Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Mariposa Botmasters Sought Real Jobs After Arrest

Soulskill posted more than 4 years ago | from the unusual-recruitment-practices dept.

Botnet 92

An anonymous reader writes "Two of the three Spanish men arrested in February for their alleged role in operating the massive Mariposa botnet later sought jobs at the Spanish security firm that previously had helped get them arrested. From Krebsonsecurity.com: 'Corrons, a technical director and blogger for Spanish security firm Panda Security, said he received a visit from the hackers on the morning of March 22. The two men, known by the online nicknames "Netkairo" and "Ostiator," were arrested in February by Spanish police for their alleged role in running the "Mariposa" botnet, a malware distribution platform that spread malicious software to more than 12 million Internet addresses from 190 countries (mariposa is Spanish for "butterfly"). Now, here the two Mariposa curators were at Panda's headquarters in Bilbao, their resumes in hand, practically begging for a job, Corrons said.' The story concludes with a brief response from Netkairo, who acknowledges seeking the job at Panda because he is broke now that his moneymaking machine has been dismantled."

cancel ×

92 comments

Sorry! There are no comments related to the filter you selected.

Spain's unemployment is at 20% (4, Informative)

CRCulver (715279) | more than 4 years ago | (#32074558)

When Spain has seen incredible joblessness [bbc.co.uk] recently, you can't blame people for being a little desparate in their jobhunting.

Re:Spain's unemployment is at 20% (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32074680)

Speaking of which, who the hell keeps knocking up these 400-pound nigger hoes? They always have at least half a dozen of their future criminals I mean spawn I mean children. Who the fuck would fuck those black elephant nigger bitches? They dont even register as female when i look at them. You'd need a bag of flour to find the wet spot to stick your dick in. You cannot tell where their tits end and their gut begins. How? How does anyone even get a boner for them? How do they put up with their shitty attitudes?

oh yeah, i saw a black nigger dude. guess who his woman was? a fat ugly white chick. i was thinking wow, that's so 1990s of you.

Re:Spain's unemployment is at 20% (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32074700)

If by "jobhunting" you mean "willingly fucking up the computers of 12 million people, then expecting a pity party when they get caught," then yes.

"Cojones" (1)

wsanders (114993) | more than 4 years ago | (#32075160)

I think that's what *most* people might call it in those parts, 15+% unemployment notwithstanding.

Re:"Cojones" (1)

irreverant (1544263) | more than 4 years ago | (#32075390)

That's more of a Mexican latino thing, i think testiculos is more apropos

Re:"Cojones" (0, Offtopic)

GNUALMAFUERTE (697061) | more than 4 years ago | (#32075622)

Wrong. Testiculos is the proper word, AKA Testicles. In Spain, they say that someone "Tiene cojones" (literally has balls), as in "is very brave".

The Mexicans don't use that expression that much. Actually, Mexicans don't speak Spanish at all. They speak Mexican, which is a mixture of bad spanish, completely made up words, engrish, plus groins and other guttural sounds.

Re:"Cojones" (3, Funny)

vegiVamp (518171) | more than 4 years ago | (#32076150)

I do believe you mean "groans".

Actually, I HOPE you mean "groans".

Re:"Cojones" (1)

mjwalshe (1680392) | more than 4 years ago | (#32078462)

no its chutzpah you thinking of here

Re:"Cojones" (-1, Flamebait)

irreverant (1544263) | more than 4 years ago | (#32076432)

Well, how very bigoted and racist of you. That's like saying americans don't speak english. Or that venezuelans or colombians don't speak spanish. You are either a racist spaniard or an ignorant prick... I'll let you decide.

Re:"Cojones" (1, Funny)

Anonymous Coward | more than 4 years ago | (#32076584)

He's not a racist bigot, he's a Spaniard.

Re:"Cojones" (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32076640)

I'm not even going to begin to address the evolution of language and divergence of modern dialects of english, however to deny that such changes have occurred is misguided. While the colonial use of english in north america may remain mutually intelligible with that of britain and english speaking europeans, this is largely due to the influence of modern television. Maintaining that it is still the same spoken, let alone written language is simply ridiculous. You are unlikely to agree with this, however there it is.

Re:"Cojones" (1)

JWSmythe (446288) | more than 4 years ago | (#32077272)

      Actually, he's mostly correct. The dialect they speak is Español mexicano. I've known Cubans (immigrants or 1st generation American) who have a very hard time understanding Mexican Spanish, and vice versa.

    Americans don't speak British English, they speak American English. Australians speak Australian English. Within each of those are other dialects. For a lot of people, if they grew up in an area that had a distinct dialect with few others having other dialects, they can sometimes have a hard time understanding some (or much) of what someone else says in another dialect of the same language.

    I grew up in an area where several dialects of English were spoken due to migration, and I watched a good bit of BBC on PBS since that was one of the few stations we could receive on our broadcast TV. Depending on where I am, my accent will drift from a very plain "midwestern" accent, to a "deep southern" accent, or one of the "northeastern" accents.

    I knew someone who grew up in the Southeast US, and she had a very distinct "deep southern" accent. I spoke with her on the phone while she was in the Northeast, and I thought I had a wrong number, because her southern accent was completely gone, and she had the appropriate accent for where she was now living.

    With current (within the last 100 years) trends for people to move between areas frequently may result in a more standardized "English" language, but that will probably take a long time. I know if you want a "Coca Cola" in different areas, you still have to change what you're asking for between "Coke", "Soda", and "Pop". I tried to order a "rum and coke" in Europe. The waiter gave me a dumb look, because he had no clue what I was asking for. One of the people I was with already knew the variation for the locale, and said "He'd like a Bacardi and cola".

Re:"Cojones" (0)

Anonymous Coward | more than 4 years ago | (#32077784)

Rum and Coke should never be served with a clear rum or a cola besides Coca-cola.

