Company hires Botmaster in spite of criminal activity

Post author:Kelli Tarala
Post published:March 6, 2009
Post category:Background Checks / Policy

In January, we blogged about American security consultant John Kenneth Schiefer pleading guilty to four felonies counts, including accessing protected computers to conduct fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud. Now, another company has hired him without even doing a simple Google search on their new employee.
https://enclavesecurit.wpengine.com/blogs/kellitarala/2009/01/28/background-checks-and-references-are-imperative-for-info-sec-professionals/

Mahalo.com, a web company dubs itself a “human-powered search engine”. It is a web-site that contains the results of historical searches performed and collated by people. Mahalo hired Schiefer as a system administrator, and apparently did not even Google their new employee, let along run checks or background checks. Even after learning that Schiefer confessed to extensive botnet crimes just 16 months ago, they are continuing to trust him with system root passwords and other sensitive company information.

“After really a lot of careful deliberation and looking at exactly what damage he could do here and how he was being supervised, we made a compassionate decision to let him work up to the day that he goes to prison,” CEO Jason Calacanis told The Register. “We’ve made a point of supervising him and I talk to him on a daily basis.”

This is an interesting story. We applaud CEO Calacanis for becoming involved in employee relations issues, but, what the heck was he thinking? Background checks and reference checks are controls that companies put in place to help protect themselves from criminal and negligent employees. These controls help a company manage risks, and decrease the likehood of legal action. I wonder if /when General Counsel was consulted about this situation?

As Former President Ronald Reagan used to say, “Trust, but verify!” Do those reference checks and background checks for all employees, not just the ones with system root passwords.

If you want to read more about this, check out the article at Register.com
http://www.theregister.co.uk/2009/03/05/mahalo_computer_felon/

M	T	W	T	F	S	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Please Share This Share this content

You Might Also Like

Company Wants to Keep Botmaster Criminal as SysAdmin After Time Served

Background Checks and References are Imperative for Info Sec Professionals

Hospital ignores Sysadmins, disables Windows Update, pays the Price

Share this content