Why I employed a felon

Yesterday, I joined one of our Mahalo employees at Federal District Court as he was sentenced to 48 months in jail for crimes related to computer security.

Before my employee John Schiefer was sentenced, a violent career criminal was facing 60 months for beating up a prison guard. I could hear John’s breathing deepening as the judge spoke–his fiancee’s leg shaking more and more as the reality of John’s situation set in. John wound up getting 48 months in prison, a number which could be reduced if he behaves himself. He goes to jail on June 1st, and maybe he’ll be out in two or three years.

We didn’t know John was convicted of infecting 250,000 computers with bots when we hired him. We have a rigorous hiring process at Mahalo, in which each candidate must go through an average of five to eight interviews, and in which at least three, but more typically five, references are checked. Our CTO, and one of my oldest friends, Mark Jeffrey, did all of this with John, and he passed with flying colors.

However, Mark screwed up by not doing a simple Google search on John’s name. If Mark had, he would have easily found out about these crimes, we would never have hired John, and I would not be writing this letter. Why would we even take the risk of hiring a felon hacker? No one would, right?

Months after John’s hiring, our VP of Operations found out about the crimes John had committed. We sat down with John and learned about what he did when he was younger, how he was abused as a child, his anger issues, and how he found some level of peace in being part of the team at Mahalo.

Now I was left with the decision to fire John on the spot and cut my losses and responsibility. This was the easy choice, obviously. If I really wanted to cover my butt, I could turn on one of my best friends, Mark Jeffrey, and fire him for making the only mistake he’s ever made working for me. The other option was to keep John on and deal with the potential firestorm of criticism that we’re now facing.

I chose to put my job and reputation on the line and keep John employed.

At this moment, I’m honestly glad we didn’t know about what John did when we hired him and I’m happy we’ve kept him on board. It’s taught me a lot about society, computer crime and rehabilitation. In John, I see almost every computer programmer from my time “hacking” on BBSes as a kid, attending hacker conferences and hiring “white hat” hackers for a living.

Almost all talented developers push the envelope when they’re young. Anyone in technology knows this dark, dirty little secret.

When I worked for Sony, I watched folks in the IT department read their bosses’ email. When I was in high school and college, I watched daily as folks explored the areas of the computer networks they were specifically told not to enter. In fact, I was fired from my first computer job for creating a partition on a hard drive in the computer lab where I stored my files.

When the Web emerged, I watched as folks created honey pots to prove they could socially manipulate people into giving away private information.

Many of these folks moved on to marketing firms which do essentially the same things–except they play by the rules. At conferences, I see people pop out WiFi sniffers and show me passwords of executives in the room. I’ve heard senior executives recount stories of putting keyboard monitor software on computers in their offices and recording all instant messaging traffic to find out what their employees are up to.

What is the difference between the hackers who put one foot over the line and the ones who race past it? Being bored? A lack of guidance? Low self-esteem? I’m not a psychologist, so I can’t tell you exactly.

However, I consider myself a fairly decent judge of character, and after spending months with John, I’m convinced he was an angry stupid kid when he launched his botnet attack (which did .000000001% of the damage it could have). Now he’s an adult who just wants to make a decent living, spend time with his significant other and breathe the clean air off the Pacific Ocean by our offices in Santa Monica.

John’s going to have to spend a couple of years in jail for what he did. Certainly we have to punish those who’ve committed crimes. But watching this go down, I wish in my heart of hearts that judge had given John a sentence from home, where we could have supervised him.

I’m hoping that the time he’s spent being a productive member of the Mahalo team inspires him to keep his head down in jail. When he comes out, I hope to be able to offer him a job and that we can work together again. Life is short, we all make mistakes and I’m glad we’ve been given the opportunity to work with someone who needs the help and guidance.

Note to Mahalo Users: John’s work is well-supervised. Mahalo follows strict security policies and we don’t store any sensitive data anyway. (Even if one of our employees did go off the deep end, the most they would have access to would be your questions and answers on Mahalo Answers–not much damage can be done there since they’re all public anyway).

Thank you for taking the time to hear me out.

all the best,


  • Marc

    4 years for “computer crimes” what a crock of sh!t!

  • rice1077

    I love how transparent you are about this situation. I think it’s easy to judge someone when they aren’t standing in front of you. But once you get to know a person, it becomes much harder because suddenly its not a black and white issue. People are complex and flawed. What John did was wrong but I’m still not entirely sure that the jail time is warranted. Thank you for being so candid about your decisions.

  • http://brushfirecreative.com Eddie

    Jason, i was really glad to see this letter, trust and compassion for every human being no matter what mistakes they have made
    is a quality our society is surely lacking. This information only goes to strengthen my support for Mahalo and of You. Thanks again for showing the common sense and compassion is live and well. I wish John the best of luck and my thoughts and prayers are with him and his family.

  • Leo Tong

    Nice work Jason, sometimes you just have to give people the benefit of the doubt and give them a chance. Everyone deserves a hand.

  • http://www.thesnarkhunter.com Dan

    As someone who had a “borderline” teen-aged life, I like this essay. Sometimes, the line is pretty thin, and those of us who came out on the good side have to acknwoldege a certain amount of luck.

  • http://www.dadtherapy.com Dave T.

    Four years seems pretty steep if no one lost money or had significant privacy breached. I also don’t understand why a crime like this can’t be turned into public sevice or some sor tof public works program. It’s not like you’re putting the guy who beat a security guard on the streets. How would a hacker harm anyone if he was working at a food bank etc.

  • http://subimage.com Seth B

    Jason, great blog post. I believe you did exactly the
    right thing in sticking by your employees.

    I myself was a “hacker” at a young age, but I loved to break
    into phone systems. I’d stay up nights on BBSes, reading
    textfiles, and pouring over my issues of PHRACK and 2600.

