Security

Ikee worm author gets developer job

"I agree that part of the "mistake" Towns made was blaming the victims, although how much you can call someone who has knowingly taken specific steps to jailbreak their iPhone away from the way ..."

By Mordd

Commentary: 'Silly' iPhone owners deserve what they get

iPhone virus maker regrets 'stupidity'

Analysis: iPhone malware evolution on overdrive

Foxtel app spies on iPhone users

Breaking Stories

Microsoft denies Windows 7 battery problems

Ex-Intel executive owns up to insider trading

Optus to boost HFC network up to 100 Mbps

Microsoft launches Surface, unveils partners and customers

Opinion: Webjet brings 'cloud' claims back down to earth

By Phil Muncaster

Nov 27, 2009 6:27 AM

Security experts brand hire a 'stunt'.

The author of the first iPhone worm has been given a job with Australian iPhone app developer Mogeneration, much to the disgust of security experts.

Ashley Towns, who is 21, wrote on his Twitter feed earlier today that he had got the job at the firm, which markets itself as Australia's "leading iPhone development company".

The so-called Ikee worm surfaced two weeks ago, targeting jail-broken iPhones. The worm was not malicious in intent, but it is widely believed to have provided the template for the more sinister Duh worm, which appeared over the weekend and is designed to steal online banking credentials.

Graham Cluley, senior technology consultant at Sophos, argued that the hiring of a known hacker is sending out the wrong signal.

"Don't get me wrong. I don't think virus writers shouldn't be allowed to rehabilitate and do something worthwhile with their lives," he wrote in a blog post.

"But it jars with me that Towns has shown no regret for what he did, and that his utterly irresponsible behaviour appears to have been rewarded. Will Towns be offering a token $5 compensation to all those he infected for the inconvenience he caused? I doubt it."

Towns told iTnews in early November that he regretted the spread of the worm.

Rik Ferguson, senior security advisor at Trend Micro, was similarly sceptical about the young hacker's appointment.

"This feels like a PR stunt by the employer," he said. "I don't see any compelling reason 'why him' and can definitely see a few 'why not'."

Towns's case has echoes of Twitter hacker Michael 'Mikeyy' Mooney, who was offered a job at applications developer exqSoft Solutions LLC in April after admitting attacking the micro-blogging site several times and causing widespread disruption.

Comments: 6

Thoughts on this article? Add a comment below.

Mordd Nov 27, 2009 6:59 PM	@ Phil Muncaster (article author): I think you have failed to properly emphasise a point in your article regarding the criticism from Graham Cluley, as written here: "But it jars with me that Towns has shown no regret for what he did, and that his utterly irresponsible behaviour appears to have been rewarded. Will Towns be offering a token $5 compensation to all those he infected for the inconvenience he caused? I doubt it." Towns told iTnews in early November that he regretted the spread of the worm. As you mention, Towns does express regret in articles previously published here on ITNews, in fact he actually apologises in one article and the articles also mention how he has received death threats. This does not change the fact that you can view his employment now as being "rewarded" if you like, but the fact is he has expressed regret abd apologised, aso the criticisms you print here expressed by Graham are in fact false, and as the author of the article it is my opinion you failed to make this as clear as you could have, which paints Towns in a light more suited to your article I guess, that he is a "loser who doesn't care about the impact he had" when in fact he has clearly expressed that he understands, regrets and apologises for the impact he had. Personally i think the guy is tool and shouldn't be given a job anywhere in the industry, but your article is misleading and badly written considering previous coverage here on ITNews regarding Towns, and is a ppor reflection of any journalistic skills you possed as a result in my opinion.
Mordd Nov 27, 2009 7:02 PM	From the article linked by the author regarding Towns regret: "In reality it was a pretty stupid thing to do," Towns said. Asked if he regretted the spread of the virus, "God yes," he responded. Towns said he had received non-stop phone calls, death threats and posting of his personal details online. People had even managed to find his geo-location from a picture he posted online from his iPhone. "It's crazy," he said. "It definitely changed the way I look at all the posts about people and stuff." He also said that he was "really regretting" comments left in the code of the virus.
Mordd Nov 27, 2009 7:03 PM	* Sorry for the bad spelling in my 1st post, I should check it better before posting, bleh.
Follier Nov 28, 2009 4:38 AM	In his defense, the point of his worm was to expose a vulnerability. Not that anyone listened, they just labeled him an "0MG 3v1L H@xx0R !" or whatever. The situation is like an ATM that allows people to use cards with a default PIN of 1234, rather than forcing the user to change it to something else. But rather than blaming iphone devs for not adding in this critical step to the jail-breaking process (mandatory password change), Towns blamed the victim, and created a harmless, yet insulting "you are stupid for not changing your password" rick-rolling virus. I understand his frustration; changing your password is computer security for kindergartners. http://www.sophos.com/blogs/gc/g/2009/11/08/iphone-worm-discovered-wallpaper-rick-astley-photo/ I think it was his misplaced blaming of the victim (and the fall-out it caused), not the act itself, that was his regret. And this: "The worm was not malicious in intent, but it is widely believed to have provided the template for the more sinister Duh worm, which appeared over the weekend and is designed to steal online banking credentials." The idea that the Duh worm got the idea from him is ludicrous, the vulnerability was well known and documented. The person who developed the Duh worm just cynically banked on the inability of people to learn from mistakes - and they were right.
Slatts Nov 28, 2009 1:40 PM	The words "young" and "stupid" are often found together. Perhaps "young" and "lacking in real-world skills upon which to base value judgements" would be better. But it doesn't roll off the tongue as easily. Having majorly stuffed up and having had his noes rubbed in the mess he made, young Mr Towns will have learnt a very valuable lesson. He obviously has some coding skills with the iPhone platform and, with a little luck may turn out to be a useful employee. Give him a chance. We all stuff up sometimes, most of us not so publicly. make him get a bloody haircut though. ;-)
Mordd Nov 28, 2009 5:17 PM	I agree that part of the "mistake" Towns made was blaming the victims, although how much you can call someone who has knowingly taken specific steps to jailbreak their iPhone away from the way Apple intended it to work a "victim" here is debatable in and of itself. Towns stated in previous articles on here that he especially regretted the comments left in the virus, they were a spur of the moment wording and having no idea how far the worm would spread he didn't think too deeply about what he wrote in the code. Fact is though he did prove that users should know better when doing things like jailbreaking a phone, although I personally blame all the "Computer Power User" magazines such as Atomic, APC, PC User, and others which have encouraged their readers with step by step instructions on how to jailbreak a phone, along with many other sources this information could be found. I liken it to buying a fancy expensive combination D-lock for your bike, and then not changing the default pin combo from 0000 to something harder to "crack" and then further blaming the bike manufacturer when your bike is stolen, even when the bike manufacturer told you "do not leave the bike unnattended in public" and the lock manufacturer told you "do not leave the lock in its default combo if you want it to be secure". In my opinion though Phil Muncaster here has tried to make the story fit the quotes, instead of finding quotes to fit the story. Thats the only conclusion I can come to seeing as the 2 sources he quotes don't even accurately support the point he is trying to make in the article. I can't help but wonder if Phil owns an iPhone and if he maybe got stung by Towns litle joke as well, and thus has a motivation to try and portray him as nothing more than stupid and lacking in any form of regret, when the opposite is actually true.