Re: Botnet Hacker Gets Four Years

[Paul Ferguson <fergdawgster () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Mar 5, 2009 at 3:37 PM, Jon Kibler <Jon.Kibler () aset com> wrote:

> A Los Angeles man was sentenced late Wednesday in federal court to four
> years in prison after pleading guilty last year to infecting as many as
> 250,000 computers and stealing thousands of peoples' identities and
> hijacking their bank accounts.
>
> The Los Angeles authorities said John Schiefer, 27, was the nation's
> first defendant to plead guilty to wiretapping charges in connection to
> using botnets.
>
>        http://blog.wired.com/27bstroke6/2009/03/botnet-hacker-g.html


Also, and perhaps more interestingly:


[snip]

Today, Mahalo CEO Jason Calacanis sent an e-mail to his followers (also
posted on his blog, and worth a read) disclosing that his company
mistakenly hired a man convicted of computer crimes, but who hasn't yet
served his sentence. To retell Calacanis' story with a critical slant, his
employee was caught (unusual for hackers) after launching a botnet attack
that didn't work. And then he lied -- or omitted the telling -- about his
conviction when he was interviewing at Mahalo.

Instead of firing him outright, Calacanis decided to keep him employed
until his prison sentence begins on June 1st.

Of course, we are all flawed, we make lots of mistakes in life, and we owe
each other every kindness. It's possible that Mahalo's errant hire made one
bonehead hacking move and saw the error of his ways, and he'll never do it
again -- although news reports of his crimes paint a much uglier picture.
But it's what Calacanis believes. He says he knows the man, and I admire
him for standing up for him, and keeping him employed when the easy thing,
for a dozen reasons, would be to fire him.

But that doesn't mean I trust the company Mahalo more now. In fact, knowing
that there's a lying, somewhat inept hacker working on Mahalo makes me
wonder what personal data at Mahalo could be exposed. Calacanis takes pains
in his letter to say that the employee's work is "well-supervised" and
limited to simply Mahalo question and answer data. However, Mahalo does
transact financial business, both with users (they can buy Mahalo Dollars),
and of course with advertisers. How walled-off is that transaction data?
How good are the employee's watchers? Who's the hacker in this equation,
anyhow?

[snip]

More:
http://news.cnet.com/8301-17939_109-10189853-2.html

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFJsHJuq1pz9mNUZTMRAtPOAJ9LGEZqpIln2uLribcamXpEIBqGswCfeRTC
baU89pHb5xNZBV9CpWhmh6U=
=bmNs
-----END PGP SIGNATURE-----


-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.