back to article Front-end dev cops to billing NSA $220,000 for hours he didn't work

A software developer employed by two different IT subcontractors participating in separate National Security Agency (NSA) contracts has pleaded guilty to submitting false claims about the number of hours he worked, according to the US Department of Justice. Kyle Duran Smego, a 40-year-old software engineer residing in Raleigh …

  1. livin' thing
    WTF?

    Scam undone by...

    CCTV-ing his family 24x7; monitoring all their emails, data usage, phone calls, financial transactions, location of every device; eavesdropping on all conversations; bugging his home; hacking into his bank, social media, every account he ever opened; doing the same to all his friends, relatives, colleagues, acquaintances, people living in the same country as him.

    Still that's ok; he might've been an unamerican terrorist.

    1. Wellyboot Silver badge

      Re: Scam undone by...

      The NSA doing what it was set up to do...

      1. Anonymous Coward
        Anonymous Coward

        Re: Scam undone by...

        The NSA aren't allowed to, that's why they have prism, if GCHQ pass them the data they didn't obtain it and it's now legal. That works both ways, 5 ways actually. It's how you bypass the government and the judiciary because no one is going to pass laws stopping you spying on foreigners.

        1. Anonymous Coward
          Anonymous Coward

          Re: Scam undone by...

          The NSA are allowed to do targeted monitoring but isn't supposed to do mass surveillance but monitoring a suspected wrong doer with the appropriate legal warrants in place.

          Five eyes is the mass surveillance side of things where each country avoids spying on it's own citizens by letting a friendly country do it for them...

    2. macjules Silver badge
      Coat

      Re: Scam undone by...

      Bit of an overReaction for just a front end dev or were they just covering all the Angulars?

      1. Andy Denton

        Re: Scam undone by...

        Depends on your point of Vue

    3. DougS Silver badge
      FAIL

      Huh?

      The NSA wasn't doing any of that. It was simply looking at the times he carded in and out of a secure facility where ALL his work had to be done. There was no working from home for him.

      Not sure what you're on about here, the NSA does some shitty things to be sure but they didn't need to violate the privacy of this guy in any way, let alone that of his family, to uncover his scheme. I guess you're in favor of people stealing from the government because you appear to think a guy who lied about working $220K of hours he didn't work was done somehow done wrong by the NSA!

      1. veti Silver badge

        Re: Huh?

        The "$220k" is what his employer billed. The amount that he got would have been a small fraction of that.

        I hope he's not being asked to repay the whole of that amount himself, because that would be ridiculous.

        Apart from that, I agree with you - this guy has nothing to complain about.

        1. PM from Hell
          Flame

          Re: Huh?

          He should be liable for the whole amount, the debt was incurred in good faith by the company he was working through and the government lost the full amount. If the Subcontracting companies do repay their profit margin less overheads and costs of investigation that could be taken off his debt but the investigation costs may actually increase his debt if that approach is taken.

          But what kind of idiot attempts time fraud in a secure environment. I remember combating this back in the 90's purely by using system login details and phone logs, we had a contractor working on another contract on our time, contrary to the agreed work plan.

          I suspect this was as simple as he was claiming for whole periods when he wasn't on site and a supervising manager just called the facilities department and asked for the access logs. No other technology was needed. If he wasn't on-site he couldn't be working.

          1. Roger 11

            Re: Huh?

            "what kind of idiot attempts time fraud in a secure environment"

            THIS.

          2. veti Silver badge

            Re: Huh?

            If his direct employer really had no idea what he was doing, that suggests a degree of negligence on their part. They have a duty to ensure the accuracy of invoices they present to the client.

            I can see taking the guy at his word for a few weeks, but this went on for years. At that point, I'm less inclined to accept the claim that they acted "in good faith".

          3. LucreLout Silver badge

            Re: Huh?

            But what kind of idiot attempts time fraud in a secure environment.

            I feel you could have stopped with "But what kind of idiot attempts time fraud", because stealing from your employer is just dumb. Don't do it folks.

            If they've pissed you off - leave and get a better job.

