Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Jail and a Job Offer

3:50 PM -- On Monday, Li Jun was sentenced to four years in prison for creating the Fujacks worm, called the "most destructive computer virus in China." On Tuesday, he received a million yuan (about $133,155) job offer from Jushu Technology, one of the many companies his worm infected. (See "Million yuan job awaits jailed worm author.")

Does anyone besides me (and Sophos) find this a bit absurd?

Jun's lawyer said he's received about 10 job offers from various companies. While that sounds great, let's not forgot Jun is going to be spending four years in a Chinese prison before he gets to enjoy any of them. We can only hope his cellmates are a bunch of disgruntled, virus-infected Windows users who can help him with his rehabilitation.

What sort of message are these companies sending to malware authors: "Once you're done making money by stealing identities, fraud, and extortion, come get a legit job with us -- after you've served your prison sentence, of course."

Jun isn't the only malware author that has had this luck. According to Sophos, there are several other malware authors who've been given or offered jobs based on the skills they used for their illegal activities.

Back in July, I received an email from a PR person for eEye Digital Security asking if I'd like to meet with Marc Maiffret, its chief hacking officer, at Black Hat. Among the usual fluff about his analysis of the Code Red worm in 2001, the PR person included, "In fact, when he was 17, the FBI raided his house and confiscated his PCs." When Marc finally leaves eEye, is he going to include that on his resume? (See From Script Kiddie to CTO.)

People change. They can be rehabilitated. Sometimes they were never bad in the first place and just made a bad choice. It really comes down to what sort of risk the company is willing to take with hiring someone based on skills that were used for illicit activity. Would you hire Jun or someone with a similar background?

— John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.

  • eEye Digital Security