Re:"Cojones" (1)

JWSmythe (446288) | more than 4 years ago | (#32078748)

    You're just getting into semantics and finer tastes. :)

    By definition, it's suppose to be 2/3 highball glass of ice, 3 parts coke, 1 part white rum. It will be slightly lighter than normal coke.

    If I'm mixing it at home, my mix is usually a pint glass, 3 ice cubes, 2/3 rum, top with coke. It should be a very light tan in color. That gives me a nice drink that I can work on for about an hour so I have time to socialize with guests.

    A typical bar mix is a short tumbler, 3/4 ice, one shot rum, fill with coke. It will be darker than the proper mix.

    I've become very fond of Captain Morgan's Spiced Rum and Dr. Pepper. I know that most bars only have Coke/Pepsi, Sprite/7up, and water on their gun, depending on how loud the establishment is and my mood, I may specify Captain Morgan and Dr Pepper. If the bartender is limited to reading lips because it's so loud, I'll order "rum and coke", and will usually receive Bacardi and Coke/Pepsi. If it's not loud and they're not busy, I'll be very specific about my drink list. "shot of Jack, and a double captain and coke in a short glass". I have a very high alcohol tolerance, so if I have any expectation of feeling anything, I drink. If I drink at the same rate as those that are with me (with a few exceptions), I won't even feel it and they'll be sloppy drunk.

Re:"Cojones" (1)

Bartab (233395) | more than 4 years ago | (#32081250)

Coke or Soda both work, but if you want to drink your 'Pop', I don't want to hear about it and if you insist on doing it in public I hope you get arrested for incest.

Having grown up in Oregon, theoretically I should accept and embrace drinking "Pop", but it will never happen.

Not everything is regional.

Re:"Cojones" (1)

JWSmythe (446288) | more than 4 years ago | (#32090424)

    Just because you don't follow the local slang doesn't mean it doesn't exist. :) Growing up in the south, I've avoided the "y'all", and most of the southern drawl, but I've heard it enough that it's easy to slip into. At very least, I understand every word people say. If you've ever watched "King of the Hill", I actually understand what "Boomhauer" says. Well, what he's saying. The random noises between his words is actually how some people speak.

    From what I've seen, "pop" is a northern thing, kind of across states that border Canada. I can't say I've heard people who originated in other areas use it. I had a quick look a the wikipedia page [wikipedia.org] on it, and they list "tonic", which I can't say I've heard anyone use.

Re:"Cojones" (1)

GNUALMAFUERTE (697061) | more than 4 years ago | (#32078620)

I am not Spanish, I was born, raised and am living in Argentina.

I am not ignorant. I speak several languages, Spanish is my native tongue, and I can express myself perfectly in Spanish.

I am not racist. Discriminating and recognizing the particularities of a certain country are different things. Mexicans tend to be loud, poorly educated, highly religious, and not very subtle. You can spot them from a mile away.

In South America, there are very well spoken languages. Peru certainly has the most beautiful and correct Spanish in all of South America, and it's even nicer to hear them talk than it is to hear Spaniards. Uruguay and Argentina have a nice spanish too. Yes, we are full of slang, but that's how we speak in the streets. Some of the best writers of the Spanish language were from Argentina (Borges, Cortazar, Arlt, Bioy Casares, and others).

The thing is that North Americans usually don't differentiate the Spanish speakers from one country from the other.

A few weeks ago, on Lost's episode "Ab Aeterno", there was a MAJOR glitch. The first half of the episode was supposed to take place in the 19th century Spain (Tenerife, Islas Canarias). The settings weren't that bad, except for the fact that everyone spoke with a different south american accent. Any decent spanish-speaking actor can speak with an accent from virtually any spanish speaking place. For example, Argentina-Spain co-productions are common, and usually you have Argentinian actors speaking with Spanish accent, or the other way around. Also, the language wasn't proper for the time.

Just imagine that the episode was supposed to happen in the 18th Century London, and that Richard was supposed to be a poor guy from Yorkshire. Now, imagine him speaking with a heavy southern accent (US), and also speaking in a modern way (e.g: "Hey, are you the devil or what? This island is fucking crazy!"). That's how that episode was for anyone that speaks Spanish.

Anyway, I talked about this with several friends that are from the US, and none of them noticed anything strange in the episode.

What I'm trying to say is that you might not notice it certain subtleties, but we do. That doesn't make us racist. You do the same for the differences you can actually spot.

Re:"Cojones" (1)

irreverant (1544263) | more than 4 years ago | (#32078848)

Thank you for the well-formed and educated opinion. However, I took it at as flame-bait when you said Mexicans do not speak Spanish, where later another responder made the distinction that their certainly are dialects. I don't want to make this thread run off-topic any longer; however, here is my rebuttal. I am of Mexican descent and can attest to the fact that yes, their are certainly Mexicans that fit your criteria, but, as I have traveled, I have met my share of Argentinians that also meet your criteria. They reside in small towns - pueblos if you will, who are uneducated and are ignorant as well. The same can be said and were said of the Appalachian Americans. However, this does not mean that all Americans, Argentinians or Mexicans

tend to be loud, poorly educated, highly religious, and not very subtle. You can spot them from a mile away.

. We speak proper Spanish, although we don't use terms like Vosotros we use Nosotros, we are an educated and well mannered family. I know many Mexicans that do not share the characteristics you describe. It's sad that you think of Mexicans in that way. Sure, we don't speak Castilian spanish, but were not ignorant people.

Re:"Cojones" (0)

Anonymous Coward | more than 4 years ago | (#32079662)

I agree 100% with you. Maybe I didn't express myself correctly, let's try that again.

First, Yes, Sadly, there is a big chunk of Argentinian population that can barely speak spanish, and they can only think of Futbol, Cumbia and cheap wine.

That is true for most countries, actually. There are only very few exceptions where the opposite is true.

