Yesterday I posted about a good news infosec story abouthow the FBI and Romanian police arrested a gang of cybercriminals. It was good to see justice reaching out and catching those that prey on the innocent. Then today I read about a New Zealand teenager who pleaded guilty to writing a sophisticated Trojan horse which was used to steal over $20 million dollars being let free from court because the judge was worried a conviction would ruin the guy’s potentially bright career.
Eighteen year old Owen Thor Walker, known online as “Akill”, wrote sophisticated malware that employed encryption techniques to bypass anti-virus software. This software was then used to steal over $20 million from private bank accounts worldwide. Walker did not apparently hack into people’s bank accounts himself but instead was paid $30,000 by those who did. He pleaded guilty to the charges and was fined $10,000. After both the prosecution and the defence solicitors pleaded for leniency, Justice Judith Potter let Walker go free and dismissed the remaining charges. Rumours abound that Walker has now been offered jobs from various IT security companies and may even have a career ahead in law enforcement.
This guy commits a crime, makes a $20,000 profit and lands a career at the end of it… now tell what part of “crime does not pay” that I am missing? What message does this send out to the hacking community? How many young people will now think that if they write some cool malware and it is used to steal people’s money then the worst that can possibly happen is that you get a job working with the police ??!!!
This sends out the completely wrong message and I know I am not the only person in the field who finds the decision to be wrong and undermining to the hard work by the many professionals in the law enforcement and private sector around the world who fight hard to prevent this type of crime from happening.
If Walker had designed a tool that bank robbers could use in bank raids which then allowed them steal millions from banks all over the world, do you think he would have got off so lightly? I think not. Until the justice system realises that computer crime is still crime and that there are real life victims resulting from the actions of these criminals then we are going to have a long hard road ahead of us.