back to article Disgruntled TSA data analyst sentenced for sabotage attempt

A former data analyst for the Transportation Security Administration was sentenced to two years in prison for planting code in a terrorist screening database server after he was told his position was going to be eliminated. Douglas James Duchak, 46, received the sentence on Tuesday after admitting he planted the sabotage code …


This topic is closed for new posts.
  1. Anonymous Coward

    More base than data.

    To think that these "data"bases are relied upon to destroy peoples lives on a daily basis.

    Not only in America but here with the CRB checks only being as reliable as a disgruntled or vindictive employee.

  2. Bryce Prewitt

    How much does a toilet cost in the White House?

    So, wait a minute, exactly how does one spend nearly a hundred thousand dollars removing malicious code that hadn't even been executed from a machine that was otherwise unaffected?

    Yes, er, please, can someone explain that? It costs a lot less to remove the sugar-tainted gas from the tank than it does to replace the engine, so why did this cost more to "fix" than it does for major corporations to repair after a virus or malicious code has wrecked their system? I'm serious, look at the last few articles on this subject, all of the "repair costs" are way below $85k.

    I guess that's how much it cost to get things signed in triplicate and to oversee the oversight and whatnot.

    1. J. Cook Silver badge

      RE: Corrective costs...

      I have an idea why it cost so much:

      Generally, after a security incident, you want to have a full audit done on all the systems and databases the perpetrator had access to, and by a trusted or certified third-party. This way, any other logic bombs that may have been planted can be rooted out, and the third party can certify or guarantee that the issue has been corrected within certain limitations that have been mutually agreed upon by the companies involved (usually through scope of work or similar.)

      *That's* why it cost so much.

    2. Anonymous Coward
      Thumb Up

      Was thinking the same thing

      ...but if this guy was an employee of InfoZen why wasn't InfoZen responsible for the cleanup? If InfoZen was just a contracting agency then maybe I could see it, but typically a service provider (which is what InfoZen looks like) would hold the liability in a normal commercial contract.

      1. Tom 13

        Re: Why not InfoZen

        Because until InfoZen itself gets a clean bill of health, they are as suspect as their employee, so an outside agency needs to do the audit. The government can probably sue InfoZen to recover the cost of the audit if it fails to collect from the actual perpetrator. But recovering the cost doesn't change the magnitude of the cost reported to the courts.

  3. Version 1.0 Silver badge

    A better idea

    I'd have had a lot more respect for the guy if he'd simply added his superiors names to the no-fly list.

    1. Anonymous Coward
      Thumb Up


      Add Napolitano, Pistole, and every member of Congress while you're at it! Then maybe they'll figure out how stupid the whole thing is....

      Oh wait... I forgot who I was talking about.... Well, at least it would annoy them.

  4. url


    seems to me the best approach would be to plant said code while everything is hunky dory rather than waiting for the other foot to drop and surevillance is increased.

    silly sod.

    mine's the one with a thumb drive in a the false pocket

  5. Matt K

    How did he get his co-worker's credentials?

    Either their security is so poor that staff can access (or guess) each other's credentials, or there's a co-worker who shouldn't be writing passwords down on Post-Its.

  6. Anonymous Coward
    Anonymous Coward

    2 ways to leave your employer

    1 - Be smart and take your redundancy package.

    2 - Be an idiot and get a couple of years behind bars for attempting pointless revenge that wouldn't have given you your job back anyway.

    There are exceptions though: I'm not smart, and I still chose option 1 (heck, I took voluntary redundancy and lit all the lanes, i.e. I got x2 bonus), so you have to be even more stupid than me to go for option 2. I guess it makes me feel better, floating off the bottom of the genetic pool slightly.

  7. JaitcH

    HSA and TSA actually terminate people?

    It's hard to believe that these two entities, whose annual increases in size more resemble the Pillsbury Doughboy, actually fire people.

    I wonder which HSA list he will end up on?

  8. Velv

    Secure? Critical? Redundant?

    If the system was so important and critical that it had the CCTV monitoring etc, then surely it would have been prudent to put the guy on Garden Leave as soon as he was told he was being made redundant.

  9. the vandals broke it

    He didn't suddenly get dumb.

    He probably wasn't any more competent at his job than he was at sabotaging it.

    Which makes one wonder about the value and accuracy of the database in the first place - and that's not even taking into account the GIGO principle.

This topic is closed for new posts.