I have done business with Mexico several times. Last time, I sold one of the systems that my company develops (DVR/NVR systems) to ... let's just say it's one of the major Casinos in Mexico. Yes, that one. And you can notice the difference between the guys in IT, and the guys at security. Well educated, intelligent people are the same everywhere. Idiots are the same everywhere too. Lower class, honest, working people with poor education is different in different places, and you can see their roots and their history in the way they speak. One thing that strikes me about Mexico (That says a lot about the terrible history of exploitation from both the US and Spain that Mexico has), is the use of the expression "Mande" (order me) and how submissive they are. The uneducated masses of simple, honest people in Mexico has been so badly treated by history, that they have forgotten that they were once the kings of that land. That they were the most advanced civilization in all of America. Mexico really, really needs another Benito Juarez.

Anyway, in my original comment I was talking about most "Mexicans for export", that like most Argentinians, Peruvians, or any other nationality "For export", exports la creme de la creme. The alphas. Just like Spain sent the worst of their jails and streets to South America, we are now exporting our worst too. And that is sadly the kind of people you can find in places like Florida. Not all, off course, but most. So, I was talking about those 'vende patrias', that have forgotten what they are, and they speak a horrible mixture of the worst slang from all places of America.

Re:"Cojones" (1)

GNUALMAFUERTE (697061) | more than 4 years ago | (#32079742)

Ah crap! I must have hit the post anonymously box by mistake. That was me. ;)

Oh, and we don't use "vosotros" either, we use
"Ustedes".

Actually, we don't use "Tu" as the second person singular pronoun like you do, we use "Vos".

While a Mexican would say:

Tu eres Latinoamericano.

We would say:

Vos sos Latinoamericano.

Or "Che, boludo, vos sos re sudaca" :P

Everybody on this thread is a BEANER. (0)

Anonymous Coward | more than 4 years ago | (#32093436)

Mmmmmm beans.

Re:Spain's unemployment is at 20% (1)

elrous0 (869638) | more than 4 years ago | (#32075726)

I picture a bank-robber walking into the bank he robbed and asking for a job as a guard by saying "Hey, who knows more about robbing this bank than me, right?"

Re:Spain's unemployment is at 20% (0)

Anonymous Coward | more than 4 years ago | (#32077112)

This may be a silly sounding statement at first, but in fact, has basis in history. You are in fact correct. Security firms would absolutely love to have some of the well qualified 'black-hats' come work for them as these people are usually are far more experienced in the actual field of breaking security measures - practical experience, not theoretical knowlege. For instance, there was this guy:

http://www.wired.com/magazine/2010/03/ff_masterthief_blanchard/

And before you get any ideas, I've already got dibs on the screen-play!

"The views expressed here are mine and do not reflect the official opinion of my employer or the organization through which the Internet was accessed."

Think bigger (0)

Anonymous Coward | more than 4 years ago | (#32074578)

I see a future in politics for these guys.

Kevin Mitnick (3, Insightful)

Pharmboy (216950) | more than 4 years ago | (#32074632)

What about Kevin Mitnick? He is making a living by switching his hat from black to white, and no one had a problem with that. It would seem that Panda might do better having a few people who know how to make malware so successfully. The question, of course, is "can you trust them?" and only they can answer that.

What did you expect the guys to do for jobs, flip burgers? Become stock brokers? Of course they would pursue careers in security. It seems they must know a fair amount about it to get away with so much, for so long. They certainly know more than someone coming straight from a CS degree.

Re:Kevin Mitnick (0)

Anonymous Coward | more than 4 years ago | (#32074712)

The question, of course, is "can you trust them?" and only they can answer that.

I certainly wouldn't.

Re:Kevin Mitnick (5, Informative)

MarkvW (1037596) | more than 4 years ago | (#32074760)

TFA makes the point that these crooks were using purchased code. This indicates that they aren't very sophisticated. Their market value would appear to be zilch.

Re:Kevin Mitnick (3, Informative)

Pharmboy (216950) | more than 4 years ago | (#32074820)

Mitnick used social engineering, not reverse engineering, to gain access to networks. I don't think we have enough information to know what skillz they have or do not have. Either way, I don't *blame* them for trying to get into the security biz for a job. I didn't say I would be hiring them, just said it shouldn't be shocking that they are trying to enter a field they know at least something about.

Re:Kevin Mitnick (2, Informative)

Anonymous Coward | more than 4 years ago | (#32075738)

I had my share of run-ins with Kevin back in the days when he was actively hacking Netcom and the Well, and while it's true that he was skilled with social engineering he should also not be portrayed as a clueless script kiddie who lacked technical skills either. In fact I think his technical experience only served to strenghten his social engineering skills.

Now it was true that UNIX was not his forte, (at least that was my observation when I watched him hack into, and subsequently kicked him out of an IRIX box at John Hopkins University back in 1996 or so), but he was quite skilled with VMS and DEC systems, having the ability to write code -- at least I'm sure he could write DCL, but very likely C and other langauges. Also, it's known that he sought technical telco manuals to Pac*Bell provisioning and switching systems (e.g., he was known to have made off with tombs of COSMOS manuals in one instance.) Towards the endgame he was also known to be reverse engineering cell phones and improving his UNIX skills.

So comparing Kevin to these people is a bit apple and orangish. My 0.02.

Re:Kevin Mitnick (0)

Anonymous Coward | more than 4 years ago | (#32077168)

"I don't think we have enough information to know what skillz they have or do not have."

But I think we can be confident that they don't have much in the way of interview/job application skills.

Re:Kevin Mitnick (1)

CyprusBlue113 (1294000) | more than 4 years ago | (#32074854)

Pretty much, its one thing to make a spam bot that doesn't directly harm the user, its another to use some hack package with a gui to sell services to the highest bidder and get caught at it and traced. I wouldn't hire them based on their displayed level of ability, security concerns aside. That being said, the internet is not the wild west of 10 years ago, black hats now days aren't inventive college students lacking malice, but profiteers more akin to pirates, and I mean the real kind, not software sharers.

