Mahalo CEO defends IT staffer who ran botnet before being hired

IDG News Service - After Mahalo.com Inc. employee John Schiefer was sentenced this week to four years in prison for leading a botnet scheme before he was hired by the search engine start-up, Mahalo's CEO said he hopes to give Schiefer another job once the sentence is up.

Schiefer was sentenced Wednesday in U.S. District Court in Los Angeles after pleading guilty last April to hacking, fraud and wiretapping charges. He was arrested in 2007 as part of Operation Bot Roast II, an FBI initiative aimed at finding and catching botnet operators.

The case against Schiefer marked the first time that someone had been charged with operating a botnet under federal wiretapping laws.

At the time of his arrest, Schiefer, who is now 27, worked as a security consultant at 3G Communications Corp., a Los Angeles-based network services provider. Court documents say that he used both home and work computers as part of the botnet scheme, in which he and several accomplices infected as many as 250,000 computers with malware and then stole usernames, passwords and financial-account data from the systems.

When Schiefer later was hired by Mahalo, the Santa Monica, Calif.-based company's executives weren't aware of his criminal activities, according to a blog post written yesterday by founder and CEO Jason Calacanis.

Mahalo has a "rigorous hiring process" that includes an average of five to eight interviews and three to five reference checks, Calacanis wrote in his blog. Schiefer passed that process "with flying colors," the CEO said. But he added that Mahalo CTO Mark Jeffrey "screwed up by not doing a simple Google search on John’s name."

Nonetheless, Calacanis stood by Schiefer, saying in the post that Mahalo learned of his crimes months after he was hired and decided not to take "the easy choice" of firing him — a decision that Calacanis said he doesn't regret.

"I consider myself a fairly decent judge of character, and after spending months with John, I’m convinced he was an angry stupid kid when he launched his botnet attack (which did .000000001% of the damage it could have)," Calacanis wrote. "Now he’s an adult who just wants to make a decent living, spend time with his significant other and breathe the clean air off the Pacific Ocean by our offices in Santa Monica."

Schiefer, who is due to report to prison on June 1, is continuing to work at Mahalo in the meantime, according to Calacanis, who said that the convicted hacker "is well-supervised" and that the company has "strict security policies" and doesn't store sensitive data about its customers.

Calacanis also indicated that Mahalo won't shut the door on Schiefer after he goes to prison. "When he comes out, I hope to be able to offer him a job and that we can work together again," Calacanis wrote. "Life is short, we all make mistakes and I'm glad we've been given the opportunity to work with someone who needs the help and guidance."