One-time security consultant and significant black hat John Schiefer has been sentenced to four years in federal prison after pleading guilty to multiple counts of fraud last April. Schiefer's case began in 2007 when he was charged with having installed malware on computers without the consent of the owner. The responsibilities and permissions granted to Schiefer as a security consultant during his day job afforded him ample opportunity to play black hat on the side; Schiefer and his associates were charged with creating a botnet of up to 250,000 zombies. Both the case and today's ruling are the first of their kind in the United States; presiding Judge Howard Matz apparently wanted to send a strong message to anyone engaged in similar activities.

Schiefer's transgressions were standard; the Department of Justice (DoJ) reported in April that "Schiefer’s...malware allowed him to intercept communications sent between victims’ computers and financial institutions, such as PayPal. Schiefer sifted through those intercepted communications and mined usernames and passwords to accounts...Schiefer made purchases...transferred funds...[and] also gave the stolen usernames and passwords, as well as the wiretapped communications, to others."

Finally, Schiefer pled guilty to defrauding a Dutch advertising company, which hired him to install its software only on the systems of customers who chose to use it. Instead, the former security worker installed the program unilaterally and picked up a $19,000 check for his efforts. Part of his sentence today involves making restitution on that fund.

As the recession has sunk its teeth into the economy, various web security companies have made headlines by predicting that out-of-work techies will turn to botnet mastering or various other illegal businesses to earn a living. His sentence may have a chilling effect on someone who might be contemplating a move to the dark side: it's hard to provide for one's family without a job, but it's even harder to do so from inside a federal prison.