New Zealand telco denies hiring botnet operator arrested in FBI-led operation
Walker pleaded guilty to infecting more than 1M computers
Computerworld - One of New Zealand's largest telecommunications companies is downplaying reports that it hired as a security consultant a teenager who was arrested in 2007 after an FBI-led investigation fingered him as the operator of a massive international botnet operation.
Chris Mirams, a spokesman for Auckland-based TelstraClear Ltd., yesterday said the company had asked Owen Walker to be a speaker at two customer seminars last October and November. Walker's image was also used in a targeted advertising campaign for TelstraClear's DMZ Global security unit, Mirams said.
But apart from that contract, which lasted "approximately two months," TelstraClear has not engaged Walker in any other capacity, Mirams said. "He was contracted for those duties only and was not, and is not, a full-time employee," Mirams said in an e-mail.
Walker, 19, was one of those arrested in the second phase of the FBI's Operation Bot Roast aimed at taking down botnets worldwide. Walker was accused of running a network including more than 1.2 million infected computers that was used by cybercrooks to steal millions of dollars from banks worldwide.
Among those arrested in the operation was Ryan Goldstein, a native of Ambler, Pa., who was charged with using the botnet run by Walker to launch distributed denial-of-service attacks against the University of Pennsylvania and several Internet Relay Chat groups.
Walker, whose online handle was "AKILL," admitted to making about $30,000 from his operations. He pleaded guilty last year and was fined $14,000 by a New Zealand court.
Earlier this week, an Associated Press story said that Walker had been given a "new job" as a consultant at TelstraClear. The story generated scores of other news media reports and blog posts, many of which suggested that Walker had been hired by TelstraClear as a consultant to help advise the company on dealing with botnets and other threats.
Mirams, however, downplayed any suggestions that Walker had been offered anything more than a speaking engagement on behalf of TelstraClear. "He has not presented any seminars to TelstraClear staff, used any computer equipment or had access to our network," he said.
Mirams said feedback the company received from customers who attended Walker's presentation was very positive. "They found the information he provided a valuable insight," he said. Mirams added that prior to contracting Walker for the speeches, TelstraClear consulted with his police case officer, who had offered positive feedback. The company also read both the judge's and Walker's probation service reports that were filed with the court, Mirams said.
"We also spoke with Owen and his mother about how he felt about the activities that led to court and what he wanted to do going forward," Mirams said. "He reiterated what the probation report stated, that he realized what he had done and was sorry for it. Owen told us he wanted to help New Zealand businesses protect themselves against such activity," Mirams said.
What to do with convicted hackers after they have served time or paid their debt to society has been a matter of debate.
Just recently, the CEO of a search engine company who hired a convicted botnet leader stoutly defended his decision. Jason Calacanis, founder and CEO of start-up Mahalo.com Inc., claimed he had hired John Schiefer without knowing that Schiefer was awaiting sentencing after pleading guilty to four felony counts involving computer crimes. Calacanis said he decided to stick with Schiefer even after discovering his past and would rehire him when he finishes his four-year prison term.
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts