Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mariposa Botmasters Sought Real Jobs After Arrest

Posted by Soulskill on from the unusual-recruitment-practices dept.

An anonymous reader writes "Two of the three Spanish men arrested in February for their alleged role in operating the massive Mariposa botnet later sought jobs at the Spanish security firm that previously had helped get them arrested. From Krebsonsecurity.com: 'Corrons, a technical director and blogger for Spanish security firm Panda Security, said he received a visit from the hackers on the morning of March 22. The two men, known by the online nicknames "Netkairo" and "Ostiator," were arrested in February by Spanish police for their alleged role in running the "Mariposa" botnet, a malware distribution platform that spread malicious software to more than 12 million Internet addresses from 190 countries (mariposa is Spanish for "butterfly"). Now, here the two Mariposa curators were at Panda's headquarters in Bilbao, their resumes in hand, practically begging for a job, Corrons said.' The story concludes with a brief response from Netkairo, who acknowledges seeking the job at Panda because he is broke now that his moneymaking machine has been dismantled."

8 of 92 comments (clear)

  1. Spain's unemployment is at 20% by CRCulver · · Score: 4, Informative

    When Spain has seen incredible joblessness recently, you can't blame people for being a little desparate in their jobhunting.

  2. If nobody gives them a second chance by pegasustonans · · Score: 4, Insightful

    ...Then a life of crime is all that awaits. It's easy to say you have high standards shutting potentially talented people out of your organization, but no one should be surprised if those people turn to illegitimate activities again.

    --
    And all our yesterdays have lighted fools The way to dusty death. --Will
    1. Re:If nobody gives them a second chance by jjohnson · · Score: 4, Informative

      From the article:

      When it became clear that Panda wasn't interested in hiring him, Netkairo changed his tune, Corrons said, claiming he had found vulnerabilities in the company's cloud anti-virus software and hinting that he planned to publish the information.

      This is why you don't hire criminals, ex or otherwise. Pretty much by definition, they don't have normal social controls in their heads that make them worthwhile employees.

      I can see Panda potentially using them as consultants of a sort, and very carefully maintaining an arms-length relationship with them that's clearly about paying them for specific analyses or something. But hire them as employees? It'd be like planting land mines under the office carpet.

      --
      Anyone who loves or hates any language, platform, or manufacturer, doesn't know what they're talking about.
    2. Re:If nobody gives them a second chance by causality · · Score: 4, Interesting

      This is why you don't hire criminals, ex or otherwise. Pretty much by definition, they don't have normal social controls in their heads that make them worthwhile employees.

      The difference between criminals and average people is that the criminals believed that they had a payoff combined with a low chance of getting caught and/or they believe they have nothing to lose. Otherwise, most average non-criminals don't have much of an internal morality, set of ethical principles, or enlightened self-interest that guide their actions. What they have is a fear of consequence and the sense that they have a great deal to lose by going to jail. They're not trying to be particularly good or ethical or moral, so "decent" is a good description of them. This is, of course, a puerile concern for the self and not a concern for how one's actions may adversely impact others. If you have ever noticed how inconsiderate and oblivious most folks are, who drive/walk/shop as though other people don't exist and could not possibly be inconvenienced by their carelessness, this is part of it.

      One explanation of such is Kohlberg's stages of moral development, if you feel like you need a more formal, psychology-based description to appreciate this observation. In a much more intuitive sense, it also reminds me of the quote from Aristotle: "I have gained this by philosophy; that I do without being commanded what others do only from fear of the law."

      --
      It is a miracle that curiosity survives formal education. - Einstein
    3. Re:If nobody gives them a second chance by tool462 · · Score: 4, Insightful

      The cynic in me wants to say that an honest person is someone who hasn't been caught lying yet.

  3. Re:Kevin Mitnick by MarkvW · · Score: 5, Informative

    TFA makes the point that these crooks were using purchased code. This indicates that they aren't very sophisticated. Their market value would appear to be zilch.

  4. Re:Kevin Mitnick by jjohnson · · Score: 4, Insightful

    The question, of course, is "can you trust them?" and only they can answer that.

    From the article:

    When it became clear that Panda wasn't interested in hiring him, Netkairo changed his tune, Corrons said, claiming he had found vulnerabilities in the company's cloud anti-virus software and hinting that he planned to publish the information.

    Clearly in these guy's case, you can't.

    --
    Anyone who loves or hates any language, platform, or manufacturer, doesn't know what they're talking about.
  5. This is not a black to white hat situation by LockeOnLogic · · Score: 5, Interesting

    RTFA this isn't a situtation of some reformed skilled hacker seek a job. These are a bunch of script kiddies trying to weasle their way into a job by pretending to be like Kevin Mitnick. After being turned away several times (justifiably) they then decided to threaten to expose a security vunerability they claimed to have discovered in the companies software. They are black hats through and through.