Former TSA employee charged with infecting databases

Data analyst allegedly inserted code after being told he was losing his job

A federal grand jury in Colorado has charged a former Transportation Security Administration data analyst with injecting malicious code into two TSA databases last year, about a week before his employment was about to end.

An indictment handed down March 10 alleges that Douglas James Duchak, 46, of Colorado Springs, Colo., intentionally tried to damage two protected computers in October 2009 at the Colorado Springs Operations Center, where he worked. The center handles data from the interagency Terrorist Screening Database (TSBD) and the U.S. Marshal Service’s Warrant Information Network (WIN).

According to the indictment, Duchak was told on Oct. 15 that his employment would be terminated on Oct. 30. On Oct. 22, he allegedly inserted code into the WIN database in an attempt to cause damage to the host computer and the database. The next day, he did the same thing to TSBD, the indictment charges. The code reportedly was intended to activate at a later date, but was caught first by other employees. The indictment doesn’t say what kind of damage the code would have caused.

Duchak pleaded not guilty in U.S. District Court in Denver on March 10, and was released on bail. In a report at Wired.com, Duchak’s attorney said the servers Duchak is charged with infecting were parts of beta systems used for testing statistical analyses.

If convicted, Duchak faces up to 10 years in federal prison and a fine of up to $250,000 for each of the two counts.

The TSBD is handled by the FBI’s Terrorist Screening Center and used by multiple agencies. It contains a variety of watch lists, including the Homeland Security Department’s no-fly list and the Justice Department’s Interpol Terrorism Watch List.

This case was investigated by TSA’s Office of Inspection, Homeland Security Department’s Office of the Inspector General and the FBI.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected