Former TSA employee charged with infecting databases

Data analyst allegedly inserted code after being told he was losing his job

A federal grand jury in Colorado has charged a former Transportation Security Administration data analyst with injecting malicious code into two TSA databases last year, about a week before his employment was about to end.

An indictment handed down March 10 alleges that Douglas James Duchak, 46, of Colorado Springs, Colo., intentionally tried to damage two protected computers in October 2009 at the Colorado Springs Operations Center, where he worked. The center handles data from the interagency Terrorist Screening Database (TSBD) and the U.S. Marshal Service’s Warrant Information Network (WIN).

According to the indictment, Duchak was told on Oct. 15 that his employment would be terminated on Oct. 30. On Oct. 22, he allegedly inserted code into the WIN database in an attempt to cause damage to the host computer and the database. The next day, he did the same thing to TSBD, the indictment charges. The code reportedly was intended to activate at a later date, but was caught first by other employees. The indictment doesn’t say what kind of damage the code would have caused.

Duchak pleaded not guilty in U.S. District Court in Denver on March 10, and was released on bail. In a report at Wired.com, Duchak’s attorney said the servers Duchak is charged with infecting were parts of beta systems used for testing statistical analyses.

If convicted, Duchak faces up to 10 years in federal prison and a fine of up to $250,000 for each of the two counts.

The TSBD is handled by the FBI’s Terrorist Screening Center and used by multiple agencies. It contains a variety of watch lists, including the Homeland Security Department’s no-fly list and the Justice Department’s Interpol Terrorism Watch List.

This case was investigated by TSA’s Office of Inspection, Homeland Security Department’s Office of the Inspector General and the FBI.

About the Author

Kevin McCaney is editor of Defense Systems. Follow him on Twitter: @KevinMcCaney.

Reader comments

Sat, Nov 20, 2010

Good or Bad for the citizens?

Mon, Mar 22, 2010

I have frist hand knowledge of the system they speak of, and know they was no way it would of crash the system,we enter codes all the time to see what effects it would have.

Mon, Mar 15, 2010

What was this guys security clearance level - he was probably cleared for TS or TS/SCI - so much for our fitness screening program.

Mon, Mar 15, 2010

One interesting thing is the article doesn't say if he was a civil servant or contractor or why he was being terminated. These would be key factors when firing personnel in the future. We need to be more vigilant and remove users from systems if there is any indication they can cause harm.

Mon, Mar 15, 2010

WTF. Nice to know TSA is still on the ball. Every place I've ever worked would remove someone's access if a person was being terminated. Ideally, you cut their priveledges and escort them off site the moment you tell them, especially for sensitive systems like the ones involved here.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above