Slashdot Mirror

← Back to Stories (view on slashdot.org)

Confessed Botnet Master Is a Security Professional

Posted by CmdrTaco on from the he-should-know-better dept.

An anonymous reader writes "John Schiefer, the Los Angeles security consultant who in last 2007 admitted wielding a 250,000-node botnet to steal bank passwords, sometimes from work, says he's spent the past 15 months working as a professional in the security scene while awaiting sentencing. Prosecutors are pushing for a five-year sentence, noting the exceptional threat he represented to society."

19 of 278 comments (clear)

  1. This should come as no surprise by htnmmo · · Score: 4, Insightful

    Not everyone can create a botnet. There's some skill involved and you have to know details about vulnerabilities and how to exploit them.

    Did you expect him to be a shoe salesman?

    This is like that guy from the Gaming Control board that was cheating slots.

    1. Re:This should come as no surprise by TheRealMindChild · · Score: 3, Insightful

      There's some skill involved and you have to know details about vulnerabilities and how to exploit them.Not generally. When you see a run of the mill buffer-overflow-execute-anything-you-want exploit, it usually only takes changing values of a few variables to get it to deliver your payload vs. what the example was doing.

      --

      "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
  2. Disgraceful by DeadPixels · · Score: 4, Insightful

    While I'm not surprised that it was someone heavily involved in the field, as a future security professional myself, I'm rather ashamed that this man's greed won out over his ethics.

  3. I miss the old days by MillionthMonkey · · Score: 4, Insightful

    Their culprit would turn out to be a pimple-faced highschool kid dialing in with his VIC-Modem and Commodore 64, and then he'd maybe even get a drudging job offer. Nowadays the job offer part comes first.

  4. Being sexually abused is a mitigating factor? by Anonymous Coward · · Score: 4, Insightful

    Schiefer's attorney also said his history included a "substance abuse problem" and being "the target of sexual abuse."

    Riiight, because most victims of sexual abuse go and create botnets to steal bank passwords. Disingenuous much?

    1. Re:Being sexually abused is a mitigating factor? by Anonymous Coward · · Score: 4, Insightful

      Riiight, because most victims of sexual abuse go and create botnets to steal bank passwords. Disingenuous much?

      No, but they do engage in self destructive behavior such as substance abuse, addiction and crime.
      (not an excuse).

  5. Five years? by brian0918 · · Score: 3, Insightful

    Is it just me, or does 5 years seem kinda low for someone who has infiltrated 250,000 computers and has been stealing bank account passwords??

  6. It's not shoe salesman vs IT, it's "one of us" by Wrexs0ul · · Score: 5, Insightful

    I think the surprise doesn't come from the fact it was a security guy, but the idea that someone like a lot of slashdotters is that capable of hurting others. Outside of the money and women, part of what we do as IT is helping and protecting people in the wild west that is networks. The fact a "good guy" could be bad is an extra sucker punch because a lot of folks here deep down probably wouldn't do that, and would have a tough time associating with the reasons why.

    Idealistic, eh? Still, sucks when John Wayne saves the girl only to go rob the bank one town over.

    -Matt

    --
    --- Need web hosting?
    1. Re:It's not shoe salesman vs IT, it's "one of us" by Anonymous Coward · · Score: 5, Insightful

      I wouldn't be surprised to find that most people are not too far away from the Office Space mentality: Having something to lose, fear of punishment and lack of opportunities seem to be the only barriers. Why do you think Russia is teeming with black hats? Those are intelligent people who have little to lose and much to gain by joining the dark side.

      Ethics is a team sport. We're not all heroes who do the right thing no matter what is being done to us. The hero or one-man-army image of security professionals should fade away. It's a delusion. People of all ranks and professions have it in them, as you should have noticed in the recent months. You have to account for people going rogue. Redundancy, verification and limited power are the way to security, not hiring a wizard.

    2. Re:It's not shoe salesman vs IT, it's "one of us" by Anonymous Coward · · Score: 5, Insightful

      "Good? Bad? I'm the one with the gun." - Ash, Army of Darkness

      What do you mean, "one of us"? A common thief? An opportunistic prick who capitalizes on the ignorance of others? A coward, afraid to face the consequences of his actions? A foolish asshole who thought he would never get caught? None of those describe me (and I suspect not you either).