    Most of what my group of friends and I did back them was
    fairly harmless, and we never ended up costing anyone money
    (that I know of).

    When you’re 14 years old and looking to escape from reality
    there’s a certain thrill in exploring new digital territory.

    However, grown up all of my friends who were into hacking
    have gone on to be the smartest, best technical resources I know.

    It sounds as if John falls into this category as well.

    Hackers have a deep desire to learn all things technical
    which I believe gives them an edge over other people who get
    into the field just to grind out life and make a dollar.

    Wishing him all the best in jail. It’s quite surprising that the
    judge wouldn’t recommend house arrest since he had the obvious
    backing of his employer and was contributing to society.

    Jailing nonviolent offenders is a failure of our already
    overpopulated jail system, and just one of the reasons
    the US is in a downward spiral.

    Big government at its worst.

  • Victor

    Interesting situation…I agree the way you handled the matter was appropriate, I would not critisize it…

  • Kevin Keeney


    I continue to be impressed by you and the people you choose to
    surround yourself with.

  • http://www.hitsystems.com James

    So the violent career criminal gets almost the same sentence as a kid who infected some computers with a bot? Gotta love our justice system.

  • Nick

    It sounds like you have complete confidence in his reformation. While
    I was working in a Walmart garage, putting myself through university,
    we had a guy apply for a job who admitted that he had done time, had
    been a serious drug abuser, and was now clean and sober and trying to
    get his life back on track. My then boss said after the interview that
    while the guy seemed good, he couldn’t hire “a guy like that”. I don’t
    know if that was company policy or just his, but it made me feel bad
    for this guy. How can you get your life back on track when even
    Walmart won’t hire you?

    Good for you sticking to your guns. There’s something to be said for
    loyalty to your employees.

    Nick Wilson

    PS: ~about half this comment entry field is under the Flickr pics,
    using Firefox 3.0.6 on Ubuntu 8.10.

  • Oggy

    Hi Jason,

    I understand your point of view and why you need to write this For PR Reasons. But to mention private information about him on your blog such as “abused as a child” etc. Is not tasteful. The poor guy now has half the industry knowing his personal past.

  • http://www.stevekwan.com/ Steve Kwan

    Wow. I hadn’t even heard about this. Good of you to nip it in the bud and explain it before everyone freaks out.

    Hope to hear you discuss this further on TWiT!

  • logicshop

    Thank you for coming out with this.

    Every talented techie that I have ever known pushed the legal
    envelope at some point. Mostly as teenagers, but some as
    young adults also. When it comes down to it, there’s not a
    successful tech company in the world that’s not employing at
    least one (and probably many) ex-black hat hacker.

  • http://www.hallme.com/blog/ Amanda O’Brien

    Your story is very interesting. Thank you so much for sharing! It sounds like you are an excellent judge of character and you perhaps gave this man a second shot at a decent life. Thanks again for sharing your story!

  • landileigh

    Thank you for being a compassionate man and employer. You saw
    beyond a label, and looked for the truth in the person behind


  • http://www.bassamislam.com Bassam

    I think you made the right decision… We all made stupid
    choices when we were kids.
    It’s a bit odd that he’s going to be doing time now for
    something he did a long time ago.
    Still, I have no less confidence in the workings of Mahalo,
    and will continue to be a user.

  • Mary

    This is a thoughtful post. I don’t think much about felons, but were I to be convicted of a crime, I’d hope for a chance at a job, life, happiness, etc too. With the huge (and disproportionate) prison population in America, if it doesn’t happen to us it could happen to someone we know in our lifetimes.

  • http://www.gabesworldnow.com Gabriel

    For what it’s worth I wish there were more people like you that see people can change.

  • frishack

    I think you are doing the right thing, and I hope everything works out for both of you.

  • http://twitter.com/agentv Vincent Lowe

    I applaud you and wish for more leaders like this
    everywhere! Whatever the outcome of this matter, your
    actions will stand for a long time as a model of
    responsibility, compassion, and good judgement.


  • http://tweetburn.com Hyder

    I have to commend you for keeping John on.

    I hope he gets out early for good behaviour and gets back on
    track again.

  • Josh C

    Darn good choice.

    Just because somebody does something (perhaps even murder), doesnt mean that they are always violent and always act that way. Yeah, it’s your choice to keep someone employed but you took a chance on someone who is smart and will be valuable for you.

    For giving someone a fresh start, I commend you.

  • Pat Mahon

    Well done for being up front about it Jason. Good for you and good luck to John.

  • jim

    Congrats on being a stand up man. I’m pretty sure every single one of us has done something which has drifted the realms of legality once or twice in our life and it could have easily been one of us. I think you did a good thing and he was obviously a good productive team member. He’s going to pay the price now and he should be forgiven.

  • http://www.darrenwatt.com/blog Darren

    I’m probably going to be alone in thinking this, but fair play for keeping the guy on. Chances are the sentencing was to make an example of him but everyone makes mistakes.

  • http://blogs.ittoolbox.com/security/investigator/archives/official-securitymonkey-case-file-index-14787 Chiefmonkey


    Bravo! John & I have a lot in common – however I track down and neutralize botnets for a living instead of create them. I think this posting shows a lot of character on your part and I only wish more employers were like you.


    PS – Love the Christopher Walken impersonation on TWIT!

  • matt gore

    jason calacanis is the man for writing this, john is a really good friend of mine, and i agree with everything stated here

  • Wynand Winterbach

    I think you did the right thing.

    I couldn’t help thinking of Barry Schwartz’s TED talk
    as I read this.

    Firing John is what most people would have done.

    Keeping John on board was the wise thing to do.

