Script Kiddie Botnet Operators Ask For Jobs From Security Company That Shut Them Down

from the didn't-work dept

The BBC has a story about how the operators of one of the larger botnets that was recently shut down showed up at the offices of a security researcher who helped bring them down... asking for a job. The article highlights how the researcher, Luis Corrons, basically had figured out who was running the botnet after one of the operators made a mistake and revealed his home computer... which actually was not far from where Corrons worked. It was shut down at the end of last year, but a few months later, Corrons had an interesting experience:
In late March Mr Corrons was preparing for a meeting at Panda's Bilbao lab with a journalist and took a moment to dodge downstairs to get a drink. On the way down he passed two young men coming up.

One asked if he was Luis Corrons. He said yes while wondering who they were.

They introduced themselves which left him no wiser. Then, one of them said; "I'm Ostiator and this is Netkairo."

"It was then I realised these guys were the ones that were arrested in the Mariposa case," he told the BBC. "I thought they wanted to teach me a lesson."
Instead, they asked him for a job, saying that the shutdown of the botnet had "robbed them of their livelihood." Apparently, the two guys started following Corrons on Twitter, sending messages his way and commenting on his blog, before asking for work again. They finally brought in one of the guys for an interview, noting that they wouldn't hire anyone involved in criminal activity. The guy responded that he hadn't been charged with anything. However, Corrons also quickly realized that the guy barely had any technical skills -- pointing out that he didn't write the bot, he just ran it:
"He got really annoyed at that moment, when we told him he was not good enough," said Mr Corrons. Subsequent discussion revealed just how poor their skills were.

"They were given the botnet with all the stuff they needed," said Mr Corrons. "Using it was like using any other program."
So, for the script kiddies out there, perhaps before asking for a job from the security researchers who bring your botnet down, you do a bit of work to make sure you have the actual skills.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    LoL, 10 Jun 2010 @ 4:15am


    I disagree respectfully. What I see here is a lost opportunity to turn misguided youth into something productive a lost opportunity to educate and train people to do something good. That would bring change in society, that would bring real security to all but it is hard and time consuming.

    We all have made mistakes when we were young, it is the age of the dumb and it ends about 35 mostly give it or take some years. Besides most security experts I know and see all started as a scriptkid that wanted to have some fun at some point, One of the founders of Apple put a mock bomb in a locker once, if he did that today he would go to jail and that is a shame.

    Somewhere along the line people lost the patience to teach others in the right way, we forgot compassion and start thinking we can force others to do things, that creates a rich environment for destructive behaviour to flourish because it feeds anger and frustration.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.