[ISN] Break-In At SAIC Risks ID Theft

From: InfoSec News (isn@private)
Date: Mon Feb 14 2005 - 02:21:24 PST


http://www.washingtonpost.com/wp-dyn/articles/A17506-2005Feb11.html

[InfoSec News subscribers were alerted of this incident with the 
stolen SAIC computers first with the article on February 3rd 2005 at: 
http://www.attrition.org/pipermail/isn/2005-February/001118.html  - WK]


By Griff Witte
Washington Post Staff Writer
February 12, 2005

Some of the nation's most influential former military and intelligence
officials have been informed in recent days that they are at risk of
identity theft after a break-in at a major government contractor
netted computers containing the Social Security numbers and other
personal information about tens of thousands of past and present
company employees.

The contractor, employee-owned Science Applications International
Corp. of San Diego, handles sensitive government contracts, including
many in information security. It has a reputation for hiring
Washington's most powerful figures when they leave the government, and
its payroll has been studded with former secretaries of defense, CIA
directors and White House counterterrorism advisers.

Those former officials -- along with the rest of a 45,000-person
workforce in which a significant percentage of employees hold
government security clearances -- were informed last week that their
private information may have been breached and they need to take steps
to protect themselves from fraud.

David Kay, who was chief weapons inspector in Iraq after nearly a
decade as an executive at SAIC, said he has devoted more than a dozen
hours to shutting down accounts and safeguarding his finances. He said
the successful theft of personal data, by thieves who smashed windows
to gain access, does not speak well of a company that is devoted to
keeping the government's secrets secure.

"I just find it unexplainable how anyone could be so casual with such
vital information. It's not like we're just now learning that identity
theft is a problem," said Kay, who lives in Northern Virginia.

About 16,000 SAIC employees work in the Washington area.

Bobby Ray Inman, former deputy director of the CIA and a former
director at SAIC, agreed. "It's worrisome," said Inman, who also
received notification of the theft last week. "If the security is
sloppy, it raises questions."

Ben Haddad, an SAIC spokesman, said yesterday that the Jan. 25 theft,
which the company announced last week, occurred in an administrative
building where no sensitive contracting work is performed. Haddad said
the company does not know whether the thieves targeted specific
computers containing employee information or if they were simply after
hardware to sell for cash. In either case, the company is taking no
chances.

"We're taking this extremely seriously," Haddad said. "It's certainly
not something that would reflect well on any company, let alone a
company that's involved in information security. But what can I say?  
We're doing everything we can to get to the bottom of it."

Gary Hassen of the San Diego Police Department said there were "no
leads."

Haddad said surveillance cameras are in the building where the theft
took place, but he did not know whether they caught the perpetrators
on tape. He also did not know whether the information that was on the
pilfered computers had been encrypted.

The stolen information included names, Social Security numbers,
addresses, telephone numbers and records of financial transactions. It
was stored in a database of past and present SAIC stockholders. SAIC
is one of the nation's largest employee-owned companies, with workers
each receiving the option to buy SAIC stock through an internal
brokerage division known as Bull Inc.

Haddad said the company has been trying through letters and e-mails to
get in touch with everyone who has held company stock within the past
decade, though he acknowledged that hasn't been easy since many have
since left the company.

He said the company would take steps to ensure stockholder information
is better protected in the future, but he declined to be specific.

The theft comes at a time when the company, which depends on the
federal government for more than 80 percent of its $7 billion annual
revenue, is already under scrutiny for its handling of several
contracts.

Last week on Capitol Hill, FBI Director Robert S. Mueller III
testified that the company had botched an attempt to build software
for the bureau's new Virtual Case File system. The $170 million
upgrade was supposed to allow agents to sift through different cases
electronically, but the FBI has said the new system is so outdated
that it will probably be scrapped.

In San Antonio, SAIC is fighting the government over charges that the
company padded its cost estimates on a $24 million Air Force contract.  
The case prompted the Air Force to issue an unusual alert to its
contracting officials late last year, warning them that "the
Department of Justice believes that SAIC is continuing to submit
defective cost or pricing data in support of its pricing proposals."

SAIC has defended its work for the FBI and the Air Force. Haddad said
that criticisms are inevitable for a such a large company and that
there is no pattern of poor performance.

"I know people will try to jump to that kind of conclusion, but it's
not an accurate reflection of how well this company is doing," he
said. "This company has always prided itself on strong ethics."

The company's alumni list reads like a roll call of the nation's
highest-profile former officials, including former defense secretaries
William J. Perry and Melvin R. Laird and former CIA director John
Deutch. Current directors of the company include former chief
counterterrorism adviser Gen. Wayne A. Downing.

Founded by a group of scientists in 1969, SAIC has been growing in
recent years at a rapid clip, right along with the government's
appetite for high-tech services in information technology and national
defense. The company named a new chief executive, Kenneth C. Dahlberg,
in 2003, and he has set a goal of doubling the company's value within
three to five years, Haddad said.

Philip Finnegan, director of corporate analysis with Teal Group Corp.,
said SAIC is trying to push into the top tier of contractors -- a
rarefied club that includes Boeing Co. and Lockheed Martin Corp. --
and that there are bound to be bumps along the way.

"It's inevitable that they'll face problems," he said.

Others are less sure that the company's recent difficulties don't add
up to something more. "Is [the break-in] saying something about the
quality of the company?" Kay said. "It's hard to say that. It's
probably just random luck. But multiple occurrences of bad luck are
often more than bad luck."



_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005



This archive was generated by hypermail 2.1.3 : Mon Feb 14 2005 - 03:26:33 PST