A former data analyst for the Transportation Security Administration was sentenced to two years in prison for planting code in a terrorist screening database server after he was told his position was going to be eliminated. Douglas James Duchak, 46, received the sentence on Tuesday after admitting he planted the sabotage code …
More base than data.
To think that these "data"bases are relied upon to destroy peoples lives on a daily basis.
Not only in America but here with the CRB checks only being as reliable as a disgruntled or vindictive employee.
How much does a toilet cost in the White House?
So, wait a minute, exactly how does one spend nearly a hundred thousand dollars removing malicious code that hadn't even been executed from a machine that was otherwise unaffected?
Yes, er, please, can someone explain that? It costs a lot less to remove the sugar-tainted gas from the tank than it does to replace the engine, so why did this cost more to "fix" than it does for major corporations to repair after a virus or malicious code has wrecked their system? I'm serious, look at the last few articles on this subject, all of the "repair costs" are way below $85k.
I guess that's how much it cost to get things signed in triplicate and to oversee the oversight and whatnot.
RE: Corrective costs...
I have an idea why it cost so much:
Generally, after a security incident, you want to have a full audit done on all the systems and databases the perpetrator had access to, and by a trusted or certified third-party. This way, any other logic bombs that may have been planted can be rooted out, and the third party can certify or guarantee that the issue has been corrected within certain limitations that have been mutually agreed upon by the companies involved (usually through scope of work or similar.)
*That's* why it cost so much.
Was thinking the same thing
...but if this guy was an employee of InfoZen why wasn't InfoZen responsible for the cleanup? If InfoZen was just a contracting agency then maybe I could see it, but typically a service provider (which is what InfoZen looks like) would hold the liability in a normal commercial contract.
Re: Why not InfoZen
Because until InfoZen itself gets a clean bill of health, they are as suspect as their employee, so an outside agency needs to do the audit. The government can probably sue InfoZen to recover the cost of the audit if it fails to collect from the actual perpetrator. But recovering the cost doesn't change the magnitude of the cost reported to the courts.
A better idea
I'd have had a lot more respect for the guy if he'd simply added his superiors names to the no-fly list.
Add Napolitano, Pistole, and every member of Congress while you're at it! Then maybe they'll figure out how stupid the whole thing is....
Oh wait... I forgot who I was talking about.... Well, at least it would annoy them.
seems to me the best approach would be to plant said code while everything is hunky dory rather than waiting for the other foot to drop and surevillance is increased.
mine's the one with a thumb drive in a the false pocket
How did he get his co-worker's credentials?
Either their security is so poor that staff can access (or guess) each other's credentials, or there's a co-worker who shouldn't be writing passwords down on Post-Its.
2 ways to leave your employer
1 - Be smart and take your redundancy package.
2 - Be an idiot and get a couple of years behind bars for attempting pointless revenge that wouldn't have given you your job back anyway.
There are exceptions though: I'm not smart, and I still chose option 1 (heck, I took voluntary redundancy and lit all the lanes, i.e. I got x2 bonus), so you have to be even more stupid than me to go for option 2. I guess it makes me feel better, floating off the bottom of the genetic pool slightly.
HSA and TSA actually terminate people?
It's hard to believe that these two entities, whose annual increases in size more resemble the Pillsbury Doughboy, actually fire people.
I wonder which HSA list he will end up on?
Secure? Critical? Redundant?
If the system was so important and critical that it had the CCTV monitoring etc, then surely it would have been prudent to put the guy on Garden Leave as soon as he was told he was being made redundant.
He didn't suddenly get dumb.
He probably wasn't any more competent at his job than he was at sabotaging it.
Which makes one wonder about the value and accuracy of the database in the first place - and that's not even taking into account the GIGO principle.