{"id":1047,"date":"2009-03-07T20:15:28","date_gmt":"2009-03-08T04:15:28","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/?p=1047"},"modified":"2009-03-07T20:15:28","modified_gmt":"2009-03-08T04:15:28","slug":"current-event-convicted-botnet-leader-retains-job","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2009\/03\/07\/current-event-convicted-botnet-leader-retains-job\/","title":{"rendered":"Current Event: Convicted Botnet Leader Retains Job"},"content":{"rendered":"<p>In <a href=\"http:\/\/www.computerworld.com\/action\/article.do?command=viewArticleBasic&amp;taxonomyName=cybercrime_and_hacking&amp;articleId=9129054\">three<\/a> <a href=\"http:\/\/www.computerworld.com\/action\/article.do?command=viewArticleBasic&amp;articleId=9129098\">sequential<\/a> <a href=\"http:\/\/www.computerworld.com\/action\/article.do?command=viewArticleBasic&amp;articleId=9129178\">articles<\/a>, <a href=\"http:\/\/www.computerworld.com\/\">ComputerWorld<\/a> traces the sentencing of convicted botnet leader John Schiefer as well as his continued employment at the start-up <a href=\"http:\/\/www.mahalo.com\/\">Mahalo<\/a>.\u00a0 Schiefer is an ex-security consultant and is the first botnet leader to be charged under the wiretap statutes.\u00a0 He entered his guilty plea almost a year ago, but sentencing has been delayed until now.\u00a0 He will be paying $2,500 in fines, paying nearly $20,000 in restitution, and spending 4 years in prison\u00a0 Perhaps what is more interesting is that Mahalo&#8217;s CEO Jason Calacanis has both allowed Scheifer to continue working during this time and has expressed a desire to offer him a job upon his release from prison.\u00a0 Calacanis has defended this decision on the basis that he trusts Schiefer and considers him a changed man from the person who committed the earlier crimes.<\/p>\n<p><!--more-->Clearly, Schiefer&#8217;s sentencing is a consequence of pleading guilty to the charges against him.\u00a0 When he originally obtained his job at Mahalo, his employers were not aware of his criminal activities.\u00a0 They learned of these crimes months after his hiring.\u00a0 However, Calacanis decided not to fire him at that time and stands by that decision: &#8220;I consider myself a fairly decent judge of character, and after spending months with John, I\u2019m convinced he was an angry stupid kid when he launched his botnet attack.&#8221;\u00a0 Regardless of the accuracy of Calacanis&#8217;s\u00a0 assessment, Schiefer is able to keep his job because he gained the trust of his coworkers and employer.\u00a0 In their eyes, he became a person (John Schiefer) instead of a nebulous concept (botnet leader).\u00a0 This speaks to the importance of trust within our society.<\/p>\n<p>Though Calacanis claims that Mahalo&#8217;s hiring process is quite rigorous, it seems that a simple background check would have been sufficient to bring Schiefer&#8217;s past to light (assuming he had already been identified by authorities at the time of hiring).\u00a0 If this wasn&#8217;t done, then Mahalo failed at ensuring the integrity of their hires.\u00a0 If this was done and there was no information, than Mahalo can hardly be held accountable for the original oversight.\u00a0 Another interesting aspect of this case is that Calacanis claims this has affected his perspective on hiring felons.\u00a0 Where previously he said most felons would not have made it to the interview process, his experience with Schiefer has given him some faith in the rehabilitation process and prompted him to rethink his position.<\/p>\n<p>This event brings out important issues about security, trust, and rehabilitation.\u00a0 No one doubts that Schiefer committed the crimes to which he pled guilty.\u00a0 What is an issue is that he is continuing to work in the industry that made his original crimes possible.\u00a0 Even if he continues to be closely supervised, this will give Schiefer ample opportunity to perform more attacks in the future.\u00a0 However, much of the justification of our country&#8217;s penal system is the idea that, after serving one&#8217;s time, a person can become rehabilitated.\u00a0 This allows a person to re-integrate with society and make something of himself.\u00a0 Certainly Schiefer is being given that opportunity, but there is significant security risk in the process.<\/p>\n<p>Because of the two conflicting ideas of security and rehabilitation, I expect that different people will have different opinions on this matter.\u00a0 Furthermore, I suspect that despite disagreeing on the proper course of action, many people would agree that they are &#8220;good&#8221; judges of character.\u00a0 I think that if they met Schiefer they, like Calacanis would have a firm opinion of the proper course of action, whichever course of action they happen to support.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In three sequential articles, ComputerWorld traces the sentencing of convicted botnet leader John Schiefer as well as his continued employment at the start-up Mahalo.\u00a0 Schiefer is an ex-security consultant and is the first botnet leader to be charged under the &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2009\/03\/07\/current-event-convicted-botnet-leader-retains-job\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":112,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,7,8],"tags":[],"class_list":["post-1047","post","type-post","status-publish","format-standard","hentry","category-current-events","category-ethics","category-policy"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/1047","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/112"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=1047"}],"version-history":[{"count":2,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/1047\/revisions"}],"predecessor-version":[{"id":1049,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/1047\/revisions\/1049"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=1047"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=1047"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=1047"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}