Mahalo CEO defends IT staffer who ran botnet before being hired
Search engine exec says he hopes to offer John Schiefer a new job after sentence is up
IDG News Service - After Mahalo.com Inc. employee John Schiefer was sentenced this week to four years in prison for leading a botnet scheme before he was hired by the search engine start-up, Mahalo's CEO said he hopes to give Schiefer another job once the sentence is up.
Schiefer was sentenced Wednesday in U.S. District Court in Los Angeles after pleading guilty last April to hacking, fraud and wiretapping charges. He was arrested in 2007 as part of Operation Bot Roast II, an FBI initiative aimed at finding and catching botnet operators.
The case against Schiefer marked the first time that someone had been charged with operating a botnet under federal wiretapping laws.
At the time of his arrest, Schiefer, who is now 27, worked as a security consultant at 3G Communications Corp., a Los Angeles-based network services provider. Court documents say that he used both home and work computers as part of the botnet scheme, in which he and several accomplices infected as many as 250,000 computers with malware and then stole usernames, passwords and financial-account data from the systems.
When Schiefer later was hired by Mahalo, the Santa Monica, Calif.-based company's executives weren't aware of his criminal activities, according to a blog post written yesterday by founder and CEO Jason Calacanis.
Mahalo has a "rigorous hiring process" that includes an average of five to eight interviews and three to five reference checks, Calacanis wrote in his blog. Schiefer passed that process "with flying colors," the CEO said. But he added that Mahalo CTO Mark Jeffrey "screwed up by not doing a simple Google search on John’s name."
Nonetheless, Calacanis stood by Schiefer, saying in the post that Mahalo learned of his crimes months after he was hired and decided not to take "the easy choice" of firing him — a decision that Calacanis said he doesn't regret.
"I consider myself a fairly decent judge of character, and after spending months with John, I’m convinced he was an angry stupid kid when he launched his botnet attack (which did .000000001% of the damage it could have)," Calacanis wrote. "Now he’s an adult who just wants to make a decent living, spend time with his significant other and breathe the clean air off the Pacific Ocean by our offices in Santa Monica."
Schiefer, who is due to report to prison on June 1, is continuing to work at Mahalo in the meantime, according to Calacanis, who said that the convicted hacker "is well-supervised" and that the company has "strict security policies" and doesn't store sensitive data about its customers.
Calacanis also indicated that Mahalo won't shut the door on Schiefer after he goes to prison. "When he comes out, I hope to be able to offer him a job and that we can work together again," Calacanis wrote. "Life is short, we all make mistakes and I'm glad we've been given the opportunity to work with someone who needs the help and guidance."



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Streamline Compliance and Increase ROI
- Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will...
- Protecting Point of Sale Systems from Targeted Attack
- If you are responsible for protecting retail systems, download this case study to learn how this retailer eliminated the threat of malware on...
- From the Frontline - Preventing APT
- Is your company's network secure? Are your endpoints and servers secured? Before you answer, read this case study on a US Military Command...
- Stop Hackers Before They Attack
- Hacktivism, Identify Theft, Financial Gain, Cyber War - regardless of motivation, stopping today's hackers requires a new proactive approach to protecting endpoints. Learn...
- The four rules of complete web protection
- As an IT manager you've always known the web is a dangerous place. But with infections growing and the demands on your time... All Cybercrime and Hacking White Papers
- WikiLeaks: How am I Affected?
- The latest WikiLeaks episode has raised questions about how organizations and governments protect their sensitive information. While this incident was isolated, it has...
- Optimizing Networks for the Cloud
- Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
- Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
- Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
- Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
- Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
- Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
- Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn... All Cybercrime and Hacking Webcasts