[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Web maven gives convicted botmaster keys to new kingdom

To: isn@xxxxxxxxxxxxxxx
Subject: [ISN] Web maven gives convicted botmaster keys to new kingdom
From: InfoSec News <alerts@xxxxxxxxxxxxxxx>
Date: Fri, 6 Mar 2009 01:03:05 -0600 (CST)
Delivered-to: isn@xxxxxxxxxxxxxxx
List-archive: <http://www.infosecnews.org/pipermail/isn>
List-help: <mailto:isn-request@infosecnews.org?subject=help>
List-id: InfoSec News <isn.infosecnews.org>
List-post: <mailto:isn@infosecnews.org>
List-subscribe: <http://www.infosecnews.org/mailman/listinfo/isn>, <mailto:isn-request@infosecnews.org?subject=subscribe>
List-unsubscribe: <http://www.infosecnews.org/mailman/listinfo/isn>, <mailto:isn-request@infosecnews.org?subject=unsubscribe>
Organization: InfoSec News - http://www.infosecnews.org/
Sender: isn-bounces@xxxxxxxxxxxxxxx

http://www.theregister.co.uk/2009/03/05/mahalo_computer_felon/

By Dan Goodin in San Francisco
The Register
5th March 2009

For the past four or five months, Mahalo.com has entrusted its site to a 
security consultant who stole hundreds of thousands of bank passwords 
with a massive botnet, which he sometimes administered from his former 
employer's premisis.

For most of that time, serial entrepreneur and Mahalo CEO Jason 
Calacanis was in the dark because no one at the company had bothered to 
Google the employee. But even after learning that 27-year-old John 
Kenneth Schiefer confessed to extensive botnet crimes just 16 months 
ago, they are continuing to trust him with system root passwords and 
other sensitive company information.

"After really a lot of careful deliberation and looking at exactly what 
damage he could do here and how he was being supervised, we made a 
compassionate decision to let him work up to the day that he goes to 
prison," Calacanis told The Register. "We've made a point of supervising 
him and I talk to him on a daily basis."

On Wednesday, a federal judge sentenced Schiefer to serve four years in 
federal prison and pay $20,000 in restitution and a $2,500 fine. The 
hacker, who went by the names Acid and Acidstorm, has been given 90 days 
to surrender to prison officials.

Schiefer's employment with Mahalo exposes an interesting quandary over 
the roles redemption and accountability ought to play when hiring 
employees for sensitive IT positions. Schiefer admitted to pilfering 
hundreds of thousands of online banking passwords, wielding a 
250,000-strong botnet and even illegally accessing computers belonging 
to customers of his former employer, Los Angeles-based 3G 
Communications.

[...]


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/

Prev by Date: [ISN] NYPD faces ID theft risk after data stolen from pension fund
Next by Date: [ISN] Can peer-to-peer coexist with network security?
Previous by thread: [ISN] NYPD faces ID theft risk after data stolen from pension fund
Next by thread: [ISN] Can peer-to-peer coexist with network security?
Index(es):
- Date
- Thread