Re:Kevin Mitnick (1)

tokul (682258) | more than 4 years ago | (#32074810)

What about Kevin Mitnick

Mitnick founded own firm. He didn't go to work with Tsutomu Shimomura.

Re:Kevin Mitnick (0)

Anonymous Coward | more than 4 years ago | (#32075876)

What about Kevin Mitnick

Mitnick founded own firm. He didn't go to work with Tsutomu Shimomura.

Probably because he didn't trust Tsutomu. Shimomura was a total scumbag who did his own share of hacking in those days. His pursuit of Mitnick, albeit warranted, was purely for revenge and not so much in the public interest.

Re:Kevin Mitnick (0)

Anonymous Coward | more than 4 years ago | (#32078096)

Probably because he didn't trust Tsutomu. Shimomura was a total scumbag who did his own share of hacking in those days. His pursuit of Mitnick, albeit warranted, was purely for revenge and not so much in the public interest.

I honestly hate it when people say, "citation needed", but I can't find anything to confirm your claim. He was interested in security and even worked with the NSA, but I see nothing about him breaking any laws. If he broke as many laws as Mitnick and caused as much hassle as he did, it should have been pretty easy for me to verify that.

Re:Kevin Mitnick (2, Insightful)

Monkeedude1212 (1560403) | more than 4 years ago | (#32074834)

I don't think I'd trust these guys in a security firm more than I'd trust a pickpocket with my wallet.

There are white hats and black hats. But also, there are grey hats, ones who will write malware and then turn around for a pretty penny to build security for it. Let's just say, I wouldn't give someone that opportunity, especially with their history.

Re:Kevin Mitnick (4, Insightful)

jjohnson (62583) | more than 4 years ago | (#32074836)

The question, of course, is "can you trust them?" and only they can answer that.

From the article:

When it became clear that Panda wasn't interested in hiring him, Netkairo changed his tune, Corrons said, claiming he had found vulnerabilities in the company's cloud anti-virus software and hinting that he planned to publish the information.

Clearly in these guy's case, you can't.

Re:Kevin Mitnick (1)

Hurricane78 (562437) | more than 4 years ago | (#32075514)

Considering how much of a speed and memory hog Panda’s all-and-everything suit is, I’d say, they already know very well, how to create malware. ;)

Re:Kevin Mitnick (0)

Anonymous Coward | more than 4 years ago | (#32075698)

What about Kevin Mitnick? He is making a living by switching his hat from black to white, and no one had a problem with that.

On the other hand, Mitnick didn't try and pull the switch a mere 60 days after being arrested.

Re:Kevin Mitnick (1)

bl8n8r (649187) | more than 4 years ago | (#32076408)

Mitnick opened his own firm and tried to build trust through his own company's reputation. It's quite another to ask a company to stake their reputation on you when they really don't know how much trust they can invest in you. Especially in the security field, trust and reputation are paramount. Without either, you might was well be a bot herder. It's risky enough hiring employees in the security field without going against gut instinct and hiring someone with a previous history like this. These guys are kinda screwed.. kinda like the people they pwned. Best thing they could do, imo, is open their own security research firm. Prove to the world they can wear a white hat for a while.

stupidity and dishonesty trumps knowledge (1)

elnyka (803306) | more than 4 years ago | (#32080198)

What about Kevin Mitnick? He is making a living by switching his hat from black to white, and no one had a problem with that. It would seem that Panda might do better having a few people who know how to make malware so successfully. The question, of course, is "can you trust them?" and only they can answer that.

What did you expect the guys to do for jobs, flip burgers? Become stock brokers? Of course they would pursue careers in security. It seems they must know a fair amount about it to get away with so much, for so long. They certainly know more than someone coming straight from a CS degree.

Fuck that. I wouldn't hire these people even if they paid me. Knowledge is not equal to intelligence, common sense, and above all, ethics that you can bet your reputation and business on as this following quote from TFA reveals:

Corrons said he met with with Netkairo again at Panda’s offices, but said he repeated his previous statement that the company could not hire someone who had been accused of running a botnet.

“So he says to me, ‘But we still haven’t been charged,’ Corrons recalled. “I told him, ‘It doesn’t matterjust the fact that you are involved is a problem when it comes to working for any serious security company.’ And what he then came out with says a lot about him. He said, “Yeah, but nobody else knows that.”

When it became clear that Panda wasn’t interested in hiring him, Netkairo changed his tune, Corrons said, claiming he had found vulnerabilities in the company’s cloud anti-virus software and hinting that he planned to publish the information.

Desperately stupid geek playing racketeering because he can't find a decent job, even if it is for flipping burguers? Nerd-meet-Tony-Soprano? Only a moron would hire that type of person knowing a priori the type of person he is.

Re:stupidity and dishonesty trumps knowledge (1)

elnyka (803306) | more than 4 years ago | (#32080210)

And to boot:

Corrons said both Netkairo and Ostiator told him that while they did indeed maintain the Mariposa botnet, they did not develop the botnet code and had relatively few technical skills.

Knowledge my ass.

If nobody gives them a second chance (4, Insightful)

pegasustonans (589396) | more than 4 years ago | (#32074662)

...Then a life of crime is all that awaits. It's easy to say you have high standards shutting potentially talented people out of your organization, but no one should be surprised if those people turn to illegitimate activities again.

Re:If nobody gives them a second chance (4, Informative)

jjohnson (62583) | more than 4 years ago | (#32074768)

From the article:

When it became clear that Panda wasn't interested in hiring him, Netkairo changed his tune, Corrons said, claiming he had found vulnerabilities in the company's cloud anti-virus software and hinting that he planned to publish the information.

This is why you don't hire criminals, ex or otherwise. Pretty much by definition, they don't have normal social controls in their heads that make them worthwhile employees.

