Feds: TSA Worker Tried to Sabotage Terror Database

Source: Wired News

Feds: TSA Worker Tried to Sabotage Terror Database

A former Transportation Security Administration contractor is being charged in Colorado for allegedly injecting malicious code into a government network used for screening airport security workers and others.

The malicious code, a logic bomb installed last October, was designed to cause damage and “disrupt” data on servers on an undisclosed date but was caught by other workers before it delivered its payload.

Douglas James Duchak, 46, had worked as a data analyst at the TSA’s Colorado Springs Operations Center (CSOC) since 2004. The CSOC is used to vet people who have “access to sensitive information and secure areas of the nation’s transportation network,” according to the indictment. A source involved in the case said this involved screening of both passengers and workers at airports and other transportation facilities.

He pleaded not guilty in a Denver federal court on Wednesday and was released on a $25,000 unsecured bond. The indictment did not say whether the malware was crafted to erase or alter data, or simply disable servers.

The CSOC network stores updated information from the government’s terrorist watchlist as well as criminal histories from the United States Marshal’s Service Warrant Information Network.....

Read more: http://www.wired.com/threatlevel/2010/03/tsa-worker-charged-with-attempted-sabotage/

---

More discussion here:

http://www.goodgearguide.com.au/article/339185/former_tsa_analyst_charged_computer_tampering/

http://www.boingboing.net/2010/03/10/tsa-analyst-indicted.html

Fear not, citizens! Your government is keeping you safe.

"was released on a $25,000 unsecured bond"

:wtf:

You can buy a bond for $2,500 to get $25,000 worth of bail. No security, and the guy can just skip. $2,500 could be a hard blow, financially, but going away to jail for a long time might make it worth the loss of the money. I wonder if the authorities are hoping he'll bolt, rather than expose how ticky-tacky their security system is, and how it's not really "protecting" anything except some phoney baloney make work jobs?

Series!111!

it might be a scheduled terrorist attack.

How are we to know of any other possible hackers if they are/were good enough and/or lucky enough to cover their tracks?

Quis custodiet ipsos custodes? ("Who watches the watchers?")

In case he got fired.

:popcorn:

it could be a guy who has issues with the way the system is being abused. Or some personal issue, etc...

I think the liklihood that this is related to any real terrorist plot is very low. Just a feeling. I could be wrong. I am often. :)

May be a good sign that the "system" is functioning at some level, if the story is true and he is guilty.

Would also not be surprised if it was a fabrication.

And if things like this were used to constrict our liberties more, wouldn't put it past anyone either.

Something doesn't smell right.

It is worse than unproductive.

It is counterproductive.

anyone who challenges their ideas.

Had a phone conversation with my State Senator on Monday morning, I do believe, could have been Tuesday. He's a blue dog. They are finishing a short session, sounded like he was just off the floor, could hear the noise in the background. He lowered his voice at one point and told me that sometimes conservatives deserve to win. The context as best I understood our conversation was that we are bad at persuasion sometimes.

Xipe, if you are talking about me, there is a line of Regressives waiting to walk all over you. Go talk to them, you'll see. Weakness isn't a virtue. If I misunderstood, then my bad.

It's right in thee OP. He was given two weeks notice, and injected the virus a week later. He was a disgruntled terminated employee who decided to get a little revenge.

He was also pretty stupid. Logic bombs are always traceable, so he was bound to get caught sooner or later.

Like protesters to the Minneapolis RNC convention weren't treated as terrorists?

And the person who flew his plane into an IRS building wasn't a terrorist?

This is what we get for throwing around words like terrorism. Terrorism is a tactic used by people who feel powerless and sometimes outright revenge.

The only clue you needed that he wasn't going to be called a terrorist was his name.

It may piss you off and inconvenience you, but it's not terrorism.

Terrorism is an act designed to cause fear or panic to exact political change from the target.

Normal people don't get scared when their computers crash, ergo it's NOT terrorism.

There is a corporatist legal push that wants to label ALL disruptive online activities as a form of terrorism. Don't buy into it.

That said, there is ONE caveat. If someone were to attack the IT systems of a hospital with the goal of shutting down power to kill the patients, and they did so in order to further a political viewpoint, that WOULD be terrorism, and I probably wouldn't complain about it being called cyberterrorism. If someone tried to hack the computers of a nuclear power plant to cause a meltdown as an attack against the surrounding population, I WOULD consider that terrorism, and the cyberterrorism label would probably apply here too. The difference here is simple. Attacks designed to hurt PEOPLE are terrorism. Attacks designed to damage THINGS are not.

It should be noted, of course, that under those rules, there has yet to be a single cyberterrorism attack anywhere in the world.

