Feeds

Panda did not hire VXer

Chinese whispers whack facts on Fujacks black hat

Using blade systems to cut costs and sharpen efficiencies

Panda Security has reaffirmed its policy of not hiring hackers following incorrect reports that it had hired a infamous Chinese virus writer.

Li Jun, author of the Fujacks worm, "found a job with Panda following his recent release from prison", according to local reports. Not so, according to Panda Security chief exec Juan Santana, who explained that the confusion had arisen because Li had gotten a job with a local software distributor.

"[Li] does not work for Panda Security, and has never worked for Panda Security, either as an employee or as a consultant," Santana explained in a blog post. "We believe the confusion arises from a marketing initiative by a distributor of Panda China where Mr Li was involved. We have a policy whereby we do not and will not hire black-hat hackers and certainly not previously convicted hackers."

Panda was quick to reject attempts by local suspects in the Mariposa botnet case to get themselves hired by the Spanish security software firm, a development that had made the (incorrect) reports that it had hired the author of the Fujacks worm all the more surprising. Anti-virus firms are regularly accused, mostly in jest, of writing virus code themselves or hiring hackers to do it for them.

The truth is that the bad guys are producing more than enough malware variants to keep everyone busy. In addition, the skills that might be needed to write a virus are very different from the knowledge needed to reverse-engineer malware samples and produce an antidote.

Convicted virus authors ought to be allowed a chance at rehabilitation but finding work at an anti-virus firm is certainly not in the supplier's best interests especially since such a firm would generate tons of negative publicity, as a post by net security firm Sophos explains.

Most security software firms – even those outside anti-virus – are similarly not keen on the idea of hiring convicted cybercriminals while been more open to the idea of hiring more ethical white-hat hackers. Even hiring ethical hackers and hobbyists sometimes turns out badly, however.

Chris Soghoian earned notoriety by developing software that allowed users to print fake boarding passes for Northwest Airlines back in 2006, before later creating a map of where tubes of sexual lubricant Astroglide were shipped online – using data supplied by its manufacturer, Biofilm. Soghoian completed the latter exercise to illustrate a privacy concern. Although the exercise failed to result in any prosecution, it did result in a job offer from US consumer watchdog the Federal Trade Commission last year, which Soghoian accepted.

But there were culture clashes from the first day, with Soghoian refusing to submit to a fingerprint scan or complete a background check request. He also strayed from the corporate line by secretly taping Sprint executives talking about handing over customer GPS data at an industry-only conference.

Unsurprisingly, Soghoian's contract has not been renewed, as Forbes reports in greater depth here. ®

Boost IT visibility and business value

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.