I can see Panda potentially using them as consultants of a sort, and very carefully maintaining an arms-length relationship with them that's clearly about paying them for specific analyses or something. But hire them as employees? It'd be like planting land mines under the office carpet.

Re:If nobody gives them a second chance (0)

value_added (719364) | more than 4 years ago | (#32074916)

This is why you don't hire criminals, ex or otherwise. Pretty much by definition, they don't have normal social controls in their heads that make them worthwhile employees.

So your argument is "Those People aren't like the rest of us"? LOL.

Re:If nobody gives them a second chance (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32075012)

There's plenty of groups in society that point to other groups and say "Those people aren't like the rest of us".

Re:If nobody gives them a second chance (1)

BarefootClown (267581) | more than 4 years ago | (#32076742)

So your argument is "Those People aren't like the rest of us"? LOL.

Close. It's "these people have affirmatively chosen to separate themselves from the rest of us." The difference is subtle, but critical.

Re:If nobody gives them a second chance (1)

jjohnson (62583) | more than 4 years ago | (#32078754)

Any rebuttal that ends with "LOL" is sure to be devastating.

"Those people" is a functional definition, not an intrinsic one like race or sexual orientation, so I'm perfectly comfortable saying "those people". They're self-selecting by acting criminal. They break laws. Someone who's broken laws in the past is not, in general, trustworthy of not breaking the same laws again. As someone observed above, part of the consequences of breaking a law is that you need to regain that trust with a long period of demonstrating that you've reformed. Sucks to be you, but you shouldn't have broken the laws in the first place.

[To forestall another respondent's point: I'm talking about laws that you deliberately break for criminal gain, not negligent vehicular homicide--also I'd like avoid crossing the street in front of that person]

I wouldn't even do that. (1)

khasim (1285) | more than 4 years ago | (#32074924)

I can see Panda potentially using them as consultants of a sort, and very carefully maintaining an arms-length relationship with them that's clearly about paying them for specific analyses or something.

Ummm, I'd be wary of doing that.

It'd be like planting land mines under the office carpet.

And that is exactly why. You'd NEVER be able to trust anything from those fools. So any task you'd assign them, you'd have to assign someone SMARTER than them to check it.

Why waste time and money?

Re:I wouldn't even do that. (1)

Timothy Brownawell (627747) | more than 4 years ago | (#32075306)

You'd NEVER be able to trust anything from those fools. So any task you'd assign them, you'd have to assign someone SMARTER than them to check it.

There are some problems where finding a solution is difficult, while checking that solution is easy. A lot of these are funny math problems you'd have a computer solve, but maybe there are some useful similar problems that are sufficiently poorly defined to require a human (or strong AI, which we don't currently have). I suppose "either write a machine-checkable proof that this code is secure, or demonstrate that it isn't" might be such a problem, assuming anyone wanted to pay for that amount of verification.

Re:I wouldn't even do that. (1)

jjohnson (62583) | more than 4 years ago | (#32078672)

It's a fair point. I was thinking of things like paying them when they produce verifiable use cases of security holes--something where the work product is a reproducible vulnerability (and thus easily checked), or a theoretical approach to a security problem. In other words, something where the work stands on its own as a valuable thing. You wouldn't trust such consultants with auditing or verifying something themselves.

Re:If nobody gives them a second chance (4, Interesting)

causality (777677) | more than 4 years ago | (#32075072)

This is why you don't hire criminals, ex or otherwise. Pretty much by definition, they don't have normal social controls in their heads that make them worthwhile employees.

The difference between criminals and average people is that the criminals believed that they had a payoff combined with a low chance of getting caught and/or they believe they have nothing to lose. Otherwise, most average non-criminals don't have much of an internal morality, set of ethical principles, or enlightened self-interest that guide their actions. What they have is a fear of consequence and the sense that they have a great deal to lose by going to jail. They're not trying to be particularly good or ethical or moral, so "decent" is a good description of them. This is, of course, a puerile concern for the self and not a concern for how one's actions may adversely impact others. If you have ever noticed how inconsiderate and oblivious most folks are, who drive/walk/shop as though other people don't exist and could not possibly be inconvenienced by their carelessness, this is part of it.

One explanation of such is Kohlberg's stages of moral development [wikipedia.org] , if you feel like you need a more formal, psychology-based description to appreciate this observation. In a much more intuitive sense, it also reminds me of the quote from Aristotle: "I have gained this by philosophy; that I do without being commanded what others do only from fear of the law."

Re:If nobody gives them a second chance (0)

Anonymous Coward | more than 4 years ago | (#32075146)

Yet the CEO of enron is still employable...

Re:If nobody gives them a second chance (1)

jjohnson (62583) | more than 4 years ago | (#32078896)

The CEO of Enron is dead.

Re:If nobody gives them a second chance (2, Insightful)

Lumpy (12016) | more than 4 years ago | (#32075194)

There's a large number of people that have felonies for killing someone with their car that you exclude because they,"don't have normal social controls in their heads that make them worthwhile employees"

these people got nabbed doing what you do every day, you are just lucky you haven't killed someone yet. I'm betting you speed, talk on the cellphone, or have had your attention taken away from driving regularly.

So roll yourself into that nice big generic pool you have there.

There are some people that by bad luck or really stupid risks (talking on cellphone while driving) have gotten the short end of the stick. Making an informed decision on a case by case basis is probably a better move than your blanket dismissal.

Re:If nobody gives them a second chance (1)

jjohnson (62583) | more than 4 years ago | (#32078630)

How typical of /.: A comment made in a specific context is uselessly generalized and found to be a useless generalization.

However, I'll cop to not specifically saying "criminals whose crime was deliberate and relevant to the employment opportunity under discussion."

Re:If nobody gives them a second chance (1)

iamhassi (659463) | more than 4 years ago | (#32075408)

So if you don't hire criminals, what do you think should be done with them?

