Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

TSA: Epic Fail (of infosec 101)

From: David Farber <dave () farber net>
Date: Thu, 11 Mar 2010 09:19:14 -0500


Begin forwarded message:

From: Richard Forno <rforno () infowarrior org>
Date: March 11, 2010 9:12:52 AM EST
To: Undisclosed-recipients: <>;
Cc: Dave Farber <dave () farber net>, Bruce Schneier <schneier () schneier com>
Subject: TSA: Epic Fail (of infosec 101)


Epic Fail!!   For years we advise clients that if you're going to fire someone who has access to sensitive systems you 
cut off their access *before* you fire them, and you escort them from the building.  So what did TSA do?   Gave this 
guy two weeks' notice and did nothing about his access to sensitive national security systems.

Theatrical Security Agency, anyone?

-rick


Former TSA analyst charged with computer tampering

He allegedly tried to tamper with databases that track possible terrorists
Robert McMillan (IDG News Service)
11 March, 2010 08:09

http://www.goodgearguide.com.au/article/339185/former_tsa_analyst_charged_computer_tampering/

A U.S. Transport Security Administration analyst has been indicted with tampering with databases used by the TSA to 
identify possible terrorists who may be trying to fly in the U.S.
Douglas James Duchak, 46, was indicted by a grand jury Wednesday with two counts of damaging protected computers. 
According to a federal indictment, Duchak tried to compromise computers at the TSA's Colorado Springs Operations Center 
(CSOC) on Oct. 22, 2009, seven days after he'd being given two weeks notice that he was being dismissed. He was also 
charged with tampering with a TSA server that contained data from the U.S. Marshal's Service Warrant Information 
Network.

He "knowingly transmitted code into the CSOC server that contained the Terrorist Screening Database, and thereby 
attempted intentionally to cause damage to the CSOC computer and database," prosecutors said Wednesday in a press 
release.

Duchak, who had been with the TSA for about five years at the time, was responsible for keeping TSA servers up-to-date 
with information received from the terrorist screening database and the United States Marshal's Service Warrant 
Information Network.

If convicted, Duchak faces 10 years in prison.

He was expected to make his initial appearance in federal court in Denver Wednesday.



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: