Slashdot Mirror

← Back to Stories (view on slashdot.org)

Confessed Botnet Master Is a Security Professional

Posted by CmdrTaco on from the he-should-know-better dept.

An anonymous reader writes "John Schiefer, the Los Angeles security consultant who in last 2007 admitted wielding a 250,000-node botnet to steal bank passwords, sometimes from work, says he's spent the past 15 months working as a professional in the security scene while awaiting sentencing. Prosecutors are pushing for a five-year sentence, noting the exceptional threat he represented to society."

18 of 278 comments (clear)

  1. BURN HIM! by erroneus · · Score: 5, Interesting

    He is one of those people who, in my opinion, qualifies for MUCH more harsh punishment. My opinions are on the far extreme though... not likely to happen, but it does call for a good old fashioned lynching.

    1. Re:BURN HIM! by HTH+NE1 · · Score: 5, Interesting

      He is one of those people who, in my opinion, qualifies for MUCH more harsh punishment.

      Well, the US prosecutor could just allege that he's capable of starting World War III if given an opportunity to whistle into a telephone to get him thrown into solitary confinement. It might even be more believable than the last time they used it successfully.

      --
      Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
    2. Re:BURN HIM! by wastedlife · · Score: 5, Funny

      CAT5-o-nine-tails?

      --
      Said, "It's just like dice but it's got more sides And it tells me who lives and who dies"
  2. BANKSTER wannabe by Anonymous Coward · · Score: 5, Funny

    He should have worked in finance. There it's expected for you to loot the company safe and walk away with billions of dollars. Leaving a burning building behind you taxpayers footing the bill for cleaning it up is absolutely expected. Big career path mistake on his part. Perhaps while in prison he can study for his MBA and open a hedge fund on release.

  3. the past 15?!? by gEvil+(beta) · · Score: 5, Funny

    ...says he's spent the past 15 working as a professional in the security scene...

    Oh my God! Only the past 15?!? I've already spent the past 120 perusing slashdot.

    Hint: qualifiers matter.

    --
    This guy's the limit!
  4. 15 months, not years by immakiku · · Score: 5, Informative

    Needs to be clarified is that this is 15 months he spent waiting for punishment, not 15 years. And the lenient sentencing is because he ultimately did not cause much damage.

  5. Re:Substantial Threat to Society? by MozeeToby · · Score: 5, Interesting

    What about the woman that gets raped on the street? Isn't she partly responsible for the rapists behavior?

    Come on people, quit blaming the victim; especially when the victim is an average person (as is evidence by the sheer size that many botnets reach).

  6. From your Friendly Security Professional by Anonymous Coward · · Score: 5, Funny

    My professional opinion is that Internet Explorer is a fast, reliable, and safe web browsing platform.

    Also, make sure ActiveX is turned on. It's important for your safety.

  7. It's not shoe salesman vs IT, it's "one of us" by Wrexs0ul · · Score: 5, Insightful

    I think the surprise doesn't come from the fact it was a security guy, but the idea that someone like a lot of slashdotters is that capable of hurting others. Outside of the money and women, part of what we do as IT is helping and protecting people in the wild west that is networks. The fact a "good guy" could be bad is an extra sucker punch because a lot of folks here deep down probably wouldn't do that, and would have a tough time associating with the reasons why.

    Idealistic, eh? Still, sucks when John Wayne saves the girl only to go rob the bank one town over.

    -Matt

    --
    --- Need web hosting?
    1. Re:It's not shoe salesman vs IT, it's "one of us" by Anonymous Coward · · Score: 5, Insightful

      I wouldn't be surprised to find that most people are not too far away from the Office Space mentality: Having something to lose, fear of punishment and lack of opportunities seem to be the only barriers. Why do you think Russia is teeming with black hats? Those are intelligent people who have little to lose and much to gain by joining the dark side.

      Ethics is a team sport. We're not all heroes who do the right thing no matter what is being done to us. The hero or one-man-army image of security professionals should fade away. It's a delusion. People of all ranks and professions have it in them, as you should have noticed in the recent months. You have to account for people going rogue. Redundancy, verification and limited power are the way to security, not hiring a wizard.