  • http://twitter.com/bobmock Bob

    Very stand up move Jason. It’s important that we don’t automatically discount and discredit those who have made bad errors in the past but have seen to it to become safe productive members of our communities.

  • Allen Miller

    Way to go Jason. That took guts. Its great to see that you will help him on the other end of the rehabilitation cycle by getting him back into society.
    I appreciate your forward thinking.

  • Paul Otto

    Nicely said, Jason. Everyone deserves second-chances… and speaking as a life-long computer programmer, I agree that most of us HAVE pushed the envelope. Some just don’t know where the fine line is —

  • sean

    Good work!

  • http://informationweek.com Marin

    I appreciate your honesty and understanding, and completely agree with your point on youths hacking. Hopefully things will work out for all the parties involved. Still, the lack of a Google search of the person’s name seems like a fairly jaw-droppping omission …

  • http://www.theskolor.net skolor

    I must be missing something. You hired someone who is obviously very skilled at what they do, and are more than willing to tackle large, difficult tasks. I’m not sure what is so surprising about that, other than the fact that you were considering firing him for something which had taken place well before you hired him.

  • anon

    Grey text on white — very hard to read. Diminishes your writing, but its the trend so what the H.

  • http://www.jonathannguyen.net Jonathan Nguyen

    Kudos to the business for responding so openly and honestly.
    Kudos to you for backing your team.

  • soulsurfer3

    Kudos to you Jason for doing the right thing and keeping John on board after finding out about what he had done earlier. Everyone makes mistakes, some of course bigger and with more consequnces than others.

  • Pingback: Jason Calacanis Makes No Apologies for Hiring a Hacker « SiliconAngle()

  • Dror


    I’m incredibly impressed by your decision. We hear so often in high tech how “it’s all about the team” and “our people are our most important asset” from CEOs that say it because it’s fashionable. You demonstrate in this case your commitment to your team. Very impressive.

  • Pierce M

    It is extremely, incredibly refreshing to hear that an upstanding member of the community is actually willing to treat someone who screwed up long ago with a little respect. I commend your decision to keep him on, and am absolutely thrilled that you did. He is a human being, just like the rest of us. On one hand, a 250,000-server botnet is MASSIVE and could inflict damage both domestically and globally. But on the other? It was stopped. For better or worse. He has obviously changed, as “hot-pockets and WoW” computer hackers generally don’t tend to maintain corporate-level employment often without someone knowing about it. Jason, you are the role model that many, many Americans are not following in their decisions regarding “judgment at first glance”. I will continue using Mahalo as long as I can type, and I certainly hope that is a very, very long time. Keep paying it forward!


  • http://phillymacmedia.com Phillip

    Well said and well done. You’re a stand up guy Jason, that earns you a lot of wuffie points in my universe. That, and did I ever tell you how my high school computer buddies and I hacked in the university computer that we dialed into? 😉

  • Andrew

    While I admire you for sticking by someone you believe to be a genuinely good person but it’s a little disingenuous to refer to John as having been an “angry stupid kid”, or suggesting his acts were that of an over exuberant youth pushing the technology argument.

    This happened two years ago. He was 25.

    That’s not a kid making a mistake. That’s an adult committing crimes.

  • Stuart

    Don’t you usually let someone go if they lied or mislead in an interview.
    Wouldn’t that indicate an ongoing issue of character?

  • Pingback: randalflagg.net()

  • http://blog.componentoriented.com dlambert

    Thanks for writing this. It took real guts to stick with John, and more guts to write this article. I don’t doubt for a minute that you’ll catch all sorts of flack for both.

    I can’t begin to comment on whether anything that’s happening to John is fair. I don’t know a thing about the circumstances or the people involved. I don’t even know if I’d have done the same as you under the same circumstances.

    I do, however, think it’s interesting to look at damages and penalties assessed across white-collar workers who have extracted real damages upon real victims. Bernie Madoff comes to mind.

    Hopefully, this article will drive some productive conversations about how we, as a society, can link crimes, damages, and penalties a little more rationally. If you ask me, I’d be inclined to penalize Madoff a whole lot more severely than I would John.

    But perhaps I’m just missing some facts.

  • http://porto.taf.net/dp/ Tiago Azevedo Fernandes

    Of course you did the right thing.

  • Pingback: Mahalo Growing Rapidly, Opens New Office at Pelican Bay State Prison : The Drama 2.0 Show()

  • Mike Parsons

    Hey Jason … I’d like to say thanks!

    Second chances are hard to come by … nice that you had faith in John.

    All the best!

  • http://motionmedia.ca Andrew Tylosky

    Jason, Your leadership in dealing with this issue is inspiring.
    Its too bad that there are murderers free and corporate criminals,
    and someone like this is dragged to jail.

  • http://augmentology.com netwurker mez

    definitely a rock-N-a-hard-place situation regarding perceived
    boundary-pushing + acceptable legal limitations. also brings up
    issues regarding victim mythologies + notions [both ethical +
    legal] regarding personal responsibility.

  • http://N/A MR

    Very admirable on your part – wish there were more people like you
    in this world.

  • Friend of….

    Startups and businesses of friends were the only shots at gainful employment for felon best friend of mine. A large portion of my drive as an entrepreneur is to open doors to friends of mine who may have crossed the line one step too far. This story says a lot about the social good startups can have on the most basic level. You just got a new mahalo fan. Thanks for the story.

  • Ian Danforth

    I applaud this statement of support and the compassion and courage it demonstrates.

  • Ben

    You need to change your font colour. There is not enough contrast with the background

  • Mark Chessler

    Jason –

    I’ll probably be totally flamed for this, but I have to say that I really respect the way you handled this situation. It tells me that you truly view your employees as family.

