back to article TSA worker tried to sabotage terror database, feds say

A former data analyst for the US Transportation Security Agency has been accused of trying to sabotage a terrorist screening database used to vet people with access to sensitive information and secure areas of the nation’s transportation network. 46-year-old Douglas James Duchak, who worked as a TSA contractor for five years, …

COMMENTS

This topic is closed for new posts.
  1. jake Silver badge

    A week later? A WEEK LATER??? WTF?

    "Forty-six-year-old Douglas James Duchak, who worked as a TSA contractor for five years, planted the malicious code in the server used to maintain the database in mid October, a week after he was told his employment would be terminated at the end of the month, according to documents filed in US District Court in Colorado."

    Eh? Why the fuck was he allowed access to the systems after being told he was being terminated? Do the people running things at TSA have absolutely zero clue about security? The mind boggles!

    But I guess that's a rhetorical question ... Numpties, the lot of 'em.

  2. Hungry Sean
    Paris Hilton

    warning?

    Why on earth would you give someone with administrator access to a confidential database a month's warning before terminating them? I thought standard procedure was to announce termination effective immediately, precisely to avoid these kinds of shenanigans.

  3. Notas Badoff
    Happy

    Who's watching ...

    This makes me think that if I'm asked to leave a job, I'm going to ask "Who's replacing me?" and insist that they follow me around for the time remaining until I've left.

    First, I'll remind them of these horror stories, and how they wouldn't want to be found short-sighted should sometime go askew. Best we get on with getting the work done but in a responsible manner. I'm looking out for their interests.

    Second, that'll be the best way for the replacement to know _everything_ they need to know about the job (cough!). And if he/she doesn't have a clue as to what the words in the running commentary mean, that can be mentioned. I'm looking out for their interests.

    Third, if they suddenly can't produce anybody or that person can't be made available for the whole day every day, I'll suggest that I shouldn't work on any sensitive/production/mystery systems without that minder. I'll just work on my resumé and those HasPyLisBy# tutorials. I'm really just looking out for everyone's interests.

    Fourth, after being followed around by my minder, how could anything go wrong? That is, how could _I_ have done anything wrong, with the minder trailing along, checking out my procedures, accessing the same systems, reading the scripts/programs, and probably having to use my userid until their privileges were realigned with their new responsibilities.

    If anything did go wrong, perhaps it happened after I left? Or before, but without my knowledge? After all, I wasn't watching what the _watcher_ did, was I?

    Ya gotta look out for your interests - watch me!

  4. Oninoshiko
    WTF?

    wha?

    Why did he have access to anything one week after losing his job?

    Did he access them on-site or via the internet?

    If over the internet, why where these systems even connected to the internet?

    Who is responceable for the state of the 3 above?

    why do they still have a job?

    That's all i can think of right now... but I think it's a good place to start.

    1. Gulfie
      Stop

      Sounds like...

      ... he was given notice but expected to work it.

      I saw this once in a small company, one of the IT support people was laid off but made to work the month. Insufficient oversight... we later found all kinds of stuff had walked in that month, and somebody had 'accidentally' set a number of sys admin accounts to be accessible externally...

      Never, ever, make someone work their notice, it simply isn't worth the risk.

  5. Anonymous Coward
    Thumb Down

    How did he do it ?

    "Forty-six-year-old Douglas James Duchak, who worked as a TSA contractor for five years, planted the malicious code in the server used to maintain the database in mid October, a week after he was told his employment would be terminated at the end of the month, "

    I wonder how he could do that one week *after* being laid off. One assumes passwords are changed immediately with termination. Did he have a backdoor already in place he could use ? Also, these kinds of applications should reside in a "walled garden", where access is controlled by some kind of router, which is of course password protected and uses "strong" crypto.

    1. Colin Miller

      Made mischief between being *told* he was being fired and actually being fired

      As title.

      Those, as others have commented, one does wonder why he wasn't put on garden leave.

  6. Allan George Dyer Silver badge
    Joke

    It was sabotage, he was...

    introducing accurate information!

  7. sandman
    FAIL

    Firing people

    We used to have a much simpler (and traditional) system. Two large people would appear beside you, one clutching the dreaded black bin bag. You were told to move away from your keyboard and put your personal possessions in the bag (carefully scrutinised). You were then escorted to the door having handed in your pass. The first time you see it done it looks pretty brutal, but does make an awful lot of sense in sensitive IT jobs.

    1. Anonymous Coward
      Anonymous Coward

      What's the point?

      If I were so inclined, I could set up a script that deletes critical files if I don't log on during 5 consecutive working days (and remember to disable it when I go on holiday). If you terminate me without giving me an opportunity to disable the script then you're partly to blame for the consequences, I guess.

      The gorillas plus bin bag method makes sense in some cases (if you already suspect the employee of doing something evil, for example) but in most cases the disadvantages outweigh the advantages. You want to stay on good terms with your ex-employee and with their former colleagues, and, as I just pointed out, the unfriendly approach doesn't prevent someone from doing something evil if they are so inclined.

      As for why this particular employee was allowed to continue for a week? Perhaps because he only had access to "beta systems used for testing", like he said.

    2. Anonymous Coward
      Anonymous Coward

      @Sandman

      That's positively genteel, working for a Bank, there are some department where the first you know about getting fired is your pass stops working. The second thing is, your ex-boss telling you any personal effects will be forwarded in due course (after they've been rifled through), normally done from the other side of a very locked door.

      Imagine how much fun can be had with screwing around with other peoples security passes.

  8. Anonymous Coward
    Pint

    A risk we all face?

    Would be interesting to know the truth. Was it malicious or simply a contractor, put on the spot after setting up some test scripts that some muppet managerr didn't understand and hit the panic button?!

  9. Andus McCoatover

    Protected computer?

    WTF is a 'protected computer'??

    If it can be hacked, it aint protected. Protected by whom? Or, are they referring to that little chain that I've seen some muppets use that plugs into a socket on the side, the other end attached to the desk with a tiny wood screw? Does that constitute 'protected'? (Chain. Link. Weakest. Help yourselves.)

    If it was running Windows, then 'protected computer' is an oxymoron. Just like 'Trusted Computing'.

  10. I. Aproveofitspendingonspecificprojects 1
    Pint

    Rite or wrong

    You haveto hand it to the rebels of the dark ages to go up against a Satanic system ruled by gangsters of the worst sort. Inept and cruel.

    This story is about just such a one. Whether he was also a baddie or not I don't care. He raged against the machine and I wish him the very best.

  11. Peter 39
    FAIL

    management

    And it's time for the management responsible for the "keep your pass for a week" policy to be binned also.

    For cause.

  12. John Smith 19 Gold badge
    FAIL

    The TSA, your CC details and travel plans safe in their hands

    Or rather, not.

    Does anyone think *any* part of TSA security is *not* sensitive. I think the words "Travel" and "Security" suggest it all might be.

  13. Eduard Coli
    Alert

    Those Stupid A*******

    TSA the private contractor that loves to play the government agency even more than the US Post.

  14. Inachu

    I smell a setup!

    Anyone dealing with security at any level in our govt should be afraid.

    Just think if you also get fired and you work there or some other Dept. of Homeland Security

    position and you leave because of whatever personal life issue and after you leave then your network account password can be reset and be used by someone else and then they can claim it was you who did it.

    I like to see the evidence that shows it was truly him and not some vague electronic foot print.

    A pc can be hacked and used as aproxy and log in remotely and to the TSA it would appear he did it when it fact he could be a patsy.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020