funsec mailing list archives
Re: Botnet Hacker Gets Four Years
From: Paul Ferguson <fergdawgster () gmail com>
Date: Thu, 5 Mar 2009 16:46:43 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Mar 5, 2009 at 3:37 PM, Jon Kibler <Jon.Kibler () aset com> wrote:
A Los Angeles man was sentenced late Wednesday in federal court to four years in prison after pleading guilty last year to infecting as many as 250,000 computers and stealing thousands of peoples' identities and hijacking their bank accounts. The Los Angeles authorities said John Schiefer, 27, was the nation's first defendant to plead guilty to wiretapping charges in connection to using botnets. http://blog.wired.com/27bstroke6/2009/03/botnet-hacker-g.html
Also, and perhaps more interestingly: [snip] Today, Mahalo CEO Jason Calacanis sent an e-mail to his followers (also posted on his blog, and worth a read) disclosing that his company mistakenly hired a man convicted of computer crimes, but who hasn't yet served his sentence. To retell Calacanis' story with a critical slant, his employee was caught (unusual for hackers) after launching a botnet attack that didn't work. And then he lied -- or omitted the telling -- about his conviction when he was interviewing at Mahalo. Instead of firing him outright, Calacanis decided to keep him employed until his prison sentence begins on June 1st. Of course, we are all flawed, we make lots of mistakes in life, and we owe each other every kindness. It's possible that Mahalo's errant hire made one bonehead hacking move and saw the error of his ways, and he'll never do it again -- although news reports of his crimes paint a much uglier picture. But it's what Calacanis believes. He says he knows the man, and I admire him for standing up for him, and keeping him employed when the easy thing, for a dozen reasons, would be to fire him. But that doesn't mean I trust the company Mahalo more now. In fact, knowing that there's a lying, somewhat inept hacker working on Mahalo makes me wonder what personal data at Mahalo could be exposed. Calacanis takes pains in his letter to say that the employee's work is "well-supervised" and limited to simply Mahalo question and answer data. However, Mahalo does transact financial business, both with users (they can buy Mahalo Dollars), and of course with advertisers. How walled-off is that transaction data? How good are the employee's watchers? Who's the hacker in this equation, anyhow? [snip] More: http://news.cnet.com/8301-17939_109-10189853-2.html - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFJsHJuq1pz9mNUZTMRAtPOAJ9LGEZqpIln2uLribcamXpEIBqGswCfeRTC baU89pHb5xNZBV9CpWhmh6U= =bmNs -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Botnet Hacker Gets Four Years Jon Kibler (Mar 05)
- Re: Botnet Hacker Gets Four Years Paul Ferguson (Mar 05)
- Re: Botnet Hacker Gets Four Years robert_mcmillan (Mar 05)
- Re: Botnet Hacker Gets Four Years Jon Kibler (Mar 05)
- Re: Botnet Hacker Gets Four Years Valdis . Kletnieks (Mar 05)
- Re: Botnet Hacker Gets Four Years Jon Kibler (Mar 06)
- Re: Botnet Hacker Gets Four Years Valdis . Kletnieks (Mar 05)