    I’m sorry that your employee has to endure such a harsh sentence, but it sounds like he’s living up to his mistakes – and it sounds like you are as well.

    People say a lot of negative things about you and probably will criticize you for your handling of this situation. I, on the other hand applaud you. As someone that was laid off in the past few months, I appreciate your loyalty to a dedicated employee.

    My heart goes out to you, John and the rest of the Mahalo team.


  • Kathleen

    Here here – thank you for a very balanced and empathetic explanation.

  • Pingback: Why you want to have crackers in your security team | :Ben Metcalfe Blog()

  • Bill H

    my guess is the judge could not have departed from the federal sentencing guidelines to much degree. They are an archaic system that need to be replaced. Violent criminals often get probation or shorter sentences but the “guidelines” relegate people who could be productive members of society with some oversight to actual jail time.p

  • George Ellinopoulos

    John isn’t a “talented hacker”. He didn’t code very much at all. In fact he BOUGHT all of the code he used from someone in Amsterdam. Good thing you employ untalented felons!

    Think of it this way Mr. Calacanis: how would you feel if you were one of the thousands who’s info he stole for his own personal gain. i mean honestly this wasn’t a white hat hacking crime of “lemme see if i can do it”. No. It was a federal band fraud crime for self gain and he got caught. Talented? Nope.

    You also you mentioned keeping “his head down in jail”. Did you mean federal prison? I think you meant federal prison. “Mahalo follows strict security policies”. Yes! Clearly! As you’ve demonstrated by employing a well known felon!

    In short: this is purely an attempt to minimize critisism and pass the buck off to “the system” when in reality he committed BANK FRAUD and none of you have any excuse. Instead of apologizing for and correcting your epic fail, you stand by it.

    Luckily there’s an upside to all of this: you know what they make you do in prison? TOSS THE SALAD.

  • Citizen

    Schiefer stole, what, thousands of dollars? Four years.

    Bernie Madoff stole $50,000,000,000. So far Bernie Madoff has spent zero minutes in jails.

  • http://www.krug.tv krug

    Wow, great positive story Jason. Everyone has mucked up once in their life and It’s great you guys gaave John a second chance even after you found out the truth about him.

  • http://www.innovators.co.za Erich Viedge

    You are doing a good thing. Thanks for your post. Restores my faith in human nature!

  • http://www.forummatters.com/forums/forumdisplay.php?f=32&order=desc&page=5 Steve Jackson

    Good on you for giving him a chance. I am sure he will make good in the end.

  • http://maishanamaji.blogspot.com/ Karen Wiggins

    Good on ya!

  • Randy Word

    I applaud you for your course of action in this. I have always
    thought you should follow your gut instinct about people. I
    wish John the best of luck. We do some stupid stuff when we are young.

  • Sean

    This guy deserved more than what he got. He hurt and abused
    people. Just because he did it financially instead of
    physically doesn’t mean he hurt them any less. If someone
    stole my identity and money, that would hurt me a lot more for
    a lot longer than any physical crime against me.

    Even further, though, I can’t believe you would stand behind
    this creep. You really lose any credibility in any rational
    person’s eyes.

  • http://www.twitter.com/guiambros Gui Ambros

    If Mark The CTO had done a google search [1] he’d have discovered
    on the news from 2007 [2] that John Schiefer wasn’t just “an
    angry kid” using his technology expertise to express his
    “frustrations with childhood abuses”.

    He was a real criminal.

    He purposely invaded computers, stole passwords
    and redirected money from people’s bank accounts using the
    army of zoombie computers, and pleaded guilty for it..

    By any perspective, this seems very different from the
    generation of young hackers that grew up watching WarGames
    and ended up reading their bosses’ emails for fun.
    Additionally he was 27; he’s not a kid anymore since more
    than a decade ago, so he knew exactly what he was doing.

    Still, wouldn’t be fair for anyone that doesn’t know the details to
    judge the guy, so I’ll trust the court to determine if he
    deserves the 48 months or not. But what is clear in all this
    is that the fancy hiring process at Mahalo is really fcked up.
    I like your brave attitude of admiting the mistake in public,
    but this is no less embarassing.

    [1] http://is.gd/lXUy

    [2] http://is.gd/m2sU

  • J D

    CAUSE CEOS ARE GUILTY OF A LOT WORSE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!11

  • Jerry


    I applaud you for your decision. Many of us (myself included) have made stupid
    decisions as kids. Many kids get in trouble, but limit the damage they do, because they are
    drinking at a party or racing their cars on dirt road. They are told behave themselves and we
    are told that kids will be kids.

    For those of us with a “hacker” background, the potential for getting into serious trouble can
    be much greater. We have the ability to affect thousands of computers and networks and spread
    the affect of our actions.

    This does not usually mean that we have malice in our hearts or ill-will toward the world. Many
    times we just do things to prove to ourselves that we can. Once we’ve done that, we can move on.
    Perhaps its a form of OCD. I’ve been accused of that enough times.

    I’m glad that you chose to give this individual a chance. I was lucky in that my past actions were
    expunged from my record and so did not affect me once my penance was paid (obviously my crimes
    were not as severe as John’s). I have since grown up a lot, am employed in a great job making decent money
    with an institution that definitely would not have hired me if my record had stayed intact, and I have a great
    family that I have the privilege of being a part of.

    For whatever flak you may be taking, know that there are many in our “community” that commend you
    for your choices.


  • Pingback: [root@EGA]# » Blog Archive » links - 20090305()

  • http://www.dynamicsynergy.com Mark Landay

    If Mahalo retained a executive search firm for their staffing needs, they wouldn’t have this issue.
    It is a choice to hire the best person applying for your job, or hiring
    the best person existing for your opportunity.

