A Contract Killing: The Drama of Government IT Work

Our anonymous CSO's tawdry tale of an IT services contract rollicks through software piracy, dope sales and worse. Who says government work is dull?

The meeting started with my chair positioned in a location under the direct gaze of the other three. They had prepared their line of questioning and felt confident they would achieve their desired results. Prior to the meeting, I had the facilities staff change the lock on my door. The new lock did not work with the master key for that office area (I acquired all keys to my door).

I came to the meeting armed with the initial draft report, distributing the evidence to the three interrogators. They peppered me with hostile questions about my intent in taking the servers and what I would include in my report. I informed them that any and all findings would be included in the report as per contract requirements and standard incident handling procedures. Why? It's standard protocol to review all incidents and subsequent findings/report prior to delivery. After they had exhausted themselves, we reviewed the draft report. There were no redlines, since the report was objective in nature—as required. The facts were stated and evidence provided. Of note, two of the four involved in this incident had left the company one week prior to the discovery of these servers. It is apparent to me that the warring factions had reached an impasse and new, more severe battles were taking place in the shadows. My role was that of a pawn for one and an enemy for the other.

That afternoon, I called my counterpart. He was initially stunned at the incident. He had a hard time believing that this activity could go undiscovered for more than a year and a half in an office in the same building as his. I sent the draft report to him before ending the conversation. In the evening, I secured my office and left with my laptop.

The next day brought a new round of questioning and inquisition. It was evident that someone had attempted to access my office after I had left. The DPM and PM were soon at my door to view the situation. I noticed the PM's interest in the doorknob. He worked the handle and examined the lock, with more than casual intent.
They were obviously anxious for an initial ruling from the customer. I soon received a phone call from my federal counterpart. He asked:

- When will the servers be back online?
- How will you prevent this from happening again?

I indicated that all software must be legal and that the PM had agreed to purchase all necessary software (minus the firewall). The servers would be placed within the data center and entered into the