Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mariposa Botmasters Sought Real Jobs After Arrest

Posted by Soulskill on from the unusual-recruitment-practices dept.

An anonymous reader writes "Two of the three Spanish men arrested in February for their alleged role in operating the massive Mariposa botnet later sought jobs at the Spanish security firm that previously had helped get them arrested. From Krebsonsecurity.com: 'Corrons, a technical director and blogger for Spanish security firm Panda Security, said he received a visit from the hackers on the morning of March 22. The two men, known by the online nicknames "Netkairo" and "Ostiator," were arrested in February by Spanish police for their alleged role in running the "Mariposa" botnet, a malware distribution platform that spread malicious software to more than 12 million Internet addresses from 190 countries (mariposa is Spanish for "butterfly"). Now, here the two Mariposa curators were at Panda's headquarters in Bilbao, their resumes in hand, practically begging for a job, Corrons said.' The story concludes with a brief response from Netkairo, who acknowledges seeking the job at Panda because he is broke now that his moneymaking machine has been dismantled."

4 of 92 comments (clear)

  1. Spain's unemployment is at 20% by CRCulver · · Score: 4, Informative

    When Spain has seen incredible joblessness recently, you can't blame people for being a little desparate in their jobhunting.

  2. Re:Kevin Mitnick by MarkvW · · Score: 5, Informative

    TFA makes the point that these crooks were using purchased code. This indicates that they aren't very sophisticated. Their market value would appear to be zilch.

  3. Re:If nobody gives them a second chance by jjohnson · · Score: 4, Informative

    From the article:

    When it became clear that Panda wasn't interested in hiring him, Netkairo changed his tune, Corrons said, claiming he had found vulnerabilities in the company's cloud anti-virus software and hinting that he planned to publish the information.

    This is why you don't hire criminals, ex or otherwise. Pretty much by definition, they don't have normal social controls in their heads that make them worthwhile employees.

    I can see Panda potentially using them as consultants of a sort, and very carefully maintaining an arms-length relationship with them that's clearly about paying them for specific analyses or something. But hire them as employees? It'd be like planting land mines under the office carpet.

    --
    Anyone who loves or hates any language, platform, or manufacturer, doesn't know what they're talking about.
  4. Re:Kevin Mitnick by Pharmboy · · Score: 3, Informative

    Mitnick used social engineering, not reverse engineering, to gain access to networks. I don't think we have enough information to know what skillz they have or do not have. Either way, I don't *blame* them for trying to get into the security biz for a job. I didn't say I would be hiring them, just said it shouldn't be shocking that they are trying to enter a field they know at least something about.

    --
    Tequila: It's not just for breakfast anymore!