  • Pingback: Mahalo security worker gets jail sentence : SupaFeed()

  • A Simple Minded Ghanaian

    Jason, you did good by not firing him. People make mistakes and we need not judge them by their previous actions. Lets take Kevin Mitnick for example, he made a mistake, served his punishment and look at the good work he has done in the computer security industry.

  • http://www.thattalldude.com Shawn K

    This brings back memories of high school, and everything me and my buddy got away with. If they haven’t thrown it out yet, there is an old G3 Mac with about 5000 mp3s hidden in the system folder.

  • http://pragith.net/ Pragith

    That’s such a risky move, and you showed your humane side too. Nice 🙂

  • shamil

    Sounds all good. I hope all goes well for him and you guys.

  • Pingback: 10 Interesting Links From March 5th | Greg In The Desert()

  • http://maheshcr.com/blog Mahesh CR


    I deeply admire your stance on this.

    I see there are a ton of negative opinions on your position but take
    it from me, at the end of the day, one act of forgiveness and reconciliation
    exceeds all the self-serving virtuous stances.

    For whatever it is worth, you have my support.


  • bjupton

    I like how you still found a way to throw Mark under the bus with this post.

    You’re the CEO. The buck stops there.

    “However, Mark screwed up by not doing a simple Google search on John’s name.”

  • http://persona.biz Norbert Mayer-Wittmann

    I wonder how easy / difficult it is to damage a person’s reputation on Google by accusing them of something.

    😐 nmw

  • Robert

    Jason I am amazed at how you are handling this situation.
    I wish all people had the same forgiveness in their hearts.
    Way to be a good person and try to help this guy instead of
    bailing on him and pointing the finger. I am impressed.

  • Pingback: Best PR Update Ever - How To Handle Negative Press | Everything's Better With Brentter()

  • http://www.macewan.org Robert

    Plenty of folks did crazy stupid experimenting in the mid to late ’90s. This young fellow happened to get caught.

  • Pete Austin

    I agree with you most of the way. When I learnt programming 30+ years ago, I was at university on an unrelated course, and the only way to get computer resources was by stealing them. This was pretty much accepted at the time, as the simplest way to let bright students get on with teaching themselves. So I guess, back then at least, all real programmers started as criminals.

    Where I disagree is when you write “when he launched his botnet attack (which did .000000001% of the damage it could have).”

    Assuming your employee is worth keeping, he must have known that the main damage of a botnet is that all those 250,000 computers needs to be wiped and everything re-installed. An average home user, with installed games and browser links etc. would take several hours. Assuming 2 hours each, at $10 per hour, means the damage is already $5 million. So did he not care, and is that not worrying?

  • http://www.santinaenterprises.com Clifton Shepherd

    Hello Jason,
    Thank you for sharing your story.
    I agree with your decision to keep him employed.
    Nobody is perfect and we all make decisions in life that we may regret.
    This man as it seems is now facing those decisions.
    As individuals, we all too often are too quick to judge.
    We judge everyone without first judging ourselves.
    Does it matter what he did in his past? Maybe?
    Can it be an indicator of who he is as a person? Possibly?
    By keeping this man employed, you are also helping our world.
    Imagine if he is unemployed and angry with the world because of his situation in ife?
    Most criminals stay in a life of crime for the reason of not being able to have good employment
    I commend you!!

  • NL Falls

    Thank you for having the honesty, insight, and understanding to share your situation. I commend you for your thoughtfulness and compassion, and for your decision to stand by a good employee who made mistakes in the past. You’re the kind of employer that I’d recommend to others, and your willingness to share this story may, I hope, bring some of the issues you’ve raised to the forefront of policy issues facing the IT world. I hope John’s time will be shortened and that he’ll be paroled soon, for everyone’s sake.

  • http://fliesinmyzoup.blogspot.com Brad Brooks

    Hey Jason,

    Good for you. You guys acted with honour and common sense.


  • Tom

    That’s a very honest, open, and well thought out response.
    Very refreshing to see, really demonstrates the good ethos of Mahalo and yourself –
    How many other CEOs would do this?

    We all make mistakes, nothing serious happened, you say nothing was likely to be able ot have anyway, and you’ve learnt something from it, and share with others.

  • http://alastairs-place.net alastair

    Almost all talented developers push the envelope when they’re young. Anyone in technology knows this dark, dirty little secret.

    Really? Speaking (rather immodestly perhaps) as a talented developer, and one who started programming computers at age 6, I can tell you that I have never done anything like this, and I have never had the inclination to either.

    I’m quite sure, moreover, that I’m in the majority here too, and quite frankly I find the implication an offensive slur on talented developers everywhere.

    Nor do I think you can justify this kind of thing by going on about what a terrible childhood you had or how your parents abused you as a child, or any other such thing. All of those kinds of things are truly awful, but they don’t make you turn to crime; that’s a choice you make for yourself. It may be a hard choice for some and an easier choice for others, but you still have a choice.

    Do I think you should fire him? Well, personally I think someone with a criminal past should be up front about that at his interview and/or on the job application form. It seems that he didn’t tell the interviewers about this, and so I think if it were my company I’d probably fire him as a result. I also think his continued employment has already caused harm to your company’s reputation, which in many contracts of employment is itself sufficient grounds for dismissal.

    At the very least I think you should make him issue a public apology to those whose machines he compromised, and to anyone who those bots were subsequently used against, whether to send spam or to perform some kind of distributed attack. That might at least go some way to reassuring some of your users about the appropriateness of Mr. Schiefer’s continued employment and potential access to their personal data.

  • Mark


    I agree with what you have done… firing John the spot would of been easy and probably the safest option.

    However it shows your strength of character and resolve that people who are truly repentant deserve a second chance.

    If you were working in Banking or Finance you might not have been able to go down this path but a big CONGRATULATIONS for putting your reputation on the line, and being honest about it.

