Former TSA Analyst Charged With Computer Tampering 109
angry tapir writes "A Transportation Security Administration analyst has been indicted with tampering with databases used by the TSA to identify possible terrorists who may be trying to fly in the US. If convicted, he faces 10 years in prison."
They missed "why?" (Score:3, Interesting)
Not that it matters for the court case, but most people are going to be asking "well what was he trying to do?"
Delete his girlfriend's name? Add the name of the guy who slept with his wife? I guess at least it leaves plenty of room for pointless speculation.
Finally, some liability? (Score:4, Interesting)
It's about time that a TSA agent steps over the line enough for the justice system to finally react and hit back. So far the TSA has been running their own show and making up their own laws so much that I became genuinely scared of passing through the USA on my next trip.
Re:Where's the security protocol? (Score:5, Interesting)
Public knowledge (Score:2, Interesting)
Re:Where's the security protocol? (Score:2, Interesting)
Re:Where's the security protocol? (Score:5, Interesting)
To use an obvious analogy, if a bank teller gets a two week notice I don't think we expect the bank to not let them handle any cash for those two weeks).
No, I actually expect them NOT to handle money.
Pay them for their time, thank them for their service and humanely supervise their cubicle packing. They are still 'yours' during he severence period, so call them if you need to.
My employer trusts me. I have a good rapport with my boss. I also have access to data worth millions. If I were downsized tomorrow, i would expect to see HR, and maybe my desk one last time.
Re:They missed "why?" (Score:2, Interesting)
May I speculate wildly?
Some database hicckup happened that resulted in a slightly malformed database. The guy saw it, was enough of a guru to know the format and also how to fix it easily so it works again.
Presto database tampering.
Re:Where's the security protocol? (Score:5, Interesting)
No. No! You can NOT trust that person anymore, sorry.
I spent my time in bank auditing. High security levels, very high security standards applied, you don't even want to know where they checked me and my background... anyway. The standard procedure for layoffs (independent of which side terminated the contract) was to let the person go IMMEDIATELY. Not at the end of a two week period, not even the end of the day. IMMEDIATELY. You clean out your desk now, two people at your side watching your fingers, protocoling your actions. You are not working here anymore the very nanosecond the contract end has been signed.
This is by no means an "instant dismissal", by the negative notion of it, neither was it in any way seen as such. It's also not a matter of trust, many of the people I cleaned out with were good, honest, decent and hard working people (what they did in bank auditing in the first place seems odd... but I ramble). It's a matter of principle and a matter of absolute security. To illustrate this, usually a nice little "good bye party" was hosted the evening to show that this person was not "fired out the window", it was just necessary due to secrecy.
This served a few purposes. First of all, to minimize the threat that someone could give himself a nice "severance package" and take a few infos with him to pass on to some newspapers who would pay handsomely to have some banks financial reports a few months before some shit hits fans. Insider trade is also a big issue since it's tempting to give out "interesting" details and, well, what should they do to you for doing it, fire you? Not to mention that the IT had pretty much total access to ALL financial information of any customer or banks themselves, nothing you want to see backed up and taken home.
It was a win-win for everyone. The auditing company could rest easy and be sure that nobody gives out info, and you got 6 weeks extra weeks of full payment that you could spend entirely on looking for something new to do instead of looking busy working while actually studying the classifieds.
Re:Aiding the enemy (Score:3, Interesting)
And desertion by members of the armed services in time of war is punishable by death, and yet somehow George W. Bush was never court-martialed, convicted, and appropriately sentenced. Sometimes the system works, sometimes it doesn't.
Schoolteacher arrested for PC virus (Score:1, Interesting)
Some poor innocent woman was arrested and very nearly sent to prison for many years because all of the PCs in her elementary school classroom started displaying pr0n to the shock and amazement of all the little kids.
It took a lot of time and a lot of effort that shouldn't have been in any way necessary, but she was finally vindicated when an expert witness was finally able to demonstrate that the pr0n display was the result of every PC in the class having been 0wn3d by a virus.
Re:Where's the security protocol? (Score:5, Interesting)
The whole thing smells fishy: the indictment [mnginteractive.com]'s first odd bit is its vagueness about what Duchak was up to, specifically. No details.
The second weird thing is that DOJ doesn't want him held - no bail mentioned (nor in any newstory that I've found), and the "will not seek detention" box is checked on the indictment form (pre-trial detention.)
Likewise, the indictment says "five days or less" for the trial duration. I once sat for a sexual assault trial, and despite being an open-and-shut case of guy-grabs-coworkers-boobs-in-front-of-witnesses, it lasted 4-1/2 days.
Three federal agents are listed, you can bet their affidavits spell out more of what he did... and they don't appear to be online. Further searching, looks like there's absolutely nothing within .gov that bears our Duchak's name.
Under other circumstances (and administrations), this might have been a highly-touted smackdown in the war against whatever. Not so here...
But hey! There's a Douglas James Duchak listed in the whitepages [anywho.com] ...
Let's see if he can fill us in...
Re:Where's the security protocol? (Score:2, Interesting)
Not always. When I got laid off in the third round of layoffs at a big company, I was furious. (Three department heads screamed murder when they found out I was leaving: two tried to hire me back on Monday, for their own departments. I'd been blocked from transferring by a new supervisor who should have been the one laid off, and the old supervisor kicked back downstairs from VP status.) But my supervisor, consulted with me on how to clean up projects and where things were, and I was left alone to clear my desk and my work product. (They'd tried to block my email and login access. I'd been submitting bug reports on flaws in their security for a year, and my supervisor knew I was still active, so I think that legally I was fine.)
So while cleaning my desk, I backed up all my current, development work on CD and gave him 2 copies, just in case the source control and backup people flushed my data. (it was awating QA to stop missing releases to go in the main codeline, and for a particular developer not to be at a meeting where it would be inserted over his screaming.. God invented working Makefiles and dependency trees for a *reason*.) A month later, he called me and begged, very nicely, for another copy, praying I'd brought a copy home because he'd lost the CD's and sure enough, they'd flushed my work. So I told him where to find the copy I'd taped behind the second drawer of *his* desk.
If he hadn't let me leave gracefully, he'd have lost a stack of critical work, and not had the resources to recreate it for another six monhs.