Re:If nobody gives them a second chance (2, Interesting)

elrous0 (869638) | more than 4 years ago | (#32075840)

There are always jobs available for ex-cons in carnival operations and commercial fishing.

Seriously, there are some ex-cons who turn their lives around and do deserve a second chance. For them, they face the tough road of taking crap work for several years until they can put some distance between themselves and their crime, and show that they've truly went straight (can take as long as ten years or more for many employers to recognize that you're clearly not a criminal anymore).

But it's been my experience that most criminals *remain* criminals (especially the serious ones), in or out of prison. Their brief periods of freedom are just interludes before the cops catch them for some new theft/robbery/drug deal/gang hit/etc. and send them right back in.

Re:If nobody gives them a second chance (1)

jjohnson (62583) | more than 4 years ago | (#32079240)

I wouldn't hire a criminal to do legitimately what he did unlawfully, except with very stringent controls in place. I might hire the Spanish hackers in question for their expertise, but it would be a zero trust relationship--say, paid for each reproducible and unknown vulnerability they found and documented.

They can always find jobs in other fields where their lawbreaking isn't at the heart of their job.

Re:If nobody gives them a second chance (5, Interesting)

crow_t_robot (528562) | more than 4 years ago | (#32074814)

EXACTLY. This is exactly how Carl Gugasian began his 30-year career of bank robbery [ http://en.wikipedia.org/wiki/Carl_Gugasian [wikipedia.org] ] He was told that he would never get a legitimate job because of a juvenile robbery offense so he went on to become, arguably, the world's greatest bank robber for 30 years. He ended up being caught due to a total fluke.

Someone has to cook the french fries. (1, Insightful)

maillemaker (924053) | more than 4 years ago | (#32074884)

>...Then a life of crime is all that awaits.

That may be, but sometimes there just are no second chances, and it's a shame more people don't consider the consequences of their actions before they act.

But they don't have to turn to a life of crime. Someone has to cook the french fries, after all.

Re:Someone has to cook the french fries. (2, Insightful)

Anonymous Coward | more than 4 years ago | (#32077102)

Let's see you survive on that salary.

A large number of people (myself included) have commited crimes out of desperation to survive when no other options were available due to circumstances outside of their control. Hell, the average American commits at LEAST 1 felony a day. That's enough to take your vote and arms away for LIFE.

Prison is an industry in America. Prisons are private corporations that will happily grease the palms of a judge to send more people to their prison. This has been demonstrated and publicized. Juries are TOLD with great rigidity how to interpret the law (basically telling them "you will vote guilty"). We put more people away than CHINA. A country KNOWN for human rights abuses. Granted, they have more capital offenses than we do and may execute more but over here, how can the prison charge the state $20/hr for the slave labor on the highways (with people throwing shit at them at 80mph) if the prisoner gets executed?

The oppressive fictional horror stories are real folks. There's just no barbed wire, the world's not in black and white with constant stormy skies or general widespread misery (yet at least). They've painted a pretty face on everything, they're all so cordial. Like Barack Obama, he just came across as such a nice guy. He is NOT your friend. And if you step out of line and try to take any action you're nothing more than a terrorist child molester. Get a few voices together and you have either a "terrorist/radical organization" or a "subversive movement". They have all but created a civilian equivalent of the Stasi by just creating an irrational overabundance of fear about what ever it is we're supposed to hate today. Drugs.... Terrorism.... Muslims.... The Constitution....

Hell, just by writing this I have most likely commited a felony in my state due to a lot of people talking about revolution on Slashdot and me participating in the discussion without registering as a subversive with the state. That's up to 10 years in SC. Theoretically, Slashdot should register in SC according to the law and if someone went insane at the state house here they could find a way to come after them or make them not respond to requests from SC ISP's.

Not all criminals are scumbags, a lot are but there's also a lot who are just unfortunate.

Re:Someone has to cook the french fries. (2, Insightful)

interkin3tic (1469267) | more than 4 years ago | (#32077854)

Someone has to cook the french fries, after all.

In this case, given that tried to blackmail them after not being hired, yes. In general though, I'd say past criminal record is a terrible method of deciding who cooks the fries and who gets to move ahead. Some crimes anyway. Some corporate fraud, sure, force them to live under a bridge.

you're making an assumption (1, Insightful)

circletimessquare (444983) | more than 4 years ago | (#32074886)

that only economic pressure leads one to crime. yes, economic pressure does lead some to a life of crime. but there are other motivations, such as: simple lack of ethics and/ or morals

therefore its difficult to employ these men because they have proven they have no problems trangressing against other people's rights. once you have proven that you are willing to do that, anyone in their right mind would hesitate to hire you for anything. for to let such a person into your organization is to basically invite yourself to be defiled

Re:you're making an assumption (1, Informative)

Anonymous Coward | more than 4 years ago | (#32079568)

How is subversive speech stepping on anyone's rights? Hell I'm trying to secure them. How is an open bottle of liquor in my TRUNK that was given to me by a friend to take home stepping on anyone's rights? Get a clue. This shit can happen to YOU. Don't be so quick to judge someone you don't know. We all have demons and any one of us could be locked up for just about anything at any time these days whether it's legit or not. Just depends on their mood. Even if it doesn't stick you're ruined.

Hell, in SC here when companies do background checks they also look up an arrest record (usually through SLED) and get to look at your misdemeanors and offenses you WEREN'T EVEN CONVICTED OF.

That's fine (3, Insightful)

Sycraft-fu (314770) | more than 4 years ago | (#32074894)

But there's a big difference between giving someone a second chance and giving them whatever job they want. These guys have already proven that they have some severe ethical problems. That can limit the roles in which a company is willing to let them work. As an example: Would you be ok with these guys working on the database that contains your credit card number, or bank account details? If not then perhaps you can understand why a company wouldn't want them in certain roles.

