$2,000 Bribe Bought Password To DC P.O. System

theodp writes "While the Administration is counting on new Federal CIO Vivek Kundra to simplify and speed the federal IT procurement process, it's doubtful he'll be able to reduce red tape to the extent that a former minion of his did at the scandal-rocked D.C. Office of the CTO. Exhibiting some truly out-of-the-box thinking, project manager Tawanna Sellmon not only processed phony invoices for the contractor at the center of the D.C. bribery and kickback scandal, she also gave him the password to the city's computerized database used to track purchase orders. Sellmon pleaded guilty last week for her role in the scam, which netted her an envelope containing $2,000 in cash, as well as an undisclosed number of $25-$100 gift cards."

Re:The problem with bribery

[AlecC]

Reading TFA, it looks as if she didn't sell the password, she gave it away to be helpful, and the contractor only later gave her the $2000 (and gift cards) as a present. I.e. she didn't realise what she was doing, that the password she gave him permitted him, basically, to authorise any bill he chose to submit. So she is primarily guilty of total stupidity rather than criminal intent. Maybe, for the good of the species, such stupidity should be treated as even more criminal - but it isn't.

What this makes clear, yet again, is that the human is the weakest point in any system, and any human who has not received positive training in security is a very weak point indeed. Which says that, whatever the physical security, any government database with thousands of users, let alone hundreds of thousands as planned form some, will be subverted, for certain, within months.