      Oh.. You mean he works in the IT department? That doesn't make him a "good" guy. In this country any asshole has the same opportunities as you or I. Its what we make of those opportunities that defines us.

      There is nothing inherently noble about working in IT.

  7. Hear that sound? by yttrstein · · Score: 3, Insightful

    That's the sound of 30,000 other security professionals simultaneously saying "no shit!"

  8. Re:Substantial Threat to Society? by Comatose51 · · Score: 5, Insightful

    Depends on who you ask. If you're asking a socially conservative, self-righteous "virtuous" woman, she might say "yes", it's the girl fault. We know there are countries where people are like that. On Slashdot, if you ask a bunch of condescending techies about being a victim of a cyber crime, there's a good possibility that some of the people will blame the victim. I'm not saying that they're right but simply their perspective is narrower and maybe even biased. Personally, counting on people for reasonable, correct behavior is a fool's hope and failing to account for people's tendency to act less than reasonable is a weakness in any security system or protocol.

    --
    EvilCON - Made Famous by /.
  9. Devine Comedy by 0100010001010011 · · Score: 3, Insightful

    Well he's already on path for the 8th or 9th circle of hell.

    8th Circle:
    Bolgia 8: Fraudulent advisors are encased in individual flames.

    9th Circle:
    Round 2: Antenora is named for Antenor of Troy, who according to medieval tradition betrayed his city to the Greeks. Traitors to political entities, such as party, city, or country, are located here.

    1. Re:Devine Comedy by Chaos+Incarnate · · Score: 4, Insightful

      But that's just the normal Hell. Doesn't he deserve the special Hell, along with child molesters and people who talk in the theater?

      --
      Benford's Corollary to Clarke's Law: "Any technology distinguishable from magic is insufficiently advanced."
  10. Re:You really want a rape analogy? by MozeeToby · · Score: 5, Insightful

    The closes I can get to a rape analogy is that a woman seeks out a man, asks him for sex, does the deed, and then the next morning decides he wasn't the guy she was looking for. He was supposed to be a pretty screensaver, and instead turned out to be a spambot. There he is, in her bedroom, writing letters and taking stamps out of her desk.

    No, the anology here would be: A woman asks out what seems to be a nice man for dinner. At dinner he slips a roofy into her drink, drags her back to the car and rapes her. The next morning she knows that something is wrong, but can't remember a thing and so doesn't properly report it or deal with the consequences.

  11. Re:Smart People by schnikies79 · · Score: 5, Insightful

    The only person that can be blamed is him. Not his parents, not the school, not society.

    No one put a gun to his head and made him hack. Take some responsibility.

    Ridiculous.

    --
    Gone!
  12. Re:Substantial Threat to Society? by TubeSteak · · Score: 3, Insightful

    Personally, counting on people for reasonable, correct behavior is a fool's hope and failing to account for people's tendency to act less than reasonable is a weakness in any security system or protocol.

    The difference between meatspace crimes and internet crimes is the level of risk.

    You can get away with less security in the real world,
    because the level of risk to commit crimes is much higher.
    Online, the risk is lower and in response, your level of security should be much higher.

    --
    [Fuck Beta]
    o0t!
  13. Re:BANKSTER wannabe by Steauengeglase · · Score: 3, Insightful

    If I had to points I'd mod you insightful.

  14. In all seriousness... by CarpetShark · · Score: 5, Insightful

    From TFA:

    Prosecutors are pushing for a five-year sentence, noting the exceptional threat he represented to society.

    From your comment:

    ...the US prosecutor could just allege that he's capable of starting World War III...

    In all seriousness, it's a really bad idea to suggest that being capable of something, or representing a threat, is enough to punish someone for. Yes, this guy has probably caused a lot of damage. Should we convict him on the "probably"? No. Get some real, hard evidence, then do something. Preferably, do something useful, like show him how much damage he caused, and introduce him to the people who's lives he messed up, rather than just taking revenge on him. People who do that (namely, most of the so-called justice system) are part of the problem that makes this a dog-eat-dog world, not part of the solution.