Break-In At SAIC Risks ID Theft
camera_lumina at hotmail.com
Sat Feb 12 07:15:24 PST 2005
I worked for a subsidiary of SAIC for a number of years. Their "Private
Stock" always seemed like a pyramid scheme to us engineers. And they
couldn't manage us worth a damn.
Doesn't really suprise me, given the way they operate. I'd bet someone
brought the risks to their attention, too and made a conscious decison that
the risk wasn't worth the necessary expenditure.
>From: "R.A. Hettinga" <rah at shipwright.com>
>To: cryptography at metzdowd.com, cypherpunks at al-qaeda.net
>Subject: Break-In At SAIC Risks ID Theft
>Date: Sat, 12 Feb 2005 07:54:34 -0500
>The Washington Post
>Break-In At SAIC Risks ID Theft
>Computers Held Personal Data on Employee-Owners
> By Griff Witte
> Washington Post Staff Writer
> Saturday, February 12, 2005; Page E01
> Some of the nation's most influential former military and intelligence
>officials have been informed in recent days that they are at risk of
>identity theft after a break-in at a major government contractor netted
>computers containing the Social Security numbers and other personal
>information about tens of thousands of past and present company employees.
> The contractor, employee-owned Science Applications International Corp.
>San Diego, handles sensitive government contracts, including many in
>information security. It has a reputation for hiring Washington's most
>powerful figures when they leave the government, and its payroll has been
>studded with former secretaries of defense, CIA directors and White House
>Those former officials -- along with the rest of a 45,000-person workforce
>in which a significant percentage of employees hold government security
>clearances -- were informed last week that their private information may
>have been breached and they need to take steps to protect themselves from
> David Kay, who was chief weapons inspector in Iraq after nearly a decade
>as an executive at SAIC, said he has devoted more than a dozen hours to
>shutting down accounts and safeguarding his finances. He said the
>successful theft of personal data, by thieves who smashed windows to gain
>access, does not speak well of a company that is devoted to keeping the
>government's secrets secure.
>"I just find it unexplainable how anyone could be so casual with such vital
>information. It's not like we're just now learning that identity theft is a
>problem," said Kay, who lives in Northern Virginia.
> About 16,000 SAIC employees work in the Washington area.
>Bobby Ray Inman, former deputy director of the CIA and a former director at
>SAIC, agreed. "It's worrisome," said Inman, who also received notification
>of the theft last week. "If the security is sloppy, it raises questions."
>Ben Haddad, an SAIC spokesman, said yesterday that the Jan. 25 theft, which
>the company announced last week, occurred in an administrative building
>where no sensitive contracting work is performed. Haddad said the company
>does not know whether the thieves targeted specific computers containing
>employee information or if they were simply after hardware to sell for
>cash. In either case, the company is taking no chances.
> "We're taking this extremely seriously," Haddad said. "It's certainly not
>something that would reflect well on any company, let alone a company
>that's involved in information security. But what can I say? We're doing
>everything we can to get to the bottom of it."
>Gary Hassen of the San Diego Police Department said there are, at the
>moment, "no leads."
> Haddad said surveillance cameras are in the building where the theft took
>place, but he did not know whether they caught the perpetrators on tape. He
>also did not know whether the information that was on the pilfered
>computers had been encrypted.
> The stolen information included names, Social Security numbers,
>telephone numbers and records of financial transactions. It was stored in a
>database of past and present SAIC stockholders. SAIC is one of the nation's
>largest employee-owned companies, with workers each receiving the option to
>buy SAIC stock through an internal brokerage division known as Bull Inc.
> Haddad said the company has been trying through letters and e-mails to
>in touch with everyone who has held company stock within the past decade,
>though he acknowledged that hasn't been easy since many have since left the
> He said the company would take steps to ensure stockholder information is
>better protected in the future, but he declined to be specific.
> The theft comes at a time when the company, which depends on the federal
>government for more than 80 percent of its $7 billion annual revenue, is
>already under scrutiny for its handling of several contracts.
> Last week on Capitol Hill, FBI Director Robert S. Mueller III testified
>that the company had botched an attempt to build software for the bureau's
>new Virtual Case File system. The $170 million upgrade was supposed to
>allow agents to sift through different cases electronically, but the FBI
>has said the new system is so outdated that it will probably be scrapped.
> In San Antonio, SAIC is fighting the government over charges that the
>company padded its cost estimates on a $24 million Air Force contract. The
>case prompted the Air Force to issue an unusual alert to its contracting
>officials late last year, warning them that "the Department of Justice
>believes that SAIC is continuing to submit defective cost or pricing data
>in support of its pricing proposals."
> SAIC has defended its work for the FBI and the Air Force. Haddad said
>criticisms are inevitable for a such a large company and that there is no
>pattern of poor performance.
>"I know people will try to jump to that kind of conclusion, but it's not an
>accurate reflection of how well this company is doing," he said. "This
>company has always prided itself on strong ethics."
> The company's alumni list reads like a roll call of the nation's
>highest-profile former officials, including former defense secretaries
>William J. Perry and Melvin R. Laird and former CIA director John Deutch.
>Current directors of the company include former chief counterterrorism
>adviser Gen. Wayne A. Downing.
> Founded by a group of scientists in 1969, SAIC has been growing in recent
>years at a rapid clip, right along with the government's appetite for
>high-tech services in information technology and national defense. The
>company named a new chief executive, Kenneth C. Dahlberg, in 2003, and he
>has set a goal of doubling the company's value within three to five years,
> Philip Finnegan, director of corporate analysis with the Teal Group
>said SAIC is trying to push into the top tier of contractors -- a rarefied
>club that includes Boeing Co. and Lockheed Martin Corp. -- and that there
>are bound to be bumps along the way.
>"It's inevitable that they'll face problems," he said.
> Others are less sure the company's recent difficulties don't add up to
>something more. "Is [the break-in] saying something about the quality of
>the company?" Kay said. "It's hard to say that. It's probably just random
>luck. But multiple occurrences of bad luck are often more than bad luck."
>R. A. Hettinga <mailto: rah at ibuc.com>
>The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
>44 Farquhar Street, Boston, MA 02131 USA
>"... however it may deserve respect for its usefulness and antiquity,
>[predicting the end of the world] has not been found agreeable to
>experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
More information about the cypherpunks-legacy