Web maven gives convicted botmaster keys to new kingdom
PrintMahalo.com embraces Acidstorm
Posted in Enterprise Security, 5th March 2009 21:58 GMT
Free whitepaper – PowerEdge M-Series blades I/O guide
Aggravating factors
It would seem Calacanis didn't read the documents filed in Schiefer's extensive case history. Court papers cite a variety of aggravating factors, including "bullying" underage accomplices to use his botnet software to steal people's personal information. "Quit being a bitch and claim it," Schiefer told a juvenile apprentice named Adam, according to court documents.
He similarly goaded a hacker named phr33k to "rape" the IP address of a target by launching DDoS, or distributed denial of service, attacks and later bragged the he made "more money on bots (infected computers) than people do with legitimate jobs," according to an declaration filed in the case. In addition to selling and giving away pilfered usernames and passwords to cohorts, he also personally used stolen PayPal accounts to buy domain names, according to a plea agreement signed by Schiefer.
Without a doubt, reformed criminals should be given the chance to become productive members of society, but the facts of the case mean that Schiefer's employment at Mahalo is probably a bad idea, said Tom Parker, director of commercial security services at Securicon.
"When the crime is so recent and the person has a history of abusing the trust that they have with their employers, it's a different story," Parker said. "The purpose of going to jail is punishment where you reflect on the bad things you've done and set a new course for yourself. He's obviously not had a chance to do that."
Calacanis said the amount of damage that Schiefer could do is limited. The site offers content for free, doesn't collect sensitive user data, and all user passwords are encrypted, so they can't be viewed by employees, he said.
"The risk is that he damages us and that was a risk I was willing to take," Calacanis said. "If we were PayPal, he wouldn't be working there."
But Ptacek isn't so sure and he points to the regular abuse of content websites by cybercriminals to propagate malware.
"The compromise of one of those sites is part of the botnet food chain," he said. "It's not as if there's no relation between a large content site like Mahalo and the damage caused by a botnet." ®
This story was updated to correct the spelling of Mahalo CEO. It's Calacanis.
Enabling the Agile Data Center
Airport insecurity: the case of lost laptops
Analyst Keynote: The Register Agile Data Center Summit
Unified Server Configurator
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive