Mahalo CEO defends IT staffer who ran botnet before being hired
Search engine exec says he hopes to offer John Schiefer a new job after sentence is up
March 5, 2009 12:00 PM ETIDG News Service - After Mahalo.com Inc. employee John Schiefer was sentenced this week to four years in prison for leading a botnet scheme before he was hired by the search engine start-up, Mahalo's CEO said he hopes to give Schiefer another job once the sentence is up.
Schiefer was sentenced Wednesday in U.S. District Court in Los Angeles after pleading guilty last April to hacking, fraud and wiretapping charges. He was arrested in 2007 as part of Operation Bot Roast II, an FBI initiative aimed at finding and catching botnet operators.
The case against Schiefer marked the first time that someone had been charged with operating a botnet under federal wiretapping laws.
At the time of his arrest, Schiefer, who is now 27, worked as a security consultant at 3G Communications Corp., a Los Angeles-based network services provider. Court documents say that he used both home and work computers as part of the botnet scheme, in which he and several accomplices infected as many as 250,000 computers with malware and then stole usernames, passwords and financial-account data from the systems.
When Schiefer later was hired by Mahalo, the Santa Monica, Calif.-based company's executives weren't aware of his criminal activities, according to a blog post written yesterday by founder and CEO Jason Calacanis.
Mahalo has a "rigorous hiring process" that includes an average of five to eight interviews and three to five reference checks, Calacanis wrote in his blog. Schiefer passed that process "with flying colors," the CEO said. But he added that Mahalo CTO Mark Jeffrey "screwed up by not doing a simple Google search on John’s name."
Nonetheless, Calacanis stood by Schiefer, saying in the post that Mahalo learned of his crimes months after he was hired and decided not to take "the easy choice" of firing him — a decision that Calacanis said he doesn't regret.
"I consider myself a fairly decent judge of character, and after spending months with John, I’m convinced he was an angry stupid kid when he launched his botnet attack (which did .000000001% of the damage it could have)," Calacanis wrote. "Now he’s an adult who just wants to make a decent living, spend time with his significant other and breathe the clean air off the Pacific Ocean by our offices in Santa Monica."
Schiefer, who is due to report to prison on June 1, is continuing to work at Mahalo in the meantime, according to Calacanis, who said that the convicted hacker "is well-supervised" and that the company has "strict security policies" and doesn't store sensitive data about its customers.
Calacanis also indicated that Mahalo won't shut the door on Schiefer after he goes to prison. "When he comes out, I hope to be able to offer him a job and that we can work together again," Calacanis wrote. "Life is short, we all make mistakes and I'm glad we've been given the opportunity to work with someone who needs the help and guidance."
Reprinted with permission from
Story copyright 2009 International Data Group. All rights reserved.
John Schiefer
Additional Resources



White Papers & Webcasts
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Not Just Words: Enforce Your Email and Web Acceptable Usage Policies
Get this paper now!
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Email Archiving: A Business-Critical Application
Get this paper now!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
IBM ISS X-Force Threat and Risk Report
Learn about all aspects of threats that affect Internet security.
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!
The New World of eCrime: Targeted Brand Attacks and How to Combat Them
Download This Whitepaper Now!
The Commercialization of ITIL: Lessons Learned
Register for this event today!