    Its good to see that in this day and age there are people who don´t always choose the easy path!

    Big Thumbs up for you!



    PS: I am not a convicted felon

  • http://www.itproportal.com F.D. Athow

    I can only say two words… Gary McKinnon…

  • Pingback: Botnet Hacker Gets Four Years | JustEzine.com - Free Articles Source()

  • http://palmia.org Jerry Moore

    Very well put Jason. You never cease to amaze me with your command of the English language. In addition to having a brilliant mind you appear to have a big heart.

  • http://www.tuffpups.com Leo Sanders

    Good Job,
    I would like to personally thank you for taking a chance, you will probably be one of the few
    things that will help him to get through what he’s about to experience. If he is a great a employee
    which I get the feeling that he is, make sure that you let it be known, to him and his fiancee
    give her a letter stating that you’d rehire him upon his release. I’m sure it would def keep his head
    up and help him to know that he’s got hope on release

  • openajax

    This was very brave of you to continue to work with John.
    This makes like Mahalo MORe, not less. It also shows that you thought of security safeguards INSIDE your system BEFORE they became a problem
    The only problem I have – 4 years for a botnet attack? That seems harsh. I HATE virusus but giving 4 years for a kid’s prank seem severe

  • Grant Burhans

    Read your posting regarding John’s plight and by the end I was sympathetic and wished he was given a lighter sentence, as you stated. Then I googled him, read in full what he actually did, something you made to sound so innocent, added some bots to some computers.

    Wow, he was convicted of bank and wire fraud. Capturing PayPal and banking account numbers and passwords, using info to make purchases, and gave the info to others.

    Kinda left that out didn’t you?

    As a business owner, I wish they’d given him 30 years, and all those like him, so the hackers of the world would get the message.

    Jason, be honest in your reporting from now on!

  • Pingback: The News: Most CIOs See Holding onto Staff « The Dice News Blog()

  • http://www.techsectorlaw.com jebb dykstra, santa monica

    My name is Jebb Dykstra. I live and work in Santa Monica. I am deeply impressed with your compassion shown to John. Job well done as a leader of Mahalo.

    Tough blow for the guy to recover from. But with a little help
    from people like you, he has a chance. As an employer, you faced
    a really tough choice. I would hope to take the same compassionate choice you made.

    You are definitely a lightning rod for the Internet community, but this was a good thing you did.

    jebb dykstra

  • http://www.vidainnovation.com padajo

    Surprised no-one has commented.

    I congratulate you on your approach. I think it takes a lot of guts to stand up and give someone a second chance. Mistakes are made all the time, some big, some small. It’s your response to those mistakes that proves the kind of human being you are.

    I hope that in the same situation, I’d do the same thing.

  • http://jonmagic.com Jonathan Hoyt

    Jason, I applaud you, and our prayers are with John as he serves his sentence.

  • Assistant U.S. Attorney Mark C. Krause

    So your faith in someone who is an accomplished conman, duping his clients into entrusting him with the keys of the kingdom, outweights your responsibility to your investors, employees and your customers?

    What happens when a year from now you find that he’s planted malware on hundreds of mahalo pages?

    What troubled me about this particular case is that it involved an
    individual entrusted with making sure that computers are safe – he was
    an information security specialist – but while at work, he was
    infecting people’s computers, putting wiretap programs on them,
    catching people’s user names and passwords, and forcing the infected
    computers to disgorge the most confidential banking information, and
    then encouraging juveniles to use this information to steal people’s

  • EnvoyPV

    I appreciate the fact that you didn’t just go with the knee-jerk reaction, and that you took the time to present your case.

  • Andrew

    Sounds like you’ve experienced a changed man. Hopefully
    others will see this and know that all people make
    mistakes and some will learn from them. Those that do need
    to be given the right to reintegrate themselves into society.

  • Pingback: Ask the Angels » Blog Archive » Startup Challenges and Failures()

  • Charlie

    Congratulations on your ethics.

    Too many times, our felons when released from prison are
    condemned to committing further crimes because they can’t get
    an even break at acquiring decent employment.

    True, most criminals are not likely as educated as your
    individual is; but none the less; without social reform by
    corporations to hire the felon the detention system becomes
    more of a revolving door; hence the high repeat
    incarceration rate.

    Jason, I applaud your personal integrity; perhaps you should
    start a movement to “Hire the Felon” when they are released
    from prison. Perhaps your actions will go a long way towards
    reversing the re-incarceration rate we currently observe.

  • anonymous

    Mr. Calcanis:

    You should have done a more diligent job of vetting him
    prior to hiring. He did not provide full disclosure during
    the interview/hiring process, which in most companies is
    cause for termination.

    The laws exist for good reason…like to maintain social order
    and prevent abuses of other’s rights.

    Our society expects laws to be obeyed.
    This is in the interest of all citizens.

    Youth is not an excuse for lawbreaking, abuse or otherwise.

    Character matters and integrity counts.

    Maybe if it was your own personal identity that was stolen
    by hackers you may feel differently.

    He is getting a strong dose of reality currently.

    Good luck.

  • Pingback: The Vortex: Jailhouse Rock « The Guidewire()

  • http://www.quidnuncgroup.com Justin Hibbard

    Jason, I’m sorry to hear about your experience with Mr. Schiefer. Unfortunately, I’ve heard too many of these kinds of stories in my line of work. I run an investigative services firm that specializes in providing due diligence and fraud investigations to businesses. In pre-employment background checks, I’ve seen everything from fictitious work experience to omitted lawsuits and criminal records. Even with the limited resources of a startup company, it pays to invest in a pre-employment screen, especially for someone who will be overseeing security. As I’m sure you realize, the situation with Mr. Schiefer could have turned out a lot worse than it did. Kudos to you for handling the situation responsibly once you learned about it.