    2. Re:It's not shoe salesman vs IT, it's "one of us" by Anonymous Coward · · Score: 5, Insightful

      "Good? Bad? I'm the one with the gun." - Ash, Army of Darkness

      What do you mean, "one of us"? A common thief? An opportunistic prick who capitalizes on the ignorance of others? A coward, afraid to face the consequences of his actions? A foolish asshole who thought he would never get caught? None of those describe me (and I suspect not you either).

      Oh.. You mean he works in the IT department? That doesn't make him a "good" guy. In this country any asshole has the same opportunities as you or I. Its what we make of those opportunities that defines us.

      There is nothing inherently noble about working in IT.

  8. Re:Substantial Threat to Society? by Comatose51 · · Score: 5, Insightful

    Depends on who you ask. If you're asking a socially conservative, self-righteous "virtuous" woman, she might say "yes", it's the girl fault. We know there are countries where people are like that. On Slashdot, if you ask a bunch of condescending techies about being a victim of a cyber crime, there's a good possibility that some of the people will blame the victim. I'm not saying that they're right but simply their perspective is narrower and maybe even biased. Personally, counting on people for reasonable, correct behavior is a fool's hope and failing to account for people's tendency to act less than reasonable is a weakness in any security system or protocol.

    --
    EvilCON - Made Famous by /.
  9. 70 years for MacKinnon? by gb7djk · · Score: 5, Interesting

    So prosecutors are asking for 5 years for stealing 1000's of bank details by a professional security consultant. Yet for that dastardly foreigner (MacKinnon) and complete amateur that embarrassed the military and did not steal or actually damage anything other than the US Government's pride with his dial-up modem - he is in line for 70 years. Is it just me or is there something wrong here?

  10. Re:You really want a rape analogy? by MozeeToby · · Score: 5, Insightful

    The closes I can get to a rape analogy is that a woman seeks out a man, asks him for sex, does the deed, and then the next morning decides he wasn't the guy she was looking for. He was supposed to be a pretty screensaver, and instead turned out to be a spambot. There he is, in her bedroom, writing letters and taking stamps out of her desk.

    No, the anology here would be: A woman asks out what seems to be a nice man for dinner. At dinner he slips a roofy into her drink, drags her back to the car and rapes her. The next morning she knows that something is wrong, but can't remember a thing and so doesn't properly report it or deal with the consequences.

  11. Re:Smart People by schnikies79 · · Score: 5, Insightful

    The only person that can be blamed is him. Not his parents, not the school, not society.

    No one put a gun to his head and made him hack. Take some responsibility.

    Ridiculous.

    --
    Gone!
  12. Re:This should come as no surprise by Anonymous Coward · · Score: 5, Funny

    Not generally. When you see a run of the mill buffer-overflow-execute-anything-you-want exploit, it usually only takes changing values of a few variables to get it to deliver your payload vs. what the example was doing.

    I'm sure every shoe salesman reading this knows exactly what you're on about.

  13. Re:You really want a rape analogy? by Nick+Ives · · Score: 5, Funny

    I'd view it more like raping someone with learning difficulties. Windows boxes often just don't have the capacity to say no or understand that what their doing might be wrong, they just lack that sort of basic awareness.

    So it's more a case of someone asks a nice man for a lollipop but due to using Windows they can't tell if the man is really nice or indeed if that's really a lollipop.

    --
    Nick
  14. In all seriousness... by CarpetShark · · Score: 5, Insightful

    From TFA:

    Prosecutors are pushing for a five-year sentence, noting the exceptional threat he represented to society.

    From your comment:

    ...the US prosecutor could just allege that he's capable of starting World War III...

    In all seriousness, it's a really bad idea to suggest that being capable of something, or representing a threat, is enough to punish someone for. Yes, this guy has probably caused a lot of damage. Should we convict him on the "probably"? No. Get some real, hard evidence, then do something. Preferably, do something useful, like show him how much damage he caused, and introduce him to the people who's lives he messed up, rather than just taking revenge on him. People who do that (namely, most of the so-called justice system) are part of the problem that makes this a dog-eat-dog world, not part of the solution.