is make them look bad by building something better not breaking it. (you can break anything) imho

RaFa and Apcolypse are actually well known web page defacers. if these guys are the real ones then they are actually pretty good at what they did. Granted RaFa has a big mouth and likes to shoot it off and brag about what he does, its no wonder they are trying to nail him for shit. But still, if these are the real guys then they are fairly good at what they do, but I still wouldnt hire either of them.

Good as they may be, one has to ask himself whether he can clear-minded trust someone known to be a defacer with any kind of company information or network access.
There's a strong possibility that "the dark side" will eventually catch up and one day you'll find urself questioning if he has backdoored or piggybacked anything... on the other hand, hiring crackers has been a policy some companies use to check their products for vulns. My country reacently hired a couple of ppl to attack their online lotary system, but still you are never 100% hack proof (big-ego admins, laizy physical security policies, bad patching, unsecure functions and so on...).

Still,
I think someone watched "Catch me if you can" too many times. is the right comment. You can even hire someone to make a sporadic attempt to hack ur site/proggie/what ever, but a PERMANENT job putting security on the hands of ppl u know have breached security before? nah... i don't think so.

I think they did illustrate a good point though, that just about everybody is pretty vulnerable and that they should tighten their belts, a lot. As for hiring them, I dunno about that. I think if they know that much, making them jump through the hoops of getting a degree is stupid (especially if they can illustrate they have the ability in a legit manner such as a sample pen test or two box war game). Not to get to far off topic, but I think it is stupid to make people take get a degree if they already have the knowledge and can illustrate it, but that's just how I feel. Back to the topic, what if M$ is like we'll hire you, then arrested them when they came to work. ^_^

sb,

I somewhat disagree Microsoft hackers may be experts in security issues or microsoft vulnerabilities. That doesnt necessarily mean that have the same amount of knowledge that a person with a degree may have. The hackers knowledge is specialized. He/she may know other topics, but mainly as to how they relate to hacking.

Hacking is a type of theft and anyone skilled enough to hack Microsoft can be likened to a "Klepto", and therefore could not be trusted with confidential information for any amount of time.

Hacking is a type of theft and anyone skilled enough to hack Microsoft can be likened to a "Klepto", and therefore could not be trusted with confidential information for any amount of time. I said "hire" them and arrest them when they show up at work ^_^.

As for hiring them, I dunno about that. I think if they know that much, making them jump through the hoops of getting a degree is stupid

getting a degree is more than showing that you can do something. It shows that you have taken an interest in the topic at a higher level and are willing to work and learn to better your self at it. Having a degree/cert does not necessarily mean you know what you are doing, it just means you read the book and remembered what it said (book knowledge). Real world experience is a huge factor in getting a high end job (real world knowledge)

Having one or the other looks average, having both makes you look good.


You can be the best damn hacker in the world, but chances are you would not make a good network administrator becasue you dont have the realworld corporate knowledge. You dont know the politics, and you dont know the procedures. You may know the network inside and out but you dont know the people, and that is half the work. And believe it or not, a lot of the higher end exams force you to start learning things like that.

Hi

Having a degree means that you have studied the topic in a rounded way. Any decent computer science degree is not just book knowledge but hands on and would include basic circuit design, assembly language programming, 3G programming, object oriented, Visual and AI, database design and analysis, network implementation and design, server administration etc. Very good ones also cover the business aspects such as presentation skills, team work etc.

IOW a degree covers all aspects of the subject at sufficient level that the individual can leave the course and start training for real with

a) basic knowledge of the entire range of career possibilities
b) a head start in whatever area they decide to specialise in
c) a broad background in other areas which allows them to interact meaningfully with their colleagues and
d) a foundation in business skills

A degree therefore should not be mistaken for indepth knowledge (that comes later with training) but for a 360 degrees in the subject area. I think some employers think that the degree can be substituted for training and are disappointed by the results. The difference the degree makes shows up more long term. They have a thinker on board.

That's why some companies take on graduates with non relevant degrees and train them up.

These hackers may know hacking but getting a degree would illustrate a more rounded knowledge of the area. That's what the degree is for.

This is a classic case of stupidity. This is a story that almost everyone knows. Someone hacks a site from a big company and they get a job. Its shows that there are still people who believe in farytales and othber story's to amuse kids with.
Showing off with this "tallent" is good maybe for inpressing his friends but the company's wont be. I never thought that there were people out there that still believed in that.

hahaha, if he had the x-box 360 it wouldn't have happened...

But he is kinda making sense, in fact didn't the guy who wrote the blaster worm get a job with symantec, maybe I am wrong. Maybe that is where he got his inspiration from

I think we discussed this a great length just two weeks ago...

http://www.antionline.com/showthread.php?s=&threadid=269069
AntiOnline - Hiring Hackers As Security Consultants

the fact is : it's impossible to tell whether or not a person has actually reformed...at best, it's a guess...a 50-50 split...

if a person truly is ' reformed ' then you have no problem...if he isn't, then you obviously do.

Personally...I wouldn't take the chance...

I wouldn't hire a rapist as a rape counsellor

I wouldn't hire a gambler as my accountant

I wouldn't hire a thief to guard my property

I wouldn't hire a child molester to be a priest ( hear that Mr. Pope?!!! )

and I wouldn't hire a black hat to provide my business security

just seems like common sense to me.

In the rare cases where a person is truly ' reformed ' ...that is to say they are NO LONGER the person that they were...there would not be a problem...but there's really no way to know that for sure.


Eg ;)