Former TSA Analyst Charged With Computer Tampering

angry tapir writes "A Transportation Security Administration analyst has been indicted with tampering with databases used by the TSA to identify possible terrorists who may be trying to fly in the US. If convicted, he faces 10 years in prison."

Where's the security protocol?

[guruevi]

seven days after he'd being given two weeks notice that he was being dismissed

So, you have this super-secure database system that is really important so the country doesn't get overrun by terrorists and then you do this!

Re:Where's the security protocol?

[WrongSizeGlass]

Two weeks notice for someone with access to confidential or secure data is just a bad idea. If it's time for them to go then now is the time for them to go.

Re:Where's the security protocol?

[Pyrion]

Even if the system is required to give two weeks notice prior to dismissal, his access rights should be revoked the moment they've decided they're going to dismiss him. Let him collect a paycheck for two weeks without actually doing any work: since he's going to get fired anyway, why leave him in the position to do some real damage now that he's been given motivation?

Re:Where's the security protocol?

[timmarhy]

i agree. after the stink the TSA has kicked up about how important security is, i don't give a fuck what excuse they have for letting this guy keep his access after he's been given notice. it's just plain wrong.

Re:Where's the security protocol?

[v1]

Does make one wonder if the PHB that decided to give notice to a disgruntled employee with sensitive access will be held accountable for his stupidity? Oh wait, what am I thinking?

Someone needs to give his ex-manager an education by example of how to can someone safely.

Re:Where's the security protocol?

[plover]

If you can't afford to keep them due to the bad economy, you can bet that they're still full of irrational emotions about being let go. It really doesn't matter what the real true reasons are or how well they're documented, a laid-off person will still take it personally. It may be professional pride, or shame, or some other feelings like "if only I had done more, they would have kept me instead of Joe," or a mix of all of the above. It hurts, it's confusing, and it's very very personal.

Being laid off can be seen by the employee as a strike at the very core of their ego. Even a well-balanced person can respond irrationally. So you never, ever, let them back near sensitive data or systems after the layoff. It's heartless and cold, and you're a total shit for doing it, but you have to do it anyway. Or this happens, and it's completely his boss' fault for not escorting him to his desk and out the door immediately. Think about it: this guy is going to prison because his boss didn't have the balls to walk him out when he had the chance. Nice.

Re:Where's the security protocol?

[Pyrion]

Moreover, if you plan on letting someone go and that person has access rights to sensitive information, you take away those access rights immediately. No exceptions. If it means they can't do their job, who cares? You've already decided you're firing the person, why try to squeeze two more weeks of "work" out of someone who is at this point nothing more than a liability?

Re:Where's the security protocol?

[nedlohs]

No way. If they get two weeks notice then they get to spend that two weeks being paid to not come to work.

Even if they were the perfect employee, the risk that they are now disgruntled due to not having a job anymore is too high. Even if the risk is 0, you want a policy in place so that idiot managers don't screw up like this.

You better be able to cope without them, after all they could quit and walk out tomorrow, crash the car driving to work and die or be in a coma for the next 6 months, get arrested for murdering a neighbor last week and have to spend time away from work in jail, etc, etc.

Re:Where's the security protocol?

[timmarhy]

no no no no. it's his own fault for being a stupid douche and tampering with shit he knew damn well he shouldn't be tampering with. attemping to make this his boss's fault for trusting him is just a classic symptom of today's society lack of personal responsibility. it's alllllways somebody elses fault right?

i do agree they should have shown him the door right away, but it's his own faul he is in this mess, not his boss.

Re:Where's the security protocol?

[plover]

Yes, it's his own fault. He attempted to mess around with their data. And for that, he will deserve whatever punishment they give him.

But it all could have been avoided if his boss had the stones to do what we all know he should have done. Not following this procedure is like handing car keys and a bottle of whiskey to an alcoholic, and then wondering why he got a DUI.

Re:Where's the security protocol?

[Jah-Wren+Ryel]

This served a few purposes. First of all, to minimize the threat that someone could give himself a nice "severance package" and take a few infos with him to pass on to some newspapers who would pay handsomely to have some banks financial reports a few months before some shit hits fans.

That's a two-edged sword. The fact that you instantly terminate people is going to be well known to all employees. It only takes half a brain to prepare for it - if the guy is crappy at his job to begin with, he probably expects to be fired at any time; if the company isn't doing so good - maybe there has been a previous round of layoffs - then everyone will consider themselves a candidate for the axe. So you end up in a situation where the crafty people pre-arrange things - maybe they leave a timebomb in the code that they routinely disable as long as they are on the job - maybe they set up cron job to mail a "few infos" to some anonymous email drop point unless they manually abort the job, etc, etc.

