Contractor gets prison time for hacking TSA terrorist screening database

Former contractor gets 2 years after injecting malicious code

A former Transportation Security Administration contractor will spend the next two years in jail after he acted out his grievance over being dismissed by deliberately loading malicious code into an agency database.

James Duchak, 47, of Colorado Springs, Colo., will serve two years and pay $60,000 in restitution to the TSA for tampering with a server that contained the Terrorist Screening Database, reports After completing his prison sentence, he’ll go on to serve three years of supervised release.

Specifically, Duchak erased code used to “properly format” birthdates, the publication said. He pleaded guilty in October 2009 to charges that he messed with the TSA’s code, according to networkworld. It is not clear why Duchak was being released from the TSA prior to the incident.

Related article:

Former TSA employee charged with infecting databases


The crime occurred seven days into a two-week notice from the TSA informing Duchak that he would be dismissed. During that time he was responsible for training his replacement, who eventually found the damaging code.

Duchak worked as a data analyst in charge of updating sensitive databases used to identify terrorists as they attempt to enter the U.S. and maintained the U.S. Marshal’s Service Warrant Information Network, writes Information Week.

Investigators said Duchak injected the malicious code into the system after hours, according to the Colorado Springs Gazette.

The TSA hacker was seen on security cameras, and other data showed him entering TSA’s Colorado Springs Operation Center around the same the unauthorized code was entered, the Gazette said.

It was the contractor’s replacement who noticed the changes to code, networkworld said. Immediately, the database was shuttered. TSA officials told the Washington Examiner that they caught the cyber bomb before it did any damage.

M. David Lindsey, Duchak’s defense attorney, told the Gazette that his client was under more “pressure” than usual at the time of the incident. Not only was he about to lose his job after five years,  but his wife was pregnant with the couple’s second child. 

Duchak was indicted in March 2010 on two counts of damaging protected computers.

About the Author

Alysha Sideman is the online content producer for Washington Technology.

Reader Comments

Tue, Jan 18, 2011 Dorothy Dantoni

Can't believe TSA gives contractors notice when they are going to be let go. This is a big mistake. Employees and contractors at my agency are removed by our enforcement agents who go to the person's desk and escort them from the building when wrongdoing is verified. They are then allowed to come back the next day under escort and pick up their personal property. They do not have access to their computer or the building anymore. if a contractor knows more than a TSA employee about a process or procedure then that is a weakness too. A TSA employee should be training new contractors.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • POWER TRAINING: How to engage your customers

    Don't miss our Aug. 2 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business. Read More


    In our latest Project 38 Podcast, editor Nick Wakeman interviews Tom Romeo, the leader of Maximus Federal about how it has zoomed up the 2019 Top 100. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.