Mariposa Botmasters Sought Real Jobs After Arrest 92
An anonymous reader writes "Two of the three Spanish men arrested in February for their alleged role in operating the massive Mariposa botnet later sought jobs at the Spanish security firm that previously had helped get them arrested. From Krebsonsecurity.com: 'Corrons, a technical director and blogger for Spanish security firm Panda Security, said he received a visit from the hackers on the morning of March 22. The two men, known by the online nicknames "Netkairo" and "Ostiator," were arrested in February by Spanish police for their alleged role in running the "Mariposa" botnet, a malware distribution platform that spread malicious software to more than 12 million Internet addresses from 190 countries (mariposa is Spanish for "butterfly"). Now, here the two Mariposa curators were at Panda's headquarters in Bilbao, their resumes in hand, practically begging for a job, Corrons said.' The story concludes with a brief response from Netkairo, who acknowledges seeking the job at Panda because he is broke now that his moneymaking machine has been dismantled."
Comment removed (Score:5, Informative)
Re:Kevin Mitnick (Score:5, Informative)
TFA makes the point that these crooks were using purchased code. This indicates that they aren't very sophisticated. Their market value would appear to be zilch.
Re:If nobody gives them a second chance (Score:5, Informative)
From the article:
This is why you don't hire criminals, ex or otherwise. Pretty much by definition, they don't have normal social controls in their heads that make them worthwhile employees.
I can see Panda potentially using them as consultants of a sort, and very carefully maintaining an arms-length relationship with them that's clearly about paying them for specific analyses or something. But hire them as employees? It'd be like planting land mines under the office carpet.
Re:Kevin Mitnick (Score:4, Informative)
Mitnick used social engineering, not reverse engineering, to gain access to networks. I don't think we have enough information to know what skillz they have or do not have. Either way, I don't *blame* them for trying to get into the security biz for a job. I didn't say I would be hiring them, just said it shouldn't be shocking that they are trying to enter a field they know at least something about.
Re:Kevin Mitnick (Score:2, Informative)
I had my share of run-ins with Kevin back in the days when he was actively hacking Netcom and the Well, and while it's true that he was skilled with social engineering he should also not be portrayed as a clueless script kiddie who lacked technical skills either. In fact I think his technical experience only served to strenghten his social engineering skills.
Now it was true that UNIX was not his forte, (at least that was my observation when I watched him hack into, and subsequently kicked him out of an IRIX box at John Hopkins University back in 1996 or so), but he was quite skilled with VMS and DEC systems, having the ability to write code -- at least I'm sure he could write DCL, but very likely C and other langauges. Also, it's known that he sought technical telco manuals to Pac*Bell provisioning and switching systems (e.g., he was known to have made off with tombs of COSMOS manuals in one instance.) Towards the endgame he was also known to be reverse engineering cell phones and improving his UNIX skills.
So comparing Kevin to these people is a bit apple and orangish. My 0.02.
Re:you're making an assumption (Score:1, Informative)
How is subversive speech stepping on anyone's rights? Hell I'm trying to secure them. How is an open bottle of liquor in my TRUNK that was given to me by a friend to take home stepping on anyone's rights? Get a clue. This shit can happen to YOU. Don't be so quick to judge someone you don't know. We all have demons and any one of us could be locked up for just about anything at any time these days whether it's legit or not. Just depends on their mood. Even if it doesn't stick you're ruined.
Hell, in SC here when companies do background checks they also look up an arrest record (usually through SLED) and get to look at your misdemeanors and offenses you WEREN'T EVEN CONVICTED OF.