Feeds

Panda did not hire VXer

Chinese whispers whack facts on Fujacks black hat

Using blade systems to cut costs and sharpen efficiencies

Panda Security has reaffirmed its policy of not hiring hackers following incorrect reports that it had hired a infamous Chinese virus writer.

Li Jun, author of the Fujacks worm, "found a job with Panda following his recent release from prison", according to local reports. Not so, according to Panda Security chief exec Juan Santana, who explained that the confusion had arisen because Li had gotten a job with a local software distributor.

"[Li] does not work for Panda Security, and has never worked for Panda Security, either as an employee or as a consultant," Santana explained in a blog post. "We believe the confusion arises from a marketing initiative by a distributor of Panda China where Mr Li was involved. We have a policy whereby we do not and will not hire black-hat hackers and certainly not previously convicted hackers."

Panda was quick to reject attempts by local suspects in the Mariposa botnet case to get themselves hired by the Spanish security software firm, a development that had made the (incorrect) reports that it had hired the author of the Fujacks worm all the more surprising. Anti-virus firms are regularly accused, mostly in jest, of writing virus code themselves or hiring hackers to do it for them.

The truth is that the bad guys are producing more than enough malware variants to keep everyone busy. In addition, the skills that might be needed to write a virus are very different from the knowledge needed to reverse-engineer malware samples and produce an antidote.

Convicted virus authors ought to be allowed a chance at rehabilitation but finding work at an anti-virus firm is certainly not in the supplier's best interests especially since such a firm would generate tons of negative publicity, as a post by net security firm Sophos explains.

Most security software firms – even those outside anti-virus – are similarly not keen on the idea of hiring convicted cybercriminals while been more open to the idea of hiring more ethical white-hat hackers. Even hiring ethical hackers and hobbyists sometimes turns out badly, however.

Chris Soghoian earned notoriety by developing software that allowed users to print fake boarding passes for Northwest Airlines back in 2006, before later creating a map of where tubes of sexual lubricant Astroglide were shipped online – using data supplied by its manufacturer, Biofilm. Soghoian completed the latter exercise to illustrate a privacy concern. Although the exercise failed to result in any prosecution, it did result in a job offer from US consumer watchdog the Federal Trade Commission last year, which Soghoian accepted.

But there were culture clashes from the first day, with Soghoian refusing to submit to a fingerprint scan or complete a background check request. He also strayed from the corporate line by secretly taping Sprint executives talking about handing over customer GPS data at an industry-only conference.

Unsurprisingly, Soghoian's contract has not been renewed, as Forbes reports in greater depth here. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.