I don't buy into terrorism. It's all semantics.

http://www.nap.edu/openbook.php?record_id=6285&page=7
http://www.justice.gov/criminal/cybercrime/critinfr.htm

B. Presidential Decision Directive 63 - Protecting the Nation's Critical Infrastructures
On May 22, 1998, President Clinton announced two new directives designed to strengthen the Nation's defenses against terrorism and other unconventional threats: Presidential Decision Directives (PDD) 62 and 63. PDD-63 focuses specifically on protecting the Nation's critical infrastructures from both physical and "cyber" attack. These attacks may come from foreign governments, foreign and domestic terrorist organizations, and foreign and domestic criminal organizations. The NIPC is a part of the broader framework of government efforts established by PDD-63. A Fact Sheet summary and more detailed White Paper on PDD-63 are available through the links below.

Fact Sheet on PDD-63

White Paper on PDD-63
C. President's Commission on Critical Infrastructure Protection (PCCIP)

President Clinton created the President's Commission on Critical Infrastructure Protection (PCCIP) to advise and assist the President of the United States by recommending a national strategy for protecting and assuring critical infrastructures from physical and cyber threats. The PCCIP Web site may be accessed via the link below, which provides access to the Commission Final Report as well as Legal Foundations, a compilation of 14 supplemental reports of the PCCIP legal team that provide background on and further explain the legal recommendations that appear in tbe the PCCIP's final report.
PCCIP Web site

PCCIP Final Report

PCCIP Legal Foundations

The Computer Crime and Intellectual Property Section's List of Relevant Web Sites

n/t

:fistbump:

Cybercrime or cyberattacks are the correct term as they properly describe what the crime actually entails. Those terms were coined in saner days when our government understood that words actually meant something.

Then Bush, who never found a dictionary he couldn't doodle in, was sElected to office. Suddenly it was "Terra! Terra! Terra!" Everything was terrorism to him.

It's a reichwing Bushism. Don't get sucked into it.

They walk the person out the door and bring his personal stuff in a box after.

It doesn't say whether he was an employee or a contractor (a very large percentage of federal programmers are contractors). If he was a contractor, they may have simply notified him that his contract wouldn't be renewed. That sort of notice typically happens weeks or months before the contract expiration. On the other hand, if his position were being eliminated, they might also let him know ahead of time that he'd be terminated on date X, and be expected to work until then.

The "escort out the door" thing is fairly common in for-cause terminations, but it's common for people to learn that they'll be losing their jobs weeks or months ahead of time when the employee is eliminated for other reasons.

Which makes it a source of single point failure, as the term goes.

It's not so much the passenger watch lists. Not only do you have gate security giving you the gimlet eye, but if you start
misbehaving on a plane your fellow passengers will be happy to stomp you.

No, the real payoff for criminal or terrorist purposes is the vetting of people with ramp access at airports-
They don't get searched. All they have to do to get in is have a TSA ID card.

Think "Lufthansa robbery". Or the opportunity to put in (or remove) something not on the manifest onto a cargo plane
or the hold of a passenger airliner.

Sounds like they're not taking this very seriously.

Either way, it would keep details out of the public eye...

Seriously, this guy could have been working for the GOP in order to try and fufill Cheney's deepest desire...A terrorist attack on Obama's watch!

Who could have guessed?

This sounds like b.s. Nobody, nobody updates production systems on the fly. I bet he got mad about being fired and left a nastygram for somebody in some test system.

and *if* (as nothing has been proved yet) the hacking was done for nefarious purpose, the reason could just
as well be criminal as ideological. Having the 'keys to the airport' would be a smugglers' dream.

Alternately, like you said, he might have just left a big "FUCK YOU" nastygram. Stupid and technically illegal,
but not dangerous.

We'll just have to await further developments...

most places have test systems where programmers play when they are writing new code. New code by a particular programmer would first be unit tested. Once the programmer was satisfied it was working correctly he'd go through some process for integration or system testing where the new code changes would be combined with everybody else's new changes for a particular release. After integration testing is satisfactorily completed, the code would be moved to a certification testing system where all the changes for a particular release are run with a known data set so that programmers or testers can look for unexpected results. These data sets usually would contain data designed to test out expected data and exception handling for bad input. Only after certification is complete would code go through some process to be 'released' into a production system. I would expect that code changes for systems related to worker screening would go through this process as well as those systems used for customer screening.

Here's my theory...
Since the guy did data updates (these would almost certainly be done programatically), I bet he did something like stick some manager's name that he was pissed at in the the test data for the watch list or something like that. Somebody told the manager (half the managers don't have a clue about what programmers do) the manager got mad about it and told other managers who also don't have a clue and they decided this was a 'security threat.'