We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Hacker gets four years for botnet attacks

Search engine employee hacked Paypal accounts

A search engine employee has been given a four-year jail sentence after infecting 250,000 PCs with malicious botnets.

Mahalo employee John Schiefer pleaded guilty to hacking, fraud and wiretapping charges in the US. He was arrested in 2007 as part of an investigation against botnet makers, called Operation Bot Roast II.

The case marks the first time that someone has been charged with operating a botnet under US wiretapping laws. Schiefer could have been sentenced to as much as five years in prison on the charges.

When they hired him, Mahalo executives didn't know about his criminal activities. In a blog posting, Mahalo founder Jason Calacanis said company CTO Mark Jeffrey had "screwed up by not doing a simple Google search on John's name", but he stood by his employee, saying there is a fine line between hackers "who put one foot over the line" and commit minor indiscretions, and others like Schiefer, who "race past it".

"I consider myself a fairly decent judge of character, and after spending months with John, I'm convinced he was an angry stupid kid when he launched his botnet attack (which did .000000001 percent of the damage it could have)," Calacanis said.

"Now he's an adult who just wants to make a decent living, spend time with his significant other and breathe the clean air off the Pacific Ocean by our offices in Santa Monica."

"When he comes out, I hope to be able to offer him a job and that we can work together again," Calacanis said.

PC security advice

Broadband speed tester

Schiefer built his botnet army while a consultant at 3G Communications, a small Los Angeles telecommunications company. The network, built with the help of two accomplices, was used to snoop in on internet traffic between victims' computers and financial institutions such as PayPal, prosecutors said. Schiefer would then make purchases or simply drain his victims' bank accounts.

He used several partners in the scheme - some of them minors whom he "bullied ... into participating in the crimes," said prosecutors in the suit.

In another scam, a Dutch online marketing company called Simpel Internet paid him more than $19,000 for installing the company's TopConverting adware on PCs, which he did without the consent of his victims. As part of his plea agreement, Schiefer will pay $20,000 in restitution to Simpel Internet and the financial institutions he defrauded.

He also used the botnet to launch distributed denial of service (DDOS) attacks, and in an interview with the FBI he claimed to have knocked the Los Angeles Times' website offline, prosecutors said.

Schiefer seemed happy with the money he was making from his scams. According to evidence entered into court, another one of his instant messaging signatures read: "Crime pays, and it also has an excellent benefits package".

See also: Microsoft to patch critical Windows bug


IDG UK Sites

Samsung Galaxy S6 release date, features and specs rumours: When will the Galaxy S6 come out?

IDG UK Sites

Why people aren't upgrading to iOS 8: new features are for power users, not the average Joe

IDG UK Sites

Free rocket & space sounds: NASA launches archive of interstellar audio on SoundCloud

IDG UK Sites

iPad Air 2 review: Insanely fast and alarmingly thin. Speed tests, camera tests, beautiful...