14 DAY TRIAL // John Kenneth Schiefer, 27, from Los Angeles, has been sentenced by a federal court to four years in prison and the payment of $22,500 in damages and fines for infecting some one quarter million computers with information-stealing malware. The hacker has been working for the past several months as a technician for Mahalo.com, the company failing to check his background when employing him.
Schiefer, going by the online nickname of "acidstorm," used to work as an IT security consultant for a firm called 3G Communications. However, in his spare time, the rogue security professional engaged in illegal activities, which involved raising an army of zombie computers by infecting them with malware, stealing money from compromised accounts, and launching denial of service attacks.
The cyber-criminal entered a guilty plea agreement 16 months ago, but while awaiting his sentencing, he continued to look for work in the industry. Eventually, around five months ago, he was extended a job offer from Mahalo.com, a company running a search engine that relies on human-decisions.
The interesting fact is that the firm's management only found out about Schiefer's history and story recently and, despite this fact, it decided to keep him employed. The mistake was apparently made by Mahalo's CTO, Mark Jeffrey, who failed to do a simple Google search before hiring him.
"After really a lot of careful deliberation and looking at exactly what damage he could do here and how he was being supervised, we made a compassionate decision to let him work up to the day that he goes to prison," Mahalo CEO Jason Calacanis commented for The Register.
Meanwhile, Mark Jeffrey vouched in favor of the soon-to-be incarcerated bot runner. "In the time that I've known John, he has been a model employee, and indeed, a model human being. I would hire him again in a second," he said.
In a post on his blog, Jason Calacanis made a note to Mahalo users, assuring them that "John’s work is well-supervised. Mahalo follows strict security policies and we don’t store any sensitive data anyway." He further explained that "Even if one of our employees did go off the deep end, the most they would have access to would be your questions and answers on Mahalo Answers–not much damage can be done there since they’re all public anyway."
According to the judge's decision, Schiefer has 90 days to turn himself in to prison officials and start serving his sentence and only time will tell if his story is just another example of a former-hacker switching sides. A lot of well known IT professionals today engaged in questionable activities when they were young, and some of them even served time in jail.
We have recently reported about a Romanian hacker who is undergoing a three-year-sentence in Italy for identity theft. After amazing his professors from the Polytechnic University of Milano and the Italian media with his intelligence and skills in the field of informatics, authorities are considering changing his sentence into house arrest and hiring him to help them prosecute and prevent online crime.