  • Pingback: Roundup: VC departure complications, Facebook ToS issues not stopping growth, and more » VentureBeat()

  • Pingback: Why I employed a felon (Jason Calacanis/The Jason Calacanis Weblog) » SpinSafe()

  • Pingback: Freetracking.org » Mahalo: Our hacker employee is no threat to your privacy()

  • Brian

    Good for you Jason and good for Mahalo. It sounds like John has turned his life around since his childhood problems. Sometimes people deserve a second chance.

  • http://www.robertgodden.com.au Robert Godden

    Well said, Jason.
    Many of us have made mistakes and used poor judgement as teens; seems like the few that get caught are made examples of.

  • payter

    Cheers to you, Jason.

  • Adam

    Great to see someone’s boss actually support them, especially
    regarding something like this. Here’s hoping he can return to work
    out there in less than 48 months.

  • http://www.thepomoblog.com Terry Heaton

    This was an inspirational post, Jason. I wish your friend well.

  • Pingback: Network Security Blog » Saturday morning reading, 03/07/09()

  • MDG

    Well said, I think that putting people to work with skills such as this gentlemen had is a far better avenue.
    Think what kind of contributions this guy could make in a supervised enviroment while still being a productive member of society.
    Given the current state of the economy I think a Not for Profit could have used his skills or something along those lines
    2 words, Shortsighted and Wasteful.

  • http://www.secom.net Ryan D.

    I am glad to hear that you are willing to work with John once he is released from jail. Not many companies are willing to take that chance but as you stated in your posting, everything is highly monitored and there is very little threat or need to worry.

    If John did he job accordingly and didn’t do anything malicious on the side, then I too would agree that by re-hiring him for your company would be a wise choice, especially if he was good at his job.

    I do not feel that it would be the appropriate thing to do by limiting John out of a future career due to his past of ignorance and violence towards the community given his past circumstances.

    In all, best of luck to John and the Mahalo company.


  • Pingback: GNC-2009-03-06 #457 Back in the Flow here in Japan « Technical Support Geek()

  • iagree

    Many of the best programmers in the games industry coded demos and/or cracked games in their youth.
    That was part of learning in the 1980s when there were few books on the subject.
    It shows passion.

    The real question is how much harm did a person’s capers cause.

  • Victoria Nesta

    You’ve got to be kidding me with this statement right? You are willing to hire a conficted felon to your company knowing well what he did? It shows how little integrity in your company is!

  • Pingback: Mahalo: Our hacker employee is no threat to your privacy()

  • Papalapadapolis

    Hi Jason,

    Gee .. pehaps the poor little abused angry punk should have thought of the CONSEQUENCES of his behavior when he did his nasty deed infecting AND affecting so many good citizen’s PCs and their lives. I think people are a little fed up with the excuses these little angry punks feed us about being abused as children. As far as statistics go, there aren’t many of us in society who haven’t been abused in one way or another as children.

    Hopefully, none of the families and friends of the DEAD victims of university killings, 911 or other senseless crimes will stumble upon your dribble, defending the angry punks of our society. Hopefully, you or one of your family or friends will never become one of those victims either.

    I hope John’s happy-ass gets a good beating from all the other poor “abused-as-children” punks sitting in prison with him who can’t conform to society and our laws. Let’s put a big message out there that this behavior will NOT be tolerated anymore! Maybe our society will be a better place.

  • David

    “Three, but more typically five, references are checked”, “well-supervised”, “strict security policies”, “must go through an average of five to eight interviews”.

    Blah, blah, blah… what a boatload of CYA BS.

    You sound like Ken “Wasn’t Me” Lay.

    Epic Fail.

  • asif2bd

    Thanks for letting us know that.

  • Pingback: WriteItDown.cz » Blog Archive » iuoooii iuiuzzttuui()

  • shut up

    Noone cares, he is a criminal. Get over him ( who sounds like your boyfriend), and yourself

  • Davor

    thumbs up!

  • Pingback: Botnet owner sentenced to 4 years in jail | EC-Comp.com()

  • http://www.evilplayer.com Ryan

    Excellent story. Much respect to you Jason.

  • Pingback: Security Briefing - March 9th : Liquidmatrix Security Digest()

  • Pingback: Mahalo Learns Lesson Hiring A Felon - 5WPR()

  • http://www.employeescreen.com Nick Fishman

    This is certainly a cautionary tale for others to heed about the importance of performing proper due diligence on job candidates. It is also a tough lesson for anyone to have to learn. I am a bit troubled by your “remedy” though. Perhaps a Google search might have helped you in this instance, but the prescribed best practice is to conduct a thorough background check on prospective employees. In this case, a criminal record search would have revealed the charges and would have provided valuable information about the nature of the offense. While a conviction hadn’t taken place yet, you would have known about pending court dates. As an owner of a global background screening organization, I know I am a bit biased, but you can’t discount the fact that organizations both large and small have incorporated this process into their every day hiring practices.

  • Rob Brown

    What an interesting perspective.

    I was referred to the story of John Schiefer from a friend whom I’ve told how excited I am about Mahalo and specifically, Mahalo Answers.

    Jason, I find your seemingly transparent view of Schiefer’s actions interesting. Working on the Internet has exposed me to both the squeaky clean whites through to the darkest blacks. I think that to obtain an expert level knowledge of any industry, one must learn each component as a whole.

    I also feel somewhat sorry for your CTO, Mark Jeffery. Prior to this going public, he must have felt somewhat ashamed of exposing the company to a PR event but more than that, he was likely disappointed with the possibility of loosing a talented team member.