So while I'm not saying "Screw them, they should have to beg for food for life," I think they need to accept that they aren't going to be able to be computer security professionals, at least not for some time. Perhaps they need to look at careers away from computers entirely. However if they are staying in the computer field, they are probably going to have to look at jobs that don't involve access to much, maybe helpdesk type positions. Kinds sucks but that's life.

Trust isn't the kind of thing that you can just get back once you've destroyed it. It takes time to rebuild. They are going to need to spend time working honestly to show that indeed they have learned their lesson and can act in an ethical manner. They can't expect to get a job with access to potentially sensitive data straight off, even if their technical skills are top notch (and I question if that's the case).

Re:If nobody gives them a second chance (0)

Anonymous Coward | more than 4 years ago | (#32074934)

You first.

Re:If nobody gives them a second chance (3, Interesting)

timholman (71886) | more than 4 years ago | (#32074962)

...Then a life of crime is all that awaits. It's easy to say you have high standards shutting potentially talented people out of your organization, but no one should be surprised if those people turn to illegitimate activities again.

"Potentially talented"? One of the most common memes I keep hearing is that malware writers are programming geniuses who need only a guiding hand to become productive members of society.

I've met or worked with a lot of very sharp programmers over the years. All of them made a good salary from their skills. A few of them have made a significant amount of money. Any one of them would be capable of creating his own botnet without difficulty. Furthermore, many of them are sharp enough to pull off some impressive social engineering to gain access to systems, a la Kevin Mitnick.

But none of them did that, because they had the ethics to understand that subverting millions of other peoples' computers for your own financial gain is wrong. Not just illegal, but wrong.

If these botnet writers are so brilliant, where are the useful programs they have written? That's right, they don't exist. These guys are more likely marginally talented shmucks who have demonstrated an ability that hundreds of thousands of more talented programmers could easily replicate. All they lacked were the morals to do the right thing.

If these guys are actually good programmers who want to be productive members of society, let them prove it writing and marketing useful software on their own, instead of malware. But let them on my systems, or deal with my customers? Not in a million years. I can hire honest programmers for that.

Re:If nobody gives them a second chance (4, Insightful)

tool462 (677306) | more than 4 years ago | (#32076220)

The cynic in me wants to say that an honest person is someone who hasn't been caught lying yet.

Re:If nobody gives them a second chance (1)

rainer_d (115765) | more than 4 years ago | (#32076758)

...Then a life of crime is all that awaits. It's easy to say you have high standards shutting potentially talented people out of your organization, but no one should be surprised if those people turn to illegitimate activities again.

"Potentially talented"? One of the most common memes I keep hearing is that malware writers are programming geniuses who need only a guiding hand to become productive members of society.

I've met or worked with a lot of very sharp programmers over the years. All of them made a good salary from their skills. A few of them have made a significant amount of money. Any one of them would be capable of creating his own botnet without difficulty. Furthermore, many of them are sharp enough to pull off some impressive social engineering to gain access to systems, a la Kevin Mitnick.

But none of them did that, because they had the ethics to understand that subverting millions of other peoples' computers for your own financial gain is wrong. Not just illegal, but wrong.

Maybe those were just smart enough to know that they will be caught eventually?
The problem with these two guys is obviously that they had no plan B for when and after they were being caught.
If you have no plan B, you are essentially gambling - with your own future in this case. That's not very smart.

Re:If nobody gives them a second chance (2, Insightful)

timholman (71886) | more than 4 years ago | (#32078554)

Maybe those were just smart enough to know that they will be caught eventually?

Frankly, I think you (and several others) are being overly cynical.

I've worked with a lot of engineering professionals in my career. What I have found is that the overwhelming majority of engineers have a strong moral / ethical compass. Most of them try to do the right thing, and do a good job. And in general, the higher the level of engineering competence, the stronger the moral compass.

Most engineers are not closet sociopaths. In fact, most of the truly intelligent people I've known, regardless of their political or religious leanings, understand that the world works best when people don't walk around looking for opportunities to screw the other guy. Compared to your average attorney, politician, or businessman, engineers tend to be saints by comparison.

Re:If nobody gives them a second chance (0)

Anonymous Coward | more than 4 years ago | (#32082058)

Having read the comments in this section of the thread I have to say I agree with both premises: Namely that the majority of engineers - like, probably, the majority of other people - have a properly-developed sense of ethics, morals and scruples. And that those who misbehave are usually too clueless to understand that they aren't the genius master of crime that they imagine themselves to be. You know, that whole "You can't teach a duck algebra" kind of thing.

Anybody in any field which routinely deals with criminals and their associates will tell you the same thing: "Criminals are stupid". Occasionally you'll encounter a criminal or criminals who are marginally less stupid than most other criminals, but they are still less intelligent than non-criminals. And like all stupid people, they are too stupid to comprehend just how stupid they really are, which causes them to believe they aren't stupid at all, and in fact are smarter than everybody else, which is one of the reasons they are almost always busted eventually.

So forget about 'Ocean's Eleven' and all the other smart caper flicks, because the characters portrayed in them are entirely fanciful and non-existent in every way. Dishonest people do the stupid things intelligent people simply aren't stupid (or sleazy) enough to do, but have convinced themselves they are clever and daring for doing them.

Re:If nobody gives them a second chance (1)

Scrameustache (459504) | more than 4 years ago | (#32075136)

...Then a life of crime is all that awaits.

I'm sure there's ditches that need digging in Spain. These guys can pick up a shovel and go earn an honest living.

Re:If nobody gives them a second chance (0)

Anonymous Coward | more than 4 years ago | (#32080784)

Yes like immediately after the interview.

In the article they said shortly after they were not hired they released the information fairly quickly.

I'm pretty sure they made the right call with these guys.

Frankly (1)

NEDHead (1651195) | more than 4 years ago | (#32074716)

Had they invested carefully while things were going well they would not need to be job hunting...

