"22 Year old Victorian"
I take it there was no mention of them confiscatiing his time machine?
A former intern at security company FireEye has been arrested for creating and selling the slick and sophisticated Dendroid malware program after being caught in a global police sting that obliterated the Darkode cybercrime forum. Prosecutors say that Morgan Culbertson, 20, of Pittsburgh, was most recently working as a …
Perhaps it might be unwise to use interns in security-critical businesses? Even if it was a paid internship I suspect the pay and employment benefits stacked up badly against full time employees and the guy knows he's out of work in twelve weeks anyway. Not to say that what he did was okay but if using an intern was a low cost option for the company then they only have themselves to blame. They wouldn't outsource this sort of thing to China, why pass it off to someone with no inherent loyalty?
That's a little disingenuous. The kid had the smarts to build a C&C infrastructure for mobile malware so it's not like they hired a slouch to come in and do security. If your thought was, "
they should have hired a full time more experienced person", I'd say you are severely overestimating the talents of the general Information Security populace.
In my experience, IS teams are mostly made up of Book Smarts, people who understand the theory, the terminology, and the concepts (they are intelligent people), but few actually have the ability to adapt to persistent threats, and adapt their companies to it.
Shit, 50% of them I've met think they can put down programming skills on their resume because they can write"SELECT * FROM users;" I think it why IS is in such "demand" right now.
IMHO, the people and companies that produce antivirus and antimalware software should be one of the first places to look into when there are virus' that don't get picked up by AV or AM software.
Their employees certainly have the qualifications to produce the worst undetectable virus' and malware possible and they can do it while hiding behind legitimate reasons for possession of hacking tools and virus'.
The EX-employees should definitely "Expect the Inquisition" as they now have motive to create and sell the bad stuff to show up their ex employer.
The closer the company is located to known hubs of illegal hacking activity, the more they should be suspect.
How many others are double-agents as such? He's fighting malware and using what he's learn to create it and vice versa. I do wonder if there's more of this than is public (for some value of public) knowledge? Is it that the miscreants haven't been caught yet? Or is it that they are known to the companies that employ them? This seems to be a very murky business in many ways.