$2,000 Bribe Bought Password To DC P.O. System

theodp writes "While the Administration is counting on new Federal CIO Vivek Kundra to simplify and speed the federal IT procurement process, it's doubtful he'll be able to reduce red tape to the extent that a former minion of his did at the scandal-rocked D.C. Office of the CTO. Exhibiting some truly out-of-the-box thinking, project manager Tawanna Sellmon not only processed phony invoices for the contractor at the center of the D.C. bribery and kickback scandal, she also gave him the password to the city's computerized database used to track purchase orders. Sellmon pleaded guilty last week for her role in the scam, which netted her an envelope containing $2,000 in cash, as well as an undisclosed number of $25-$100 gift cards."

hmm

[SatanClauz]

what should I set the reserve for the database password of the state police toxicology test results?

Makes one think.

[ACMENEWSLLC]

Do you have remote access capabilities onto your Network? VPN, Citrix, not blocking GotomyPC? Has anyone at your company done the same thing, offering the competition direct access to your systems?

What always astounds me about govt corruption

[amplt1337]

...is just how laughably cheap people can be bought for. Two grand and some gift cards? SERIOUSLY? You'd go to jail for that? When you're a project manager at a government job with great benefits, probably making more than that every WEEK?

It's like the Abramoff scandal. People will sell out their country for Capitals tickets. It's not even the Bulls or something!!

Re:What always astounds me about govt corruption

[Kozz]

...is just how laughably cheap people can be bought for. Two grand and some gift cards? SERIOUSLY? You'd go to jail for that?

On the contrary... they would not go to jail for that. It's their own ignorance and stupidity which cause them to be so easily bought -- and to believe that they won't go to jail because they won't get caught. Criminals are not exactly known for their brains.

Re:What always astounds me about govt corruption

[jonpublic]

HA! That's nothing.

In Detroit here we had a 1.2 BILLION dollar deal that was approved by city council only after someone got a $5,000 or $10,000 bribe. You might have heard of Monica Conyers or perhaps her husband, John Conyers.

The way it works here is you hire a "consultant" who supposedly puts you in touch with the right people. What actually happens is the consultant pockets half of the consultant fee, and gives the other half to the person you want to influence. And then the vote changes.

A few people are already on their way to jail, but it's nothing compared to the cost to the city and the hundreds of workers who lost their jobs as a result of the deal.

Re:What always astounds me about govt corruption

[Mikkeles]

'Criminals are not exactly known for their brains.'

Well, at least the ones of whom you've heard.

Nice SEO slander

[foniksonik]

If TFA isn't a Troll I'll eat my shorts.

What's the best way to SEO slander someone.... without getting hit by a lawsuit? Just put them in the same article with a dubious individual - make a virtual connection even if no real connection exist... then people will start discussing them together and voila - they must be close friends!

Shameless and disgusting.

What's worse is that the reference to Kundra was obviously added after the story was initially posted on the linked site... that text with Kundra's name isn't even in a p tag, it appears styled differently in the rendered version as well, almost like an editor went in and added it after the author had published - "Hmm we need more hits on this story, let's put Kundra's name in it... that will get hits".

Re:The problem with bribery

[AlecC]

Reading TFA, it looks as if she didn't sell the password, she gave it away to be helpful, and the contractor only later gave her the $2000 (and gift cards) as a present. I.e. she didn't realise what she was doing, that the password she gave him permitted him, basically, to authorise any bill he chose to submit. So she is primarily guilty of total stupidity rather than criminal intent. Maybe, for the good of the species, such stupidity should be treated as even more criminal - but it isn't.

What this makes clear, yet again, is that the human is the weakest point in any system, and any human who has not received positive training in security is a very weak point indeed. Which says that, whatever the physical security, any government database with thousands of users, let alone hundreds of thousands as planned form some, will be subverted, for certain, within months.

Proof Positive that Social Engineering Is Easier

[Syncerus]

This article is an ideal example of a social engineering crack. Consider the comparative difficulty of a technical cracking job and compare it to the simplicity and cheapness of what actually took place. The solution was actually quite elegant in a sordid way.

I once worked for a company that was experiencing a surge of highly organized fraud originating from Romania. Before I left, we were preparing to develop a major anti-fraud application, etc., at great expense. At one meeting I suggested that we just hire a few Romanian private detectives to knock on some doors and quietly suggest to the lowlifes that it would be healthier to leave us alone; the other people in the meeting looked at me as though I were green.

LOL.

Social Engineering

[DrWho520]

No manner of technology can defeat good, social engineering. An intelligent attack is made upon the weakest link in the system. In this case, an unscrupulous user with privileges.

Re:Let's treat this

[CrimsonAvenger]

as if it were what it is: treason.

The Constitution defines treason. And this isn't it, much as you'd like it to be.