This is not a black to white hat situation (5, Interesting)

LockeOnLogic (723968) | more than 4 years ago | (#32074876)

RTFA this isn't a situtation of some reformed skilled hacker seek a job. These are a bunch of script kiddies trying to weasle their way into a job by pretending to be like Kevin Mitnick. After being turned away several times (justifiably) they then decided to threaten to expose a security vunerability they claimed to have discovered in the companies software. They are black hats through and through.

Re:This is not a black to white hat situation (2, Funny)

SnarfQuest (469614) | more than 4 years ago | (#32074948)

It would be like a jewlrey store hiring a known Kleptomaniac. If you cannot trust an employee, why hire them.

They'd like to be black hats. (1)

khasim (1285) | more than 4 years ago | (#32074952)

But right now they're just script-kiddies.

If they HAD discovered an exploit ... why didn't they reveal that when they went for the job in the first place? Do you want employees who conceal vulnerabilities?

If they have NOT discovered an exploit ... then they're just trying to use fear to get a paycheck. Not the kind of employees you'd want.

The real Jobs in in Cupertino. (0)

Anonymous Coward | more than 4 years ago | (#32074938)

They were barking up the wrong tree.

Re:The real Jobs in in Cupertino. (1)

Frosty Piss (770223) | more than 4 years ago | (#32075052)

The real Jobs in in Cupertino.

No, no.. In Cupertino, it's black turtlenecks .

How do you know? (0)

Anonymous Coward | more than 4 years ago | (#32075098)

What is Fake Steve Jobs, chopped liver?

Is Bill Gates Considered (0)

Anonymous Coward | more than 4 years ago | (#32075114)

a botmaster?

Yours In Astrakhan,
K. Trout

Bill Gates is a pimp, hack, war criminal, & th (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32081268)

He wasn't nearly as distinguished and attractive as the people he hires, he punnishes bitches under him in much more harmful ways than what his master-pimp SEC had ever done, he supports every legislative enactment that greatens the capital isolation between his bitches (no different than Eric S. Raymond), and any not under his control he kills under the guise of humanitarian aid.

Consider his work killing people with experimental AIDS vaccines in Africa: he has his hand in the War Criminal racket. Also consider his work in stealing every non-GMO'd heirlooom plant seed into the Doomsday Seed Vault and the implications of flooding the world with more toxic GMO'd foodplants that only kill more when they are encouraged to sow the same to infect heirloom organic farms!

Bill Gates was groomed by the New World Order a long time ago. They are only averting liability from their selves under the guise of "emergency relief" coerced onto the people with military precision against their unreasonable fear of government intervention.

well (1)

RanchNachos (1239826) | more than 4 years ago | (#32075134)

... did they get the jobs?

Mari had a little posa (1)

Tetsujin (103070) | more than 4 years ago | (#32075476)

The two men, known by the online nicknames "Netkairo" and "Ostiator," were arrested in February by Spanish police for their alleged role in running the "Mariposa" botnet, a malware distribution platform that spread malicious software to more than 12 million Internet addresses from 190 countries (mariposa is Spanish for "butterfly").

I'm sorry, was the definition of mariposa relevant somehow?

Re:Mari had a little posa (0)

Anonymous Coward | more than 4 years ago | (#32081822)

The two men, known by the online nicknames "Netkairo" and "Ostiator," were arrested in February by Spanish police for their alleged role in running the "Mariposa" botnet, a malware distribution platform that spread malicious software to more than 12 million Internet addresses from 190 countries (mariposa is Spanish for "butterfly").

I'm sorry, was the definition of mariposa relevant somehow?

Actually, Mariposa is Spanish slang for a homosexual man. You can hear it shouted at Spanish bullfights, sometimes at the bullfighters, sometimes at the bull.

Interesting job titles (0)

Anonymous Coward | more than 4 years ago | (#32075730)

After going from botmaster, what do you do? Start up a piracy? Perhaps lead a thiefdom or become an underground kingpin? Maybe become a mad scientist (complete with plans to rule the world). The problem with all these is that the law is on you once you've come to their significant attention. So what to do? Perhaps becoming a superhero? As others have stated, turning your hat from black to white has been done by many others before (Kevin Mitnick, Frank Abignail Jr., etc.). The really bad bad guys know how to be bad successfully, or at least for quite a long time, and perhaps learned how to avoid their last mistake (the one that led to them getting caught). Someone who gets caught after their first misdemeanor is a dumb crook. The cops are annoyed. The successful crook is a challenge to them. They have to spend time, money, energy, and effort in capturing them. They may have to devise ingenious methods to catch them. I don't know why people are so quick to say "bwah! NO, are you kidding?". Its just silly.

Arrested? Convicted? Jailed? (1)

Internalist (928097) | more than 4 years ago | (#32076070)

OK, I only read the summary, and haven't followed the whole story that closely, but if these people were arrested in February, why are they not still in jail?

on error resume (0)

Anonymous Coward | more than 4 years ago | (#32076326)

At least they didn't have to submit an updated resume, right?

Financial Genius...or not. (1)

geekmux (1040042) | more than 4 years ago | (#32078216)

So, let me get this straight. You both were in charge of one of the most "successful" botnets in history, yet couldn't even manage to save (read launder) enough money from this "moneymaking machine" to last more than two fucking months of no "income"?!?

Something tells me they should have at least thought about hiring a bean counter instead of pissing all their money away on strippers and blow.

Re: (1)

clint999 (1277046) | more than 4 years ago | (#32081908)

There are always jobs available for ex-cons in carnival operations and commercial fishing.Seriously, there are some ex-cons who turn their lives around and do deserve a second chance. For them, they face the tough road of taking crap work for several years until they can put some distance between themselves and their crime, and show that they've truly went straight (can take as long as ten years or more for many employers to recognize that you're clearly not a criminal anymore).But it's been my experience t

Re: (1)

clint999 (1277046) | more than 4 years ago | (#32087898)

He's not a racist bigot, he's a Spaniard.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>