New Zealand telco denies hiring botnet operator arrested in FBI-led operation

Computerworld - One of New Zealand's largest telecommunications companies is downplaying reports that it hired as a security consultant a teenager who was arrested in 2007 after an FBI-led investigation fingered him as the operator of a massive international botnet operation.

Chris Mirams, a spokesman for Auckland-based TelstraClear Ltd., yesterday said the company had asked Owen Walker to be a speaker at two customer seminars last October and November. Walker's image was also used in a targeted advertising campaign for TelstraClear's DMZ Global security unit, Mirams said.

But apart from that contract, which lasted "approximately two months," TelstraClear has not engaged Walker in any other capacity, Mirams said. "He was contracted for those duties only and was not, and is not, a full-time employee," Mirams said in an e-mail.

Walker, 19, was one of those arrested in the second phase of the FBI's Operation Bot Roast aimed at taking down botnets worldwide. Walker was accused of running a network including more than 1.2 million infected computers that was used by cybercrooks to steal millions of dollars from banks worldwide.

Among those arrested in the operation was Ryan Goldstein, a native of Ambler, Pa., who was charged with using the botnet run by Walker to launch distributed denial-of-service attacks against the University of Pennsylvania and several Internet Relay Chat groups.

Walker, whose online handle was "AKILL," admitted to making about $30,000 from his operations. He pleaded guilty last year and was fined $14,000 by a New Zealand court.

Earlier this week, an Associated Press story said that Walker had been given a "new job" as a consultant at TelstraClear. The story generated scores of other news media reports and blog posts, many of which suggested that Walker had been hired by TelstraClear as a consultant to help advise the company on dealing with botnets and other threats.

Mirams, however, downplayed any suggestions that Walker had been offered anything more than a speaking engagement on behalf of TelstraClear. "He has not presented any seminars to TelstraClear staff, used any computer equipment or had access to our network," he said.

Mirams said feedback the company received from customers who attended Walker's presentation was very positive. "They found the information he provided a valuable insight," he said. Mirams added that prior to contracting Walker for the speeches, TelstraClear consulted with his police case officer, who had offered positive feedback. The company also read both the judge's and Walker's probation service reports that were filed with the court, Mirams said.

"We also spoke with Owen and his mother about how he felt about the activities that led to court and what he wanted to do going forward," Mirams said. "He reiterated what the probation report stated, that he realized what he had done and was sorry for it. Owen told us he wanted to help New Zealand businesses protect themselves against such activity," Mirams said.

What to do with convicted hackers after they have served time or paid their debt to society has been a matter of debate.

Just recently, the CEO of a search engine company who hired a convicted botnet leader stoutly defended his decision. Jason Calacanis, founder and CEO of start-up Mahalo.com Inc., claimed he had hired John Schiefer without knowing that Schiefer was awaiting sentencing after pleading guilty to four felony counts involving computer crimes. Calacanis said he decided to stick with Schiefer even after discovering his past and would rehire him when he finishes his four-year prison term.

Others, such as Kevin Mitnick and Frank Abagnale, who served jail time for technology crimes, have gone on to have successful consulting and speaking careers.

Read more about Security in Computerworld's Security Topic Center.