            If they've payed you below market rate - leave and get a better job.

            If they've walked back on your agreed promotion - leave and get a better job.

            There's no kind of criminal record that is going to help you get a job. Screwing yourself over forever in order to screw them over today is not a smart play. Just leave, and get a better job.

      2. Tom Paine Silver badge

        Re: Huh?

        If people can't be bothered to read the story, why can you be bothered to explain it to them? It's very publicx spirited of you, I'm not complaining, just puzzled...

    4. gbshore

      Re: Scam undone by...

      ... conspiracy theory or not.... are you saying that what he and the Prime Contractor did was fine? How completely and utterly absurd.. what an ignorant comment

  2. Paul Herber Silver badge
    Gimp

    Smegohead!

    1. Andy The Hat Silver badge

      Actually it's

      Smeeeeeggggg-ooooooo-heeeeeeed followed by a smug mode grin :-)

    2. Anonymous Coward
      Anonymous Coward

      Smeagol's time is preeecious!

      1. Paul Herber Silver badge

        That has a ring of truth about it.

        1. LucreLout Silver badge
          Joke

          It'll be a ring of fire by the end of October.

  3. Anonymous Coward
    Anonymous Coward

    Who watches the watchers?

    Based on this case, it appears that the watchers watch the watchers.

    1. Kane Silver badge
      Black Helicopters

      Re: Who watches the watchers?

      "Based on this case, it appears that the watchers watch the watchers."

      .

      .

      'Quis custodiet ipsos custodies? Your grace.'

      'I know that one,' said Vimes. 'Who watches the watchmen? Me, Mr Pessimal.'

      'Ah, but who watches you, your grace?' said the inspector, with a brief smile.

      'I do that too. All the time,' said Vimes.

  4. Wellyboot Silver badge
    Big Brother

    Epic Chutzpah

    To even think he could get away with overbooking time to that extent (near double) on a NSA site.

    Did he think they don't do security & access audits explicitly looking for suspicious activity.

    1. lglethal Silver badge
      Facepalm

      Re: Epic Chutzpah

      I've heard of people overbooking when they're working off site or from home or the like. But overbooking when you're working on site and have recorded access to secure areas? The stupidity in this one is staggering...

    2. Tuesday Is Soylent Green Day

      Re: Epic Chutzpah

      It's government so people think its a pushover and that no-one checks. That perception persists even though technology has advanced to the point where such activity is easy and quick to detect.

  5. TimMaher
    WTF?

    Loads'a money!

    159.80 pint tokens an hour.

    ... and then he cheated.

    Wow!

    1. John Robson Silver badge

      Re: Loads'a money!

      THat's not what *he* got paid - it's what the government were billed.

  6. Anonymous South African Coward Silver badge

    Bitten off more than he could chew?

  7. Peter D

    Pretty crappy pay

    I wouldn't get out of bed for that money. It's no wonder he scammed them.

  8. SVV Silver badge

    I bet his work wasn't all that great

    "Haha, I reckon I'll get away with scamming these idiots!"

    1. TechnicalBen Silver badge
      Joke

      Re: I bet his work wasn't all that great

      You say that. But I bet he had a feeling he was being watched. How to prove it? "If I just submit these fake invoices, they'll only know if they *are* watching me... hahahahaha, checkmate secret spies!"

  9. Aristotles slow and dimwitted horse Silver badge

    And...

    And it obviously shows how the US Gov are being mendaciously raped in terms of per hour billables by their subcontractors.

    1. veti Silver badge

      Re: And...

      It shows that there is at least one instance of overcharging. It doesn't show anything about how widespread the issue may be.

  10. jmch Silver badge

    Subcontractor / integrator ripoff

    " labor rates billed at $112.26 to $128.78 per hour for the first subcontractor and $159.08 per hour [is there a missing "for the second subcontractor"in this sentence?]... the average hourly rate for a front-end developer in the Washington, DC, area is about $36.20 per hour."

    So I presume the subcontractots were paying this guy $50-60 and hour and making well over 100% markup. Even if this guy worked 100% of the time he was paid for, NSA was still getting ripped off!

