TSA analyst indicted for tampering with terrorist watchlists

A former TSA analyst has been indicted for computer crimes after being allegedly caught tampering with various terrorist watchlists (his work duties involved keeping these databases up to date). He'd been given notice that he was being fired before the incident. The article doesn't explain what he's suspected of doing, though the possibilities are interesting: adding enemies to watchlists? Taking people off of watchlists?
Douglas James Duchak, 46, was indicted by a grand jury Wednesday with two counts of damaging protected computers. According to a federal indictment, Duchak tried to compromise computers at the TSA's Colorado Springs Operations Center (CSOC) on Oct. 22, 2009, seven days after he'd being given two weeks notice that he was being dismissed. He was also charged with tampering with a TSA server that contained data from the U.S. Marshal's Service Warrant Information Network.

He "knowingly transmitted code into the CSOC server that contained the Terrorist Screening Database, and thereby attempted intentionally to cause damage to the CSOC computer and database," prosecutors said Wednesday in a press release.

Former TSA analyst charged with computer tampering (via /.)


  1. I bet he added his personal enemies; if he took people off the list, he’d be painted as a “domestic turrrist.”

  2. More signs of screaming incompetence. In every single shop where I’ve ever worked for the last 30 years, many of which wouldn’t win any prizes for brilliance, as you’re being told that you’re going to be fired your accounts are being locked out. Doesn’t matter if we love you and think that you’re totally moral and would never do anything evil – the liability is too great on both sides if you even unintentionally do something stupid in that interval. Saying that there was some stuff that only he knew that made it necessary to keep him signed on is just another sign of incompetence: single points of personnel failure.

  3. The charges as stated here are vague. While it could include tampering with the watchlist, it could also include (and is far more likely to be) regular old vandalism of the system. I expect he deleted some files.

  4. Everyone and I mean everyone I know who has both been fired and has access to a computer doesn’t get notice of firing, they get access revoked, handed a box with their belongings in it and escorted from the building by security. And then fired. By everyone I mean from database and system admins to secretar–uh administrative assistants, graphic designers, real estate agents, everyone.

    It’s rude as hell, but in high security situations or in cases where there’s reason to suspect abuse on the employees part it’s just fraking common sense. It would take about 10 minutes for an unskilled person to set up a script that would unleash data havoc with a simple key combination.

    With brains like this on the job it’s a good thing my name’s not Archibald Buttle.

    1. I came here to post this. ^^

      You always restrict access before you even alert the employee that there is to be a probation/termination. It blows because you are outright inferring that you don’t trust them in your systems, but thems tha breaks.

  5. The TSA has a feed from the US Marshal’s warrant database? Does that mean that every time you buy a ticket, the now-mandatory TSA travel approval process also checks to see if you have any outstanding warrants?

    If true, this doesn’t seem to be a well-known or well-publicized fact. And, though I can see how it would be legal, it still feels a little police-state-ish. What’s next? Checking for warrants every time you use your credit card?

  6. Whoa, whoa, whoa! “Warrants”? “Grand juries”??

    Whatever happened to going straight to the extraordinary waterboarding?

    Come on, we should never have even heard about this. It’s like they don’t know how to erase a person anymore.

  7. As much as I dislike the Terror Stricken Agency (TSA) and the impossible task they have been assigned, if they didn’t run every name through every law enforcement data base available I would be disappointed. Better to check for known felon with description 33 yr. old 6’2″ 225# love hate tattoo on hands; than suspect names and detaining 9 yr. olds with funny names.

  8. I wonder how many more people with this access has tampered with the data bases? I doubt it was completely isolated, when you have an axe to grind and the means to grind it…

  9. I remember that in the ’80s, I was able to go through security in less than a minute, smoking was allowed in the planes, and the staff and attendants were polite and friendly. The captain would let me into the cockpit, and they’d hand-out little plastic wings. There were ample peanuts, and a free soda. I was a kid then, of course.

    Now I drive anywhere I can rather than taking the plane because the staff is surly and can’t be bothered to perform the minimum functions their jobs require. Going through security can take more than an hour.

    Driving to Boston or DC or Philly can be faster door-to-door than taking a plane. Yes, the flight lasts 1.5 hours, but if you have to be there 2-3 hours before the flight leaves, and it takes an hour to get out of the airport, the 4.5 hour drive to Philly from Pittsburgh seems like a luxurious adventure by comparison. Plenty of legroom, plenty of luggage space, in addition to entertaining roadside attractions make driving cheaper, faster, and much more pleasant.

  10. Santa Claus, checkin’ his list for those who are naughty and those who are nice…

    10$ He put his ex-wife/ex-girlfriend on the list (and her divorce lawyer/new boyfriend).

    Or maybe like that crazy guy in Billy Madison, he just started adding all his old high school enemies… or anyone that gave him shit, like giving him a parking ticket, his neighbor for his stupid dog, etc…

    You got to think it had to be something pretty major of a change, or multiple entries. As while I am sure the database has plenty of logging, and auditing, it is still supposedly hundreds of thousands of names long. Also if you also help administer said database, depending on privileges, covering your tracks at least minimally would be pretty easy. So either he is an idiot, or screwed the pooch big time.

  11. This is a story I’m hoping we hear all about! And I suspect if the truth comes out about what he did, we’ll hear it here: BB tend to be good with followups :D

Comments are closed.