Would you let a convicted botnet builder keep his job?

Davey Winder
Friday, 06 March 2009 17:41

Your IT - Home IT

As a security consultant gets four years in prison for helping to build a botnet which infected a quarter million computers, his IT company boss says he will give him a job when he is released.

When Mahalo human-powered search CTO Mark Jeffrey hired John Kenneth Schiefer it seems he had not been spending time with Google to vet the application.

If he had have done then the small detail that Schiefer had been convicted of being a botnet builder, spreading malware to some 250,000 computers in the process. According to Mahalo CEO Jason Calacanis they have a rigorous hiring process in place.

This includes anywhere between five and eight interviews plus the checking of anything up to five references. Schiefer passed them all.

He probably would not have passed a simple Googling test though, considering his name had been hitting all the headlines since November 2007 when he was caught up in the FBI's Operation Bot Roast II investigation and ended up pleading guilty to his part in the crime.

Calacanis admits that had this bit of information been discovered then Mahalo would "never have hired John" after all nobody would "take the risk of hiring a felon hacker" would they? Well that's where it gets interesting. With Schiefer being sentenced to a 48 month jail term this week, Calacanis has gone on the record to stand up for his employee.

Writing in his blog Calacanis reveals how some months after hiring the botnet builder Malalo disovered his past and sat down to talk with him about it. "...I was left with the decision to fire John on the spot and cut my losses and responsibility" Calacanis writes "If I really wanted to cover my butt, I could turn on one of my best friends, Mark Jeffrey, and fire him for making the only mistake he’s ever made working for me."

Yet he did not do this, instead he chose to put his job and reputation on the line and keep Schiefer employed.

"In John, I see almost every computer programmer from my time “hacking” on BBSes as a kid, attending hacker conferences and hiring “white hat” hackers for a living. Almost all talented developers push the envelope when they’re young. Anyone in technology knows this dark, dirty little secret" he says.

Having spent months working closely with Schiefer, Calacanis is convinced he was an "angry stupid kid" when he launched that botnet attack and now is an "adult who just wants to make a decent living."

"When he comes out, I hope to be able to offer him a job and that we can work together again" Calacanis concludes.

So, would you let a convicted botnet builder keep his job?