    1. lglethal Silver badge
      Go

      Re: Subcontractor / integrator ripoff

      The labor rates billed by a subcontracting firm are always 2-3x the rate of the actual worker. It's only natural as they've got to pay overheads (HR, facilities, IT, management, etc...). That's normal business. Admittedly, if he's working on site and the contracting firm are providing the IT equipment, then the rate should be less, probably 1.5-2x, as even then there's still overheads to pay. As such, the first rate looks fine to me, the second definitely looks inflated though.

      1. Hans Neeson-Bumpsadese Silver badge

        Re: Subcontractor / integrator ripoff

        That average hourly rate is probably for a general developer, rather than someone who has the required level of security clearance.

        I'd expect someone who has been vetted would command a higher rate...that said, the final numbers here still seem inflated

        1. Ian Emery Silver badge

          Re: Subcontractor / integrator ripoff

          Back in the 80's my employer subbed me out (at the customers* request), for a weeks work on the customers site.

          My employer charged them £100 +VAT per hour, and paid me £7.65 per hour.

          Apparently, they would normally charge £150 +VAT per hour, but as I was only an apprentice....

          Yeah, you read that correctly, the customer asked for me, a mere apprentice, based on the quality of the work they received that had been done by me; and the 2 days were to bring the qualified staffs work up to my standard.

          The "qualified" staff were more than a bit pissed; especially as I got use of a company car for the duration.

          *Babcock's Robotic Truck division.

      2. DougS Silver badge

        Re: Subcontractor / integrator ripoff

        The labor rates billed by a subcontracting firm are always 2-3x the rate of the actual worker.

        That's not true at all. It depends on how you get the job. For employees of the subcontractor, yes that will probably be true. If they have to find a contractor themselves because they don't have a particular skill in-house they won't be able to take a cut that large, but it will still be healthy.

        I've always arranged my gigs myself, which this guy may have done here if he knew people in charge of the projects he was hired for. I'll bet once you've been on a few NSA projects and you're good you probably have a lot of contacts so you aren't forced to go through the subcontractors to find them for you. I arrange with them what I want to be paid, and they tell the subcontracting company "this is what DougS gets" and arrange separately for what the subcontractor will get. That's the difference between the subcontractor locating the necessary skill and the client locating the necessary skill.

        I'm not always privy to the amounts they are paying the subcontractor but I have been often enough that I know they are getting about $10 or $15 a hour off my contracts - it is corp to corp so it is 100% profit for them with only the overhead of forwarding my invoices upstream, and they don't pay me until they get paid so they aren't incurring any float either.

  11. The IT Ghost
    Pirate

    I wonder if he'll end up on the hook for the whole 220k, or only the quarter or so of it he actually got paid. Seems like the sub should cough up their chunk too. But they'll probably be allowed to keep it...its only tax dollars, after all. They can always get more.

    1. Wellyboot Silver badge

      The $220k is just the first of many new problems, with his goverment security status binned and federal jail time for fraud who would hire him to do anything in IT?

      1. Mr Sceptical
        Pirate

        Jobs wanted: former NSA developers seeking foreign travel??

        I dunno, he could find a job with less scupulous overseas employers in South America or Eatern Europe?

        Icon for the likelyhood of a bloody/radioactive end --->

        1. Hans 1 Silver badge
          Paris Hilton

          Re: Jobs wanted: former NSA developers seeking foreign travel??

          Who in their right mind would hire a numpty dev who does not know what a keypass is ?

          To think for ONE second l33ts doing illegal activities would hire this numpty is beyond me ... these outfits have the most stringent scurity policies in place, the idea is to make as much cash as possible without getting caught ...

    2. jmch Silver badge

      "Seems like the sub should cough up their chunk too. "

      Every contract that I've had, it's part of the responsibility of the subcontractor to verify hours claimed. Typically by reconciling the claim against the end client's timesheet program, or even getting end client's timesheet data directly.

