Panda did not hire VXer
Chinese whispers whack facts on Fujacks black hat
Panda Security has reaffirmed its policy of not hiring hackers following incorrect reports that it had hired a infamous Chinese virus writer.
Li Jun, author of the Fujacks worm, "found a job with Panda following his recent release from prison", according to local reports. Not so, according to Panda Security chief exec Juan Santana, who explained that the confusion had arisen because Li had gotten a job with a local software distributor.
"[Li] does not work for Panda Security, and has never worked for Panda Security, either as an employee or as a consultant," Santana explained in a blog post. "We believe the confusion arises from a marketing initiative by a distributor of Panda China where Mr Li was involved. We have a policy whereby we do not and will not hire black-hat hackers and certainly not previously convicted hackers."
Panda was quick to reject attempts by local suspects in the Mariposa botnet case to get themselves hired by the Spanish security software firm, a development that had made the (incorrect) reports that it had hired the author of the Fujacks worm all the more surprising. Anti-virus firms are regularly accused, mostly in jest, of writing virus code themselves or hiring hackers to do it for them.
The truth is that the bad guys are producing more than enough malware variants to keep everyone busy. In addition, the skills that might be needed to write a virus are very different from the knowledge needed to reverse-engineer malware samples and produce an antidote.
Convicted virus authors ought to be allowed a chance at rehabilitation but finding work at an anti-virus firm is certainly not in the supplier's best interests especially since such a firm would generate tons of negative publicity, as a post by net security firm Sophos explains.
Most security software firms – even those outside anti-virus – are similarly not keen on the idea of hiring convicted cybercriminals while been more open to the idea of hiring more ethical white-hat hackers. Even hiring ethical hackers and hobbyists sometimes turns out badly, however.
Chris Soghoian earned notoriety by developing software that allowed users to print fake boarding passes for Northwest Airlines back in 2006, before later creating a map of where tubes of sexual lubricant Astroglide were shipped online – using data supplied by its manufacturer, Biofilm. Soghoian completed the latter exercise to illustrate a privacy concern. Although the exercise failed to result in any prosecution, it did result in a job offer from US consumer watchdog the Federal Trade Commission last year, which Soghoian accepted.
But there were culture clashes from the first day, with Soghoian refusing to submit to a fingerprint scan or complete a background check request. He also strayed from the corporate line by secretly taping Sprint executives talking about handing over customer GPS data at an industry-only conference.
Unsurprisingly, Soghoian's contract has not been renewed, as Forbes reports in greater depth here. ®