My point being that instantly terminating access provokes your less trustworthy employees to take proactive measures while they still have maximum trust. It may even increase risk because one of these guys might get hit by a bus and the corp would get hit by the automated sabotage even though they didn't fire the guy.

Re:Where's the security protocol?

[Opportunist]

You cannot eliminate risk. But you can minimize it. And, bluntly, if someone expects to be fired, he should either be better at his job or he shouldn't be there in the first place.

Also, without going into detail, we had security precautions against this kind of thing. You're talking about one of the most paranoid businesses on this planet. You don't think that you do anything unsupervised in this environment, do you?

Where are the terrorism charges?

[holdenholden]

If I did the same thing I would be accused of violating DMCA, across federal borders, with intent to destabilize the National Security. I would be lucky to get away with a life sentence without parole. This guy is getting as much as somebody stealing a really big TV.

Re:Aiding the enemy

[Drgnkght]

War? What war? Did Congress declare war while I wasn't paying attention?

The article is like a Progress in Iraq press repor

[Antique+Geekmeister]

It makes a claim without any relevant details. For example, if this former employee were doing a normal security assessment to file a report on what they need to lock down after he's gone, one which his new boss didn't ask for or understand as appropriate security practice, he could face exactly these kind of charges. Or if he were plugging a hole used by the NSA for warrant-free tapping and injection of data, knowing that the hole was a constitutional violation mandated by his previous boss, and whose discovery and protest over its existence was the reason he was fired, I'd applaud his desire though not his means to plug such a hole.

Let's be quite clear: the TSA has inherited bad staff, bad bureaucracy, and bad guidance from the White House itself down to all the agencies it was created to oversee and merge and which it has profoundly failed to coordinate. The result is a security and policy nightmare, the kind of political football that incompetent middle managers flock to because it's so hard to close, and it's so hard to actually measure its work product. I'm not surprised that an employee being terminated was mishandled, or misbehaved by the agency's standards. But the agency engages in so much blatantly civil rights abuse that it's unreasonable to believe its claims of cyber attack without far more detail about what was attacked, and why.

Re:They missed "why?"

[JWSmythe]

    That would be consistent with trying to support their case.

    I was once charged with careless driving, that a couple corrupt cops wanted to make into a serious case, and get another notch in their belts. The charges were just shy of attempted murder, where I could have run someone over, except for the fact that I was driving down an empty back road in rural nowhere, and there wasn't a person to be seen along the route. The lied the whole way, including claiming that my car flew. Well, more like a "Dukes of Hazzard" jump, except my car couldn't get out it's own way. They had "experts" testify that my car had been modified for racing, and I switched it back to claim innocence. That was tough for a 16 year old with no money. A couple years later they were officially charged and convicted of a whole slew of charges including falsifying evidence and other various nasty charges. In my case, the DA stood in front of a judge, and said that I was a danger to the safety of the citizens of the state and I should be held until the conclusion of the hearings. As the courts run, that would have put me in county jail for about a year. In the end, it was dropped to careless driving, and I was let off with probation and community service.

    So a single pesky word passed by the grand jury was done for the drama, and to influence their case. It doesn't necessarily reflect the facts. Then again, it may be a hint of what they have.

    All they said is that his job was to work on the servers and database. They said "knowingly transmitted code". Was it a shell script to maintain something? Was it a virus on his PC that accidentally got on there (pesky Windows networks and poor security)? Was it something nefarious? It'll come out in the real case, but this guy will be spending an awful lot of time in jail and court before it's proven either way.

    I hope for the sake of justice that this isn't another innocent man run through the system just to prove that he's innocent.

You think that asking for trouble is a good idea?

> no no no no. it's his own fault for being a stupid douche and tampering with shit he knew damn well he shouldn't be tampering with.

More than one person can be at fault here. Nobody is arguing that it's not this guy's fault. Maybe you think it's a good idea to stand on the train tracks all day and whine about how any decent conductor should be paying enough attention to stop, but most people would say that you're asking for trouble.

Trying to get off the hook for not stopping foreseeable problems is just another way of dodging personal responsibility while claiming not to. Playing victim doesn't help, either.

Innocent until proven guilty

[OrwellianLurker]

Seriously guys? We read an unsubstantiated claim of "computer tampering" and automatically assume that he's guilty of treason or something equally malicious? The indictment was incredibly vague and we have little to go on.

Re:They missed "why?"

[L4t3r4lu5]

OMG! I have just the right xkc... Oh. I see what you did there.