      So whoever was signing off on this guys' timesheets (whether an NSA line manager or the subcontractor's project manager ) for 6 months + without noticing almost double hours claimed vs worked should be looked at

      1. DougS Silver badge

        That assumes whoever is signing his timesheet has access to the records of card-in/card-out times. When I'm consulting I often have someone who has no idea what I'm doing signing my timesheets - it might be a secretary or a manager in charge of stuff I have nothing to do with (because he signs all the contractor timesheets)

        Even if it is someone I'm interacting with that doesn't mean they'd be able to verify my hours - if they didn't remember seeing me at my desk after lunch the last few days is that because I never came back in after lunch, because I was stuck in meetings all afternoon, or because I was in the bathroom when he happened to walk by? There is a lot of variation in work output, so someone who works half as many hours might get as much done as someone who is working overtime every week.

        Only a true micromanager would be able to know that the timesheets they are signing are wrong.

        1. tfewster Silver badge
          Facepalm

          Maybe it took an hour to get from the front door to his desk due to access controls, plus searches on the way out. I'd count that as working time, or adjust my rate to cover it.

          But someone is going to notice a persistent slacker and mention it.

          1. DougS Silver badge

            I doubt NSA secure sites are cubical farms

            They want to eliminate accidental glances at classified material. I'll bet there are a bunch of small offices, or at at least the cubicals have high walls and doors.

            People probably don't have any incentive to rat out slackers on a big contracting project. I know I wouldn't ever do so unless I was directly asked "how often do you see Bob around?" There's no gain to doing so and as I said you might be wrong because you don't know what the guy is doing. Even if you see him leaving with a backpack or bike helmet or whatever making you believe he's coming in at 10am and leaving at 2pm you don't know if he's splitting his time at another site or maybe comes in at night when you aren't there to work with a team in another time zone.

            If you're right about him you get nothing except management (and possibly many others eventually) knowing you're a snitch, if you're wrong they know that about you plus that you have poor judgment for jumping to conclusions. Why would I ever inform on a slacker employee, and if I was slacking why would anyone ever inform on me? That only happens with full time employees where they have some stake in the company, or are angling for a promotion/bonus. It makes no sense if you are a contractor.

  12. Erik4872

    Pretty dumb

    Another reply beat me to it with the perfect summary -- "Epic chutzpah." He must have thought the NSA was used to just throwing money into the fireplace on contractors and would never check...I'm actually surprised they did, but it goes to show you what's possible. To think you could get away with this when the country's largest surveillance arm is involved is amusing...if you were doing top-secret work that required you to work in a secure facility, shouldn't you assume you're being watched every second you're there?

    The defense contractors employing this guy are the ones cleaning up though...and I hate this about all contracting firms. Why are they getting 100+% margin just for having access to the work? Contractors working directly with the agency/company would save tons of useless overhead.

  13. Anonymous Coward
    Coat

    Straight from the Shirko playbook

    That was an individual contractor. Here we have a whole bigco ...

  14. SWCD

    His Website..

    "The contracts, identified in court documents only as CTS and ROADRALLY were overseen by an unnamed government contractor – possibly Lockheed Martin – that hired a different subcontractor for each job."

    https://www.smegoconsulting.com says he worked for "Chiron Technology Services, Inc" and "Lufburrow and Company"

    No mention on there yet about him having the governments pants down with his big bills.

    1. StargateSg7 Bronze badge

      Re: His Website..

      The CTS project is designed to hookup traffic and security cameras in designated city areas WITHIN the USA and outside of it into a massive single network that uses face and object recognition, expression and gait analysis and numerous other activities recognition software to track people, vehicles, objects and more! It's basically IDENTICAL to what the City of London does with it's massive security cameras system that can track EVERYTHING !!! It's a Panopticon system for the USA.

      And I THINK "Road Rally" is a signals intelligence systems which basically does datamining of personnel, vehicles, objects within city and suburban environments AND within logistics systems (i.e. mail and courier) so that real-time views of people/object/vehicle movements can be correlated to specific activities, time periods and locations. Basically Google Maps with lots of colour coded pins on the map being updated in real-time.

