More like this

Security

Is this Romanian man really 'GhostShell'? If so, he risks arrest

Elaborate CV writing skills from man alleging hacktivist nous

Hacker with face obscured, wearing a hoodie,  works in front of a bank of monitors. photo by Shutterstock

Members of the security community are nonplussed by claims that a Romanian hacker “GhostShell” has seemingly risked arrest by doxxing himself in a bid to get a job in information security.

The man claiming to be a one-time Anonymous-affiliated hacktivist avoided identification and arrest for four years before apparently outing himself as Razvan Eugen Gheorghe in an interview with DataBreaches.net.

In what seems a counter intuitive move, the individual, purportedly a 24-year-old Bucharest resident, is risking possible criminal prosecution to obtain an edge in the IT security jobs market. While others might use contacts or LinkedIn to look for work, Gheorghe is using the press.

Team GhostShell claimed credit for hacking numerous government and corporate sites, including a firm that recruited IT personnel for Wall Street, as well as a string of Universities worldwide in October 2012.

The “group” - which Gheorghe (AKA DeadMellox) claimed was him acting alone - attacked the governments of the United States, China and Russia using SQL injection and other hacking techniques, as reported in various earlier Reg stories.

In addition, Gheorghe is retrospectively claiming credit for spearheading an Anonymous campaign against UK child abusers in 2014, among other activities.

Much of what Gheorghe, who certainly doesn’t lack for braggadocio or swagger, alleged about the full extent of his activities is difficult to verify independently.

In a follow-up conversation with DataBreaches.net, Gheorghe said he would rather face up to his actions now than have them catch up with him in the future.

I hope this acts like a precedent to the constant cat and mouse game that hackers have had with the feds and watching this entire situation unfold could lead to a new way of breaking legally into the industry without all the general paranoia, drama and backstabbing that goes on behind the scene.

It may seem crazy and it probably is but I’d rather do this than get entrapped at some point and have the feds dictate the narrative of my life. How many times have we seen hacktivists and hackers alike be labelled as something so ridiculous that most people actually believe? Look up every case against a notorious hacktivist and almost every time the feds will accuse them of so many things without any proof and the charges magically drop by the end of their legal battle but by then no one even cares since their image has already been destroyed.

I want to work in the industry as an equal, not a former “cyber-terrorist” or the FBI’s hacker poster child.

It’s an odd move. In most geographies confessing to a criminal past makes it far harder to get a job in security.

Representatives from Romanian security software firm BitDefender, for one, were unimpressed by the pitch.

“From our experience, people like GhostShell have a restless inborn curiosity and they perform hacking just for the fun of it, to challenge themselves,” Catalin Cosoi, chief security strategist at Bitdefender told El Reg. “If the Government offers him a job, who is to say that he can be trusted with the internal data such as employee salaries and private emails? It requires intensive effort and time to mitigate this trust issue and manage a person with this set of skills.”

Even if he were to get a job Gheorghe may be disappointed at the salaries on offer, especially in the public sector in his native Romania. For Cosoi this is another reason to doubt the supposed poacher-turned-gamekeepers’ bona-fides.

“We also need to take into account the fact that government salaries in Romania are not extremely motivating - all the more reason to believe that his intentions may not be entirely honourable,” Cosoi concluded. ®

Sponsored: 2016 Cyberthreat defense report