‘Why I employed a felon’: Jason Calcanis
p2pnet news view Security| P2P:- Back in the 1990s I had another web site. Called OTRiCS (On The Road in CyberSpace), it eventually became fairly popular and I couldn’t afford to keep it online.
But while it was up, it became a kind of hang-out for quite a few members of the hacking fraternity — criminals, to significant segments of the corporate world and their law enforcers, but innovative, boundary pushing explorers to people such as myself.
I got to know quite a few of the people the FBI and others were looking for and with only a couple of exceptions, they were unusually intelligent, law abiding people in any normal sense of the phrase.
They weren’t crooks any more than those who share files with each other are thieves, and many of them are now pulling down better-than-excellent salaries as security experts for some of the firms and organisations they’d hacked.
At least one of them — a kid, really — ended up in jail. He wasn’t crook by any stretch of the imagination and I hope being thrown into a US federal penitentiary with genuine criminals didn’t turn him into one.
But some hackers did indeed turn bad.
Popping out WiFi sniffers
“When I worked for Sony, I watched folks in the IT department read their bosses’ email,” writes Jason Calcanis, founder Mahalo.com, a “human-powered search engine”, which launched in alpha test in May 2007, says the Wikipedia.
He goes on »»»
When I was in high school and college, I watched daily as folks explored the areas of the computer networks they were specifically told not to enter. In fact, I was fired from my first computer job for creating a partition on a hard drive in the computer lab where I stored my files.
When the Web emerged, I watched as folks created honey pots to prove they could socially manipulate people into giving away private information.
Many of these folks moved on to marketing firms which do essentially the same things – except they play by the rules. At conferences, I see people pop out WiFi sniffers and show me passwords of executives in the room.
I’ve heard senior executives recount stories of putting keyboard monitor software on computers in their offices and recording all instant messaging traffic to find out what their employees are up to.
What is the difference between the hackers who put one foot over the line and the ones who race past it? Being bored? A lack of guidance? Low self-esteem? I’m not a psychologist, so I can’t tell you exactly.
Why did he post the observations above on calcanis.com?
Because, “I joined one of our Mahalo employees at Federal District Court as he was sentenced to 48 months in jail for crimes related to computer security,” he blogs.
The employee was John Schiefer, now 28, who in 2007 was, “charged with and agreed to plead guilty … to installing malware on computers, without the knowledge of the computers’ owners, in order to intercept private information and conduct identity theft and wire and bank fraud, as announced by the US Attorney’s Office and the US Department of Justice,” said Associated Content in a post we pulled up from a Google search.
It went on, “The malware, which Schiefer called ’spybots’, would effectively act as a wiretap on protected computers and would access private communications between that computer and bank accounts, such as those on PayPal. Schiefer and others would then use those communications to find out a users’ account name(s), or usernames, and that user’s password(s). Schiefer would then access accounts and make purchases unbeknowst to the true owner. Schiefer also admitted to giving those usernames and passwords to others.
“This case is the first time that anyone has been indicted and convicted with using ‘botnets’ to conduct identity theft. A ‘botnet’ essentially is a ‘zombie’ computer that performs normally and allows users to do anything they would normally, so that malware, or malicious software, can intercept personal information. The number of computers that Schiefer and his associates infected is estimated at 250,000.”
On his blog, Calcanis goes on »»»
Before my employee John Schiefer was sentenced, a violent career criminal was facing 60 months for beating up a prison guard. I could hear John’s breathing deepening as the judge spoke — his fiancee’s leg shaking more and more as the reality of John’s situation set in. John wound up getting 48 months in prison, a number which could be reduced if he behaves himself. He goes to jail on June 1st, and maybe he’ll be out in two or three years.
We didn’t know John was convicted of infecting 250,000 computers with bots when we hired him. We have a rigorous hiring process at Mahalo, in which each candidate must go through an average of five to eight interviews, and in which at least three, but more typically five, references are checked. Our CTO, and one of my oldest friends, Mark Jeffrey, did all of this with John, and he passed with flying colors.
However, Mark screwed up by not doing a simple Google search on John’s name. If Mark had, he would have easily found out about these crimes, we would never have hired John, and I would not be writing this letter. Why would we even take the risk of hiring a felon hacker? No one would, right?
Months after John’s hiring, our VP of Operations found out about the crimes John had committed. We sat down with John and learned about what he did when he was younger, how he was abused as a child, his anger issues, and how he found some level of peace in being part of the team at Mahalo.
Now I was left with the decision to fire John on the spot and cut my losses and responsibility. This was the easy choice, obviously. If I really wanted to cover my butt, I could turn on one of my best friends, Mark Jeffrey, and fire him for making the only mistake he’s ever made working for me. The other option was to keep John on and deal with the potential firestorm of criticism that we’re now facing.
He says he chose to put his job and reputation on the line and keep John employed, adding:
“I’m hoping that the time he’s spent being a productive member of the Mahalo team inspires him to keep his head down in jail. When he comes out, I hope to be able to offer him a job and that we can work together again. Life is short, we all make mistakes and I’m glad we’ve been given the opportunity to work with someone who needs the help and guidance.”
(The pic from which we took the clip was originally posted to Flickr by ElectricSheep at http://flickr.com/photos/31519174@N00/21813314. It was reviewed on 09:48, 24 December 2007 (UTC) by the FlickreviewR robot and confirmed to be licensed under the terms of the cc-by-2.0. Wikipedia.)
JN
calcanis.com – Why I employed a felon, March, 2009
Associated Content - Computer Hacker John Schiefer Charged with Wiretapping to Conduct Fraud, November 10, 2007
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.
