ALTERNATIVE NEWS

Blacklisted News
Cryptogon
Raw Story
Rense


TALK RADIO

Axiom Radio
Mike Chambers Live
Oracle Broadcasting
The Global Reality
Vantage Point Radio
Become Vocal Local


BLOGS

Freeman
The Celtic Rebel
Techno Fascism Blog
Washingtons's Blog


Business/Economics

321 Gold
JSMineset
Kitco
Seeking Alpha
Market Watch
Bloomberg
Wall Street Journal
RTT News
CNN Money
Forbes
Business Week
Shadow Stats
Economist
Financial Times
Fortune Magazine
Kitco
Gold Eagle
Zero Hedge
The Daily Reckoning


Science/Technology

Wired
Blast Magazine
PHYSorg
Science Daily
Popular Science
Engadget
New Scientist
Technovelgy
Singularity Hub
H+ Magazine
Science Magazine
Seed Magazine
CBR Online
Science News
SlashDot
Scientific American
Spectrum IEEE
Technology Review
io9
ZD Net
Technology News
The Register
Tech News World
VNU Net

LEE'S PODCAST/ARCHIVE

SUBSCRIBE TO RSS

FOLLOW ME ON TWITTER

LEE'S MYSPACE PAGE










 Prev    Next
Feds: TSA Worker Tried to Sabotage Terror Database
Published on 03-11-2010   Email To Friend    Print Version

AddThis Social Bookmark Button

Source: Wired

A former Transportation Security Administration contractor is being charged in Colorado for allegedly injecting malicious code into a government network used for screening airport security workers and others.

The malicious code, a logic bomb installed last October, was designed to cause damage and disrupt data on servers on an undisclosed date but was caught by other workers before it delivered its payload.

Douglas James Duchak, 46, had worked as a data analyst at the TSA’s Colorado Springs Operations Center, or CSOC, since 2004. The CSOC is used to vet people who have “access to sensitive information and secure areas of the nation’s transportation network,” according to the indictment. A source involved in the case said this involved screening of both passengers and workers at airports and other transportation facilities.

He pleaded not guilty in a Denver federal court on Wednesday and was released on a $25,000 unsecured bond. The indictment did not say whether the malware was crafted to erase or alter data, or simply disable servers.

The CSOC network stores updated information from the government’s terrorist watchlist as well as criminal histories from the U.S. Marshal’s Service Warrant Information Network.

Duchak’s job was to update the CSOC database as new information arrived from these two sources. But on Oct. 15, he was given two weeks’ notice that his job would be terminated.

About a week later, on Oct. 22, Duchak allegedly transmitted the malicious code onto a CSOC server that stored data from the U.S. Marshal’s Service, according to the indictment (.pdf). The next day, he allegedly loaded malicious code to a server containing the Terrorist Screening Database. The source involved in the case said the servers “are part of the system that contains the no-fly list” and added that the code, if it had gone undetected, could have traveled to a facility in another state that uses a similar computer system.

Duchak has been charged in the U.S. District of Colorado with two counts of attempting to cause damage to a protected computer. If convicted, he faces a possible prison sentence of 10 years and a $250,000 fine for each count.

Duchak’s attorney, David Lindsey, disputes the government’s charges and says that the system Duchak worked on was a beta system used for testing statistical analyses.

“It wasn’t connected to anything that had to do with security,” Lindsey said. “Before anything he had his hands on left, it went to another system before it got into any live system that did screening. As I understand it, it is a system that does statistical analyses on the systems that are up and running. And when the tests are run, those are done at one level and then [go to] a second level and then at a final level before the analyses are verified and passed onto anything you would call a live system.”

Lindsey said the CSOC servers that were allegedly targeted for sabotage were used for screening workers primarily and were only “remotely, remotely” related to passenger screening, though he could not elaborate.

“The government has been very misleading in the indictment and press release as to any potential harm [this might have caused] to the public,” he said, adding that the alleged malware was not a virus and will ultimately be shown to have been “nothing.”

Lindsey said that his client was not given a clear answer about why he was let go from his job.


oracle broadcasting