The Problem with "Hiring Hackers"

The Communications Director for Montana's Congressman Denny Rehberg solicited "hackers" to break into the computer system at Texas Christian University and change his grades (so they would look better when he eventually ran for office, I presume). The hackers posted the email exchange instead. Very funny:

First, let's be clear. You are soliciting me to break the law and hack into a computer across state lines. That is a federal offense and multiple felonies. Obviously I can't trust anyone and everyone that mails such a request, you might be an FBI agent, right?

So, I need three things to make this happen:

1. A picture of a squirrel or pigeon on your campus. One close-up, one with background that shows buildings, a sign, or something to indicate you are standing on the campus.

2. The information I mentioned so I can find the records once I get into the database.

3. Some idea of what I get for all my trouble.

Posted on December 27, 2006 at 1:40 PM • 30 Comments

Comments

Evan WiredDecember 27, 2006 2:40 PM

Actually, I believe the Communications Director wanted them to change his own grades, not the grades of the Congressman.

Josh ODecember 27, 2006 2:42 PM

I think the guy was trying to get his own grades changed, not the grades of the congressman he worked for. After reading the emails though, I'm not surprised the grades were bad.

BazDecember 27, 2006 2:48 PM

--- BEGIN PSP SIGNED MESSAGE ---
"and change the Congressman's grades"

Small correction: the story said Shriber was trying to get his own grades changed, not Rehberg's?

--- BEGIN PSP SIGNATURE ---
Today's Photographed Squirrel/Pigeon is "Tuftie"
--- END PSP SIGNATURE ---

LygerDecember 27, 2006 3:34 PM

@ Bruce, Evan, Josh, et al:

The request in question was indeed for the change of the aide's own grades, not for Congressman Rehberg. Until the story broke on networkworld.com, we had no idea of (nor interest in) the aide's profession.

RalphDecember 27, 2006 3:49 PM

And so life imitates art.

There are many lessons in here; I feel that trusting "hackers" might be the least of them.

RotDecember 27, 2006 4:35 PM

ROT-26 has been used be a wide variety by hackers and crypotologists at some point in their lives. Despite this, we have evidence that it's insecure, and we have a pretty power-point presentation (available for the low price of only 1,000 Zimbabwe Dollars) with all kinds of language on it that you won't psudostafle, so you won't deppinjack the cryptowapple.

Use our (TM) ROT-546(TM) in its place! It's been calculated to be 21x as secure as ROT-26, and it is a proven communications method!

Visit www.doghouse.IReallyHopeThisDoesNotExist for a pricing guide, and further details!

Anonymous CowardDecember 27, 2006 4:35 PM

This guy was lucky. He could have found some idiot who would have performed the crime instead of taking it as an opportunity for a prank.

Bluezoo7December 27, 2006 5:00 PM

I'll bet this sucker thought hackers were just geeky useful idiots before this happened...

NathanDecember 27, 2006 5:19 PM

This nicely illustrates the definition of hacker: given the opportunity to A) break into a school's database to change grades and B) engage in social engineering to see how far this guy would take things, the hacker opted for the latter, more interesting option.

I think we can remove the scare-quotes from "hacker" because clearly lyger is the geniune, inquisitive/creative type.

ComCortexUnixDecember 27, 2006 5:44 PM

Only Darkside Haxors will be willing to exploit government services for profit. But they dont want to look like tools aswell, so they end up getting themselves in an ego/financial pickle dont they.

jDecember 27, 2006 5:44 PM

The pigeon idea reminded me of the guys who get off trying to sucker the 419 spammers. There are web sites with pages and pages of photos that 419 spammers sent of themselves holding strange objects or ridiculous signs - this business with the squirrels is a direct descendent. Hah!

/j

B-ConDecember 28, 2006 4:16 AM

I moderate one of the more search-engine friendly "hacker" forums out there, and I get at least one or two private requests per month for hacking services. I've wondered before just how many people like this I may have turned down.

bobDecember 28, 2006 7:11 AM

SCORE:

Hackers:1

Criminal-minded politico seed:0

Number of similar criminal-minded politico seeds to be thwarted: 7,865,322; +3 more per second because politics is the best way to get money and power without adding any value to society.

Its like going out into a junkyard and killing mice one at a time with a club. They reproduce faster than you can attrit them.

RichDecember 28, 2006 10:22 AM

What I find interesting is that the guy claims to have spent time looking around attrition.org and didn't pick up the shade of the hats. Ok, maybe they're not always gleaming white- but IMO they're not black enough to pull a stunt like that either.

Also shows how much of our 'education' comes from Hollywood.

RichardDecember 29, 2006 8:51 AM

Maybe in the near future, there would be a new career with service catalog and pricing for what kind of information "hacking" and for what sites. A sites with higher price means higher security protection.... :)

DavidDecember 31, 2006 9:18 AM

ROT-26? I use that encryption scheme every day. Very easy to use. Not the strongest of encryptions, for sure, but I never forget the passphrase. However, I hear Vista uses this too. I hope Microsoft hasn't filed for a patent...

MikeJanuary 2, 2007 8:45 AM

He asked the guys on Attrition? Jesus, he deserves everything he gets. A simple search of the site show they have been doing this stuff for YEARS.

This is like some kind of Darwin award...

SteveJanuary 2, 2007 9:57 AM

@Roberto:

They are hackers - in this case they hacked the procedure for hiring computer criminals in order to ridicule the hirer :-)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..