A Contract Killing: The Drama of Government IT Work

Our anonymous CSO's tawdry tale of an IT services contract rollicks through software piracy, dope sales and worse. Who says government work is dull?

One of the contract's employees was running a real estate business on one of the servers. All customer information (PII), financials and home listings, plus e-mailsnail mail distribution lists were stored there. Meanwhile, other documents indicated a love affair between four other employees on the contract. Their liaisons were dangerous, and not just because two of them were married—they were also taking place in this office (they fought about tryst schedules in the documents we had). There were rumors of sex videos stored on the servers. Despite our best efforts, we were unable to locate what would have been valuable evidence.

For those keeping score, there were several types of computer crime happening here, each a felony violation of Section 1030 of the United States Code (noninclusively):

- Fraud achieved by the manipulation of computer records;
- Deliberate circumvention of computer security systems;
- Unauthorized access to or modification of programs (see software cracking and hacking);
- Intellectual property theft, including software piracy.

We secured the servers and moved them to my office. We started to forensically image the servers, which had never been backed up, despite nearly 20 months on the job. I informed the Deputy Program Manager (DPM) that they were secured in my locked office and they were being backed up. The whole process would eventually take four days.

As each day came, the pressure mounted. The contract required us to report these incidents, but the Program Manager (PM), the Deputy PM and the IT Ops Manager wanted it hushed up. I was called into a meeting with the PM, DPM and the IT Ops Manager, who presided over the fornicating four.

The PM combined the physical features of the pointy-haired boss with a Mutley-like laugh. His management style was to glare menacingly at all near him, part of an effort to rule through continuous and multiple levels of attempted intimidation. He would, however, relax and beam with pride as he reminisced about selling dope on the library steps during college.

The DPM was a good-hearted sidekick who maintained a perpetual deer-in-the-headlights stare that was broken only by the incessant opening and closing of his mustachioed upper lip as his nicotine stick and caffeine drip passed into his needy, anxiously awaiting ecosystem.

We are required by contract to inform the government of any such incidents within a certain time frame, and it was getting late with respect to informing my government counterparts. Regardless, my peers would be informed (I knew something the PM didn't—that the CTO had decided to inform the agency CTO of the situation). This meeting was not to query what was being found. They already knew what was going to be found. You see, the IT Ops Manager had purchased these servers 20 months ago and had authorized their use as a backdoor way to meeting operational goals without federal scrutiny. Even so, the operational goals hadn't been met—unless you consider running a business from a federal government server an operational goal.