      SO THERE YOU HAVE IT !!!

  15. Jastoner

    How could it happen? That is such a great amount of money!

  16. Anonymous Coward
    Anonymous Coward

    Brilliant name...

    He's a SMEEEEEEEEEEEEE

    He's a SMEEEEEEEEEEEEEEEEE

    He's a SMEEEEEEEHEEEEEEEEEEEEEEEEEE

  17. adnim Silver badge

    Give and take

    I do some work in an office. I have a key card to enter areas of the building. There are two floors and three doors, one door leads outside.

    There are rules about start and end times, break times etc. Understandably so, my employer expects me to do some work for my pay and thus pays me for the hours I work. I consider that fair play. (if not pay)

    I am tracked when I enter and leave the building or change floor. I expect this, I have to swipe an ID card. Did someone say this guy was a developer?

    I don't exactly follow the 'rules', I don't stick to the x minutes for a break x times a day. I do what I need to do to think and do my job. I break those rules but I don't take the piss. I like my HR Dept, they leave me be because I don't take the piss.

    1. Anonymous Coward
      Anonymous Coward

      Re: Give and take

      "I like my HR Dept, they leave me be because I don't take the piss."

      Yeah, I like working where they do that. People who turn up dead on 9am and leave dead on 5pm every day get no slack, those that stick around a little later when needed to finish stuff off now and again equally get no hassle if they occasionally take longer breaks or turn up a little later etc.

  18. Anonymous Coward
    Anonymous Coward

    You do the time and take the dime

    Or you'll do another kind of time....

  19. Anonymous Coward
    Anonymous Coward

    If the NSA are involved then it is obviously a conspiracy to spread misinformation.

    I just can't work out if they are trying to provide proof that their employees are idiots, or trying to provide proof that they see everything?

    Answers on a helicopter. Assuming they see this, and figure out how to fly a helicopter. (Apparently, the cost to reply to an internet comment is not an issue)

    AC box ticked to trick them in to confirming that they identified me through Cloudflare MITMing my post. (I trust that they can't be bothered to compromise the register's database server)

  20. W.S.Gosset Bronze badge

    Name change

    He should change his name from Smego to Gollu.

    Then keep well clear of Mordo.

  21. sum_of_squares
    Devil

    Pretty sure the guy did some stuff at home and when it came to the trial the lawyers where like:

    "OK, you COULD claim that you did some irrelevant stuff at home. Which you can prove, of course. And both of us know that it's not a matter of national security to do some CSS coding or designing at home. But it would be SUCH A SHAME to put you in prison because of a breach of our little non-disclosure obligation, wouln't it? So we suggest we pay you half the price. What do you think about that?"

  22. LyingMan

    Who is the real culprit

    I have seen with one of our sub contractors that they bill for x number of people for that day while we actually have not seen all of them working from the logs. The usual answer from the sub contractor when my boss pushed a bit is they are involved in is that they are doing internal code review / mentoring to improve delivery quality etc .. anymore from my boss won't work as his boss would get upset about the engagement.

    Some agencies in between the actual bod and the client milk a 'little bit more' if the client is naive or has 'relationships'. Don't know what really happened here!

  23. FIA

    Good to see the NSA has learnt it’s lessons about hiring contractors.

  24. K Silver badge

    Smego ...

    Should change his name, Smeagol... his precious is about to get handed to him!

  25. Tom Paine Silver badge
    Trollface

    NFW

    Kyle Duran Smego...

    Poor man was probably suffering chronic PTSD from his childhood. Kyle Duran Smego would certainly have had a torrid time of it, if his school was anything lik mine anyway...

  26. Peter 39

    A dull knife in the drawer. In private industry there is elasticity, as one poster rightly noted. But these scenarios are usually for salaried staff, not people billed by the hour. If that's your gig then bill only those hours you actually work.

    Of course, he's doubly-screwed because his clearance now is worthless. Dumb move, dude.

  27. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921 Bronze badge

    Smego time preciousss is...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019