RE: Break-In At SAIC Risks ID Theft

I worked for a subsidiary of SAIC for a number of years. Their "Private Stock" always seemed like a pyramid scheme to us engineers. And they couldn't manage us worth a damn. Doesn't really suprise me, given the way they operate. I'd bet someone brought the risks to their attention, too and made a conscious decison that the risk wasn't worth the necessary expenditure. -TD

From: "R.A. Hettinga" To: cryptography@metzdowd.com, cypherpunks@al-qaeda.net Subject: Break-In At SAIC Risks ID Theft Date: Sat, 12 Feb 2005 07:54:34 -0500

http://www.washingtonpost.com/ac2/wp-dyn/A17506-2005Feb11?language=printer

The Washington Post

washingtonpost.com Break-In At SAIC Risks ID Theft Computers Held Personal Data on Employee-Owners

By Griff Witte Washington Post Staff Writer Saturday, February 12, 2005; Page E01

Some of the nation's most influential former military and intelligence officials have been informed in recent days that they are at risk of identity theft after a break-in at a major government contractor netted computers containing the Social Security numbers and other personal information about tens of thousands of past and present company employees.

The contractor, employee-owned Science Applications International Corp. of San Diego, handles sensitive government contracts, including many in information security. It has a reputation for hiring Washington's most powerful figures when they leave the government, and its payroll has been studded with former secretaries of defense, CIA directors and White House counterterrorism advisers.

Those former officials -- along with the rest of a 45,000-person workforce in which a significant percentage of employees hold government security clearances -- were informed last week that their private information may have been breached and they need to take steps to protect themselves from fraud.

David Kay, who was chief weapons inspector in Iraq after nearly a decade as an executive at SAIC, said he has devoted more than a dozen hours to shutting down accounts and safeguarding his finances. He said the successful theft of personal data, by thieves who smashed windows to gain access, does not speak well of a company that is devoted to keeping the government's secrets secure.

"I just find it unexplainable how anyone could be so casual with such vital information. It's not like we're just now learning that identity theft is a problem," said Kay, who lives in Northern Virginia.

About 16,000 SAIC employees work in the Washington area.

Bobby Ray Inman, former deputy director of the CIA and a former director at SAIC, agreed. "It's worrisome," said Inman, who also received notification of the theft last week. "If the security is sloppy, it raises questions."

Ben Haddad, an SAIC spokesman, said yesterday that the Jan. 25 theft, which the company announced last week, occurred in an administrative building where no sensitive contracting work is performed. Haddad said the company does not know whether the thieves targeted specific computers containing employee information or if they were simply after hardware to sell for cash. In either case, the company is taking no chances.

"We're taking this extremely seriously," Haddad said. "It's certainly not something that would reflect well on any company, let alone a company that's involved in information security. But what can I say? We're doing everything we can to get to the bottom of it."

Gary Hassen of the San Diego Police Department said there are, at the moment, "no leads."

Haddad said surveillance cameras are in the building where the theft took place, but he did not know whether they caught the perpetrators on tape. He also did not know whether the information that was on the pilfered computers had been encrypted.

The stolen information included names, Social Security numbers, addresses, telephone numbers and records of financial transactions. It was stored in a database of past and present SAIC stockholders. SAIC is one of the nation's largest employee-owned companies, with workers each receiving the option to buy SAIC stock through an internal brokerage division known as Bull Inc.

Haddad said the company has been trying through letters and e-mails to get in touch with everyone who has held company stock within the past decade, though he acknowledged that hasn't been easy since many have since left the company.

He said the company would take steps to ensure stockholder information is better protected in the future, but he declined to be specific.

The theft comes at a time when the company, which depends on the federal government for more than 80 percent of its $7 billion annual revenue, is already under scrutiny for its handling of several contracts.

Last week on Capitol Hill, FBI Director Robert S. Mueller III testified that the company had botched an attempt to build software for the bureau's new Virtual Case File system. The $170 million upgrade was supposed to allow agents to sift through different cases electronically, but the FBI has said the new system is so outdated that it will probably be scrapped.

In San Antonio, SAIC is fighting the government over charges that the company padded its cost estimates on a $24 million Air Force contract. The case prompted the Air Force to issue an unusual alert to its contracting officials late last year, warning them that "the Department of Justice believes that SAIC is continuing to submit defective cost or pricing data in support of its pricing proposals."

SAIC has defended its work for the FBI and the Air Force. Haddad said that criticisms are inevitable for a such a large company and that there is no pattern of poor performance.

"I know people will try to jump to that kind of conclusion, but it's not an accurate reflection of how well this company is doing," he said. "This company has always prided itself on strong ethics."

The company's alumni list reads like a roll call of the nation's highest-profile former officials, including former defense secretaries William J. Perry and Melvin R. Laird and former CIA director John Deutch. Current directors of the company include former chief counterterrorism adviser Gen. Wayne A. Downing.

Founded by a group of scientists in 1969, SAIC has been growing in recent years at a rapid clip, right along with the government's appetite for high-tech services in information technology and national defense. The company named a new chief executive, Kenneth C. Dahlberg, in 2003, and he has set a goal of doubling the company's value within three to five years, Haddad said.

Philip Finnegan, director of corporate analysis with the Teal Group Corp., said SAIC is trying to push into the top tier of contractors -- a rarefied club that includes Boeing Co. and Lockheed Martin Corp. -- and that there are bound to be bumps along the way.

"It's inevitable that they'll face problems," he said.

Others are less sure the company's recent difficulties don't add up to something more. "Is [the break-in] saying something about the quality of the company?" Kay said. "It's hard to say that. It's probably just random luck. But multiple occurrences of bad luck are often more than bad luck."

-- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'