Contractor gets prison time for hacking TSA terrorist screening database

Find opportunities — and win them.

After finding out his five-year stint at the TSA had come to a close, TSA contractor James Duchak took out his dismay by messing with the terrorist screening database.

Related article:

A former Transportation Security Administration contractor will spend the next two years in jail after he acted out his grievance over being dismissed by deliberately loading malicious code into an agency database.

James Duchak, 47, of Colorado Springs, Colo., will serve two years and pay $60,000 in restitution to the TSA for tampering with a server that contained the Terrorist Screening Database, reports networkworld.com. After completing his prison sentence, he’ll go on to serve three years of supervised release.

Specifically, Duchak erased code used to “properly format” birthdates, the publication said. He pleaded guilty in October 2009 to charges that he messed with the TSA’s code, according to networkworld. It is not clear why Duchak was being released from the TSA prior to the incident.


Former TSA employee charged with infecting databases

 


The crime occurred seven days into a two-week notice from the TSA informing Duchak that he would be dismissed. During that time he was responsible for training his replacement, who eventually found the damaging code.

Duchak worked as a data analyst in charge of updating sensitive databases used to identify terrorists as they attempt to enter the U.S. and maintained the U.S. Marshal’s Service Warrant Information Network, writes Information Week.

Investigators said Duchak injected the malicious code into the system after hours, according to the Colorado Springs Gazette.

The TSA hacker was seen on security cameras, and other data showed him entering TSA’s Colorado Springs Operation Center around the same the unauthorized code was entered, the Gazette said.

It was the contractor’s replacement who noticed the changes to code, networkworld said. Immediately, the database was shuttered. TSA officials told the Washington Examiner that they caught the cyber bomb before it did any damage.

M. David Lindsey, Duchak’s defense attorney, told the Gazette that his client was under more “pressure” than usual at the time of the incident. Not only was he about to lose his job after five years,  but his wife was pregnant with the couple’s second child. 

Duchak was indicted in March 2010 on two counts of damaging protected computers.