    However, the real story here is in the details that have been glazed over both in popular syndicated media and in your own recollection of recent events. Questions such as “when did he choose to turn the botnet off”, “what are the short and long term reach of his network”, and especially, “how much money (both tangible and not) was lost as a direct result of his actions”. I’m sure that the legal system did a good job of evaluating these questions and to be frank, I don’t want the answers.

    I’d really like to commend you for evaluating the skills and current desires of an individual employee. You’re right to say that it would have been an easier path to fire him, but it must speak volumes in your office that you’re willing to stand behind them both professionally and personally.

  • http://remeadial.com Remeadial


    You made the right choice. Sometimes people (especially white
    collar people, make choices without thinking about the actual
    harm. They only think, do. Test the waters. Etc. The
    person they become is much different if their morals are there.

    Some of our best IT has come from people who broke the law.
    Unfortunately, it is the truly talented people who test this
    to know how really “good” they are. I hope your employee
    survives this and comes back better and more loyal for it. It
    will be an ordeal for sure.

  • Pingback: Mahalo security worker gets jail sentence()

  • jennalee

    wow that was a very inspirational story! i wish there more understanding people in the world like yourself. may john have a good future, and you keep making good decisions!

  • Jonah

    thank you for giving someone a chance

  • Pingback: TheWayoftheWeb » A compilation/best of/round-up/braindump…()

  • http://markgoulston.com Dr. Mark

    Good for you Jason at seeing the good in John and going to bat for him. I had someone who saw the good in me when I didn’t see it, stood up for me when I couldn’t and caused me to be committed to paying it forward ever since.

    Someone said that the measure of a civilization is how it treats those who have hurt it and those who are hurting in it. I think that is also the measure of evolution, namely the less evolved resort to “an eye for an eye” and ignoring the legitimately hurt and legitimately needy (as opposed to those who merely claim to be).

    Clearly John on a small level hurt society, but even more clearly is how he has been hurt by it.

    And by the way, Jason, your secret that you really have a soft side inside your tough outside is safe with me.

  • Donny_the_DM

    Bravo to you sir.

    You have made an example that should be the new bar, after all, a lot of people don’t realize just how many ex-cons are really out there.

  • Sam

    wow…. being an ex-felon myself and to read this was
    incredibly inspirational. i myself did not commit a computer
    crime, however, i did commit a non-violent crime and was prosecuted. i was young
    and did not make a good decsion. fortunately i did not recieve
    the maximum sentence, but i do have to admit that the stigma still
    haunts me. good for you for looking beyond some of the tarnish
    that sits on many americans. while i commited a felonius act,
    i myself still consider myself a great employee and asset to
    any organization that will invest in me. im grateful for those
    that still believe in their own ability to judge character. thanks for the poset.

  • http://www.interminds.com Bill Townsend

    The legal system will determine John’s fate (as it apparently has), but it is refreshing to see a company support an employee and give them the benefit of a doubt. Many “techies” undertake activities when they are younger that would not be approved of later in life. I’ve employed former hackers and code breakers who have turned out to be exemplary employees. Each employee deserves to be judged on their individual merit and hopefully the blogosphere will not wrecklessly attack you or your company without knowing the full story.

  • Pingback: SearchCap: The Day In Search, March 6, 2009 | Web SEO ppc NY()

  • Pingback: 10 Interesting Links From March 5th | Greg In The Desert()

  • http://www.MIBBIT.com XDS

    I appreciate jason’s sincerity in this situation, but even more i can appreciate DrMark’s response/comment(S).

    Let bygones be bygones and let it go. Life really is to short.

    People have done further worse things, and now it’s going to be the american tax payer picking up the tab for the next 48 months, what a shortsighted judge to say the least.

  • Kevin

    That’s really a bold decision from John. I appreciate it.

  • http://www.idontneedajob.com Poker Blog

    Thanks for the post, I just wish when I needed a job I could.

  • Pingback: GNC-2009-03-06 #457 Back in the Flow here in Japan | Geek News Central()

  • http://www.tripcart.com road trip planner

    I am impressed by your post. You covered many different angles – each one responsibly. Should be required reading for Auto and Bank CEO’s

  • mike

    What he is neglecting to mention is that the bot that
    infected all of those computers stole paypal and bank account
    usernames and passwords that he then used to make purchases.

    So he didn’t use a harmless bot on 250,000 computers he
    commited identity theft, theft, and fruad on 250,000 people.

    This jason guy is obviously stupid as fuck. also jason implies
    he was underage at the time of the incident, which is a
    complete lie.

    Somebody is just covering there ass because they don’t
    know how to do there job!

  • Pingback: Botnet owner sentenced to 4 years in jail | Jarralz Gaming News Portal -()

  • Pingback: Botnet owner sentenced to 4 years in jail « Tech News & Reviews()

  • RH Browning

    I too hire felons. I won’t go into a long sermon about it, but I will tell a short story that makes my point. I knew two brothers that, as teens, stole a car and crashed it. One brother, Michael, felt horrible and two days later, turned himself in to take responsibility. The older brother, chuck,did not. Michael spent 2 years in reform school and never ratted on chuck. Both ended up getting college degrees and went on to medical school at University of Miami. One day Michael (who was at the top of the class) was called into the Dean’s office and expelled–they had learned that he had a felony record as a child. The Dean said, “we have a duty to protect the profession against persons such as you.” Chuck graduated and is a cardiologist–a man who had a “clean” record for lack of ability to take responsibility. The more honest brother is now unemployed due to a tainted background check, because he was honest enough to set forward and take his punishment. You decide which brother deserves to be a physician–or employed at all. I’d hire Michael any day over a person who hid from responsibility and has a “clean” record.

  • Pingback: ReleaseTest » Botnet owner sentenced to 4 years in jail()