Former TSA Employee Charged with Hacking Internal Database

tsaThe Department of Justice recently charged a former Transportation System Administrtaion (TSA) employee, Douglas James Duchak,  with trying to inject malicious code into TSA’s internal database, the implications of which could be disastrous to the safety of the United States.  Duchak worked in TSA’s Colorado Springs Operations Center from August 2004 to October 2009 where he was a data analyst in charge of updating TSA’s internal database with information received from the federal government’s Terrorist Screening Database and the U.S. Marshal’s Service Warrant Information Network.

When Duchak was dismissed from this position in late October 22, 2009, he immediately went to work injecting unauthorized code into the CSOC server. The next day, he tried to load malicious code onto a server that contained the Terrorist Screening Database. All in all, Duchak faces fines of up to $500,000 and up to 10 years in a federal penitentiary.

A scary reality, this signals a wake-up call for TSA’s security screening. Apparently TSA has been extra vigilant since screeners failed to catch a man who attempted to blow up a U.S. flight from Amsterdam to Detroit on Christmas day.

(Via Information Week)

About the author  ⁄ BrickHouse Security

BrickHouse Security is the industry's premier supplier of security and surveillance solutions. As a recognized authority in GPS tracking, hidden cameras, cell phone/PC monitoring, video surveillance and counter surveillance, we help our customers use technology to get the clarity they need. We proudly serve consumers, businesses of all sizes and the law enforcement community. When you need to know, BrickHouse has the answers.

One Pingback/Trackback

    31 December 2012 at 1:12am
    ... [Trackback]... [...] Read More Infos here: ...
  • URL
  • TruthB

    Reporting ERROR!

    Lydia – Stick with taking bits from another article, changing a word here or there and republishing it. You have made a false allegation here by try to be a reporter. You interject that “he immediately went to work injecting unauthorized code”. Your source? That isn’t part of the article you re-wrote from Information week. Were you there? You neglect to say “allegedly”. You’ve made an allegation here that you need to support. “A scary reality, this signals a wake-up call for TSA’s security screening. ” What does this data analyst have to do with airport screening? The scary reality is that TSA allowed an employee they were letting go to continue working. Most companies would give 2 weeks notice, remove all security access, take the badge and send you home. The scary thing is that TSA could just be using an escape goat for their management incompetence and trying to spin this so they come out smelling better.

  • TruthB

    Reporting ERROR!Lydia – Stick with taking bits from another article, changing a word here or there and republishing it. You have made a false allegation here by try to be a reporter. You interject that “he immediately went to work injecting unauthorized code”. Your source? That isn't part of the article you re-wrote from Information week. Were you there? You neglect to say “allegedly”. You've made an allegation here that you need to support. “A scary reality, this signals a wake-up call for TSA’s security screening. ” What does this data analyst have to do with airport screening? The scary reality is that TSA allowed an employee they were letting go to continue working. Most companies would give 2 weeks notice, remove all security access, take the badge and send you home. The scary thing is that TSA could just be using an escape goat for their management incompetence and trying to spin this so they come out smelling better.

  • Citizen

    Duchak’s attorney, David Lindsey, disputes the government’s charges and says that the system Duchak worked on was a beta system used for testing statistical analyses.

    “It wasn’t connected to anything that had to do with security,” Lindsey said. “Before anything he had his hands on left, it went to another system before it got into any live system that did screening. As I understand it, it is a system that does statistical analyses on the systems that are up and running. And when the tests are run, those are done at one level and then [go to] a second level and then at a final level before the analyses are verified and passed onto anything you would call a live system.”

    Lindsey said the CSOC servers that were allegedly targeted for sabotage were used for screening workers primarily and were only “remotely, remotely” related to passenger screening, though he could not elaborate.

    “The government has been very misleading in the indictment and press release as to any potential harm [this might have caused] to the public,” he said, adding that the alleged malware was not a virus and will ultimately be shown to have been “nothing.”

    Lindsey said that his client was not given a clear answer about why he was let go from his job.

  • Citizen

    Duchak’s attorney, David Lindsey, disputes the government’s charges and says that the system Duchak worked on was a beta system used for testing statistical analyses.“It wasn’t connected to anything that had to do with security,” Lindsey said. “Before anything he had his hands on left, it went to another system before it got into any live system that did screening. As I understand it, it is a system that does statistical analyses on the systems that are up and running. And when the tests are run, those are done at one level and then [go to] a second level and then at a final level before the analyses are verified and passed onto anything you would call a live system.”Lindsey said the CSOC servers that were allegedly targeted for sabotage were used for screening workers primarily and were only “remotely, remotely” related to passenger screening, though he could not elaborate.“The government has been very misleading in the indictment and press release as to any potential harm [this might have caused] to the public,” he said, adding that the alleged malware was not a virus and will ultimately be shown to have been “nothing.”Lindsey said that his client was not given a clear answer about why he was let go from his job.

  • Pingback: URL