German federals looking for trojan author – still

The German federals (BKA = Bundeskriminalamt, roughly the German equivalent to the FBI in the US) are still looking for someone with the qualifications to write what had been dubbed “Bundestrojaner” (literally: federal trojan) in 2008. This means that first of all they haven’t found anyone yet and secondly that they apparently were unhappy with the services of the previous firm they had hired for some such tasks.

I see several problems with their recruiting attempt …

  • Which skilled hacker with the required knowledge would go for this job at the given payment level, knowing that it is against his/her own ethics? I don’t doubt that any person has a price, but certainly 5000 EUR/month (before taxes) isn’t it. As long as it doesn’t cause death and comes with a feel-good-guarantee such as a job for the feds, I’ll readily leave my ethical standards in the reception area when going to work for a few months or years – at the right price, though ­čść
  • They are clearly looking for someone with years of experience, yet they insist on a graduate (formal education) instead of the actual field experience. Why is it that in Germany a little piece of paper saying you know something counts more than actual experience – even and especially for skills that no university and no school teaches formally? Stereotypical … ­čÖä
  • They clearly want someone who knows his/her way around in Windows user mode and kernel mode. Few developers know both sides enough in-depth to be of use.
  • Who has enough criminal energy to go for such a job, yet will be able to pass the extended vetting process (German: erweiterte Sicherheits├╝berpr├╝fung)?
  • No CS graduate I know would be of any use to them, but I know plenty of other hackers without formal education who could do the job without a problem.
  • Why is RCE not a required skill? Shouldn’t it be?

Also, I wonder: are they going to go after all those applicants that fail the job interview (or the application process)? In all likelihood the applicants will be in breach of the ┬ž┬ž 202b and 202c of the StGB (the German criminal code) – how else would they have acquired the required skill set?

One reason I can’t apply: I have no formal education in my field of expertise (as required). And another: it’s against my ethical standards, too. Also, the vetting process keeps me from even applying just for giggles.

// Oliver

This entry was posted in C/C++, EN, IT Security, Reversing, Software, Thoughts and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *