A former data analyst for the US Transportation Security Agency has been accused of trying to sabotage a terrorist screening database used to vet people with access to sensitive information and secure areas of the nation’s transportation network. 46-year-old Douglas James Duchak, who worked as a TSA contractor for five years, …
A week later? A WEEK LATER??? WTF?
"Forty-six-year-old Douglas James Duchak, who worked as a TSA contractor for five years, planted the malicious code in the server used to maintain the database in mid October, a week after he was told his employment would be terminated at the end of the month, according to documents filed in US District Court in Colorado."
Eh? Why the fuck was he allowed access to the systems after being told he was being terminated? Do the people running things at TSA have absolutely zero clue about security? The mind boggles!
But I guess that's a rhetorical question ... Numpties, the lot of 'em.
Why on earth would you give someone with administrator access to a confidential database a month's warning before terminating them? I thought standard procedure was to announce termination effective immediately, precisely to avoid these kinds of shenanigans.
Who's watching ...
This makes me think that if I'm asked to leave a job, I'm going to ask "Who's replacing me?" and insist that they follow me around for the time remaining until I've left.
First, I'll remind them of these horror stories, and how they wouldn't want to be found short-sighted should sometime go askew. Best we get on with getting the work done but in a responsible manner. I'm looking out for their interests.
Second, that'll be the best way for the replacement to know _everything_ they need to know about the job (cough!). And if he/she doesn't have a clue as to what the words in the running commentary mean, that can be mentioned. I'm looking out for their interests.
Third, if they suddenly can't produce anybody or that person can't be made available for the whole day every day, I'll suggest that I shouldn't work on any sensitive/production/mystery systems without that minder. I'll just work on my resumé and those HasPyLisBy# tutorials. I'm really just looking out for everyone's interests.
Fourth, after being followed around by my minder, how could anything go wrong? That is, how could _I_ have done anything wrong, with the minder trailing along, checking out my procedures, accessing the same systems, reading the scripts/programs, and probably having to use my userid until their privileges were realigned with their new responsibilities.
If anything did go wrong, perhaps it happened after I left? Or before, but without my knowledge? After all, I wasn't watching what the _watcher_ did, was I?
Ya gotta look out for your interests - watch me!
Why did he have access to anything one week after losing his job?
Did he access them on-site or via the internet?
If over the internet, why where these systems even connected to the internet?
Who is responceable for the state of the 3 above?
why do they still have a job?
That's all i can think of right now... but I think it's a good place to start.
... he was given notice but expected to work it.
I saw this once in a small company, one of the IT support people was laid off but made to work the month. Insufficient oversight... we later found all kinds of stuff had walked in that month, and somebody had 'accidentally' set a number of sys admin accounts to be accessible externally...
Never, ever, make someone work their notice, it simply isn't worth the risk.
How did he do it ?
"Forty-six-year-old Douglas James Duchak, who worked as a TSA contractor for five years, planted the malicious code in the server used to maintain the database in mid October, a week after he was told his employment would be terminated at the end of the month, "
I wonder how he could do that one week *after* being laid off. One assumes passwords are changed immediately with termination. Did he have a backdoor already in place he could use ? Also, these kinds of applications should reside in a "walled garden", where access is controlled by some kind of router, which is of course password protected and uses "strong" crypto.
Made mischief between being *told* he was being fired and actually being fired
Those, as others have commented, one does wonder why he wasn't put on garden leave.
It was sabotage, he was...
introducing accurate information!
We used to have a much simpler (and traditional) system. Two large people would appear beside you, one clutching the dreaded black bin bag. You were told to move away from your keyboard and put your personal possessions in the bag (carefully scrutinised). You were then escorted to the door having handed in your pass. The first time you see it done it looks pretty brutal, but does make an awful lot of sense in sensitive IT jobs.
What's the point?
If I were so inclined, I could set up a script that deletes critical files if I don't log on during 5 consecutive working days (and remember to disable it when I go on holiday). If you terminate me without giving me an opportunity to disable the script then you're partly to blame for the consequences, I guess.
The gorillas plus bin bag method makes sense in some cases (if you already suspect the employee of doing something evil, for example) but in most cases the disadvantages outweigh the advantages. You want to stay on good terms with your ex-employee and with their former colleagues, and, as I just pointed out, the unfriendly approach doesn't prevent someone from doing something evil if they are so inclined.
As for why this particular employee was allowed to continue for a week? Perhaps because he only had access to "beta systems used for testing", like he said.
That's positively genteel, working for a Bank, there are some department where the first you know about getting fired is your pass stops working. The second thing is, your ex-boss telling you any personal effects will be forwarded in due course (after they've been rifled through), normally done from the other side of a very locked door.
Imagine how much fun can be had with screwing around with other peoples security passes.
A risk we all face?
Would be interesting to know the truth. Was it malicious or simply a contractor, put on the spot after setting up some test scripts that some muppet managerr didn't understand and hit the panic button?!
WTF is a 'protected computer'??
If it can be hacked, it aint protected. Protected by whom? Or, are they referring to that little chain that I've seen some muppets use that plugs into a socket on the side, the other end attached to the desk with a tiny wood screw? Does that constitute 'protected'? (Chain. Link. Weakest. Help yourselves.)
If it was running Windows, then 'protected computer' is an oxymoron. Just like 'Trusted Computing'.
Rite or wrong
You haveto hand it to the rebels of the dark ages to go up against a Satanic system ruled by gangsters of the worst sort. Inept and cruel.
This story is about just such a one. Whether he was also a baddie or not I don't care. He raged against the machine and I wish him the very best.
And it's time for the management responsible for the "keep your pass for a week" policy to be binned also.
The TSA, your CC details and travel plans safe in their hands
Or rather, not.
Does anyone think *any* part of TSA security is *not* sensitive. I think the words "Travel" and "Security" suggest it all might be.
Those Stupid A*******
TSA the private contractor that loves to play the government agency even more than the US Post.
I smell a setup!
Anyone dealing with security at any level in our govt should be afraid.
Just think if you also get fired and you work there or some other Dept. of Homeland Security
position and you leave because of whatever personal life issue and after you leave then your network account password can be reset and be used by someone else and then they can claim it was you who did it.
I like to see the evidence that shows it was truly him and not some vague electronic foot print.
A pc can be hacked and used as aproxy and log in remotely and to the TSA it would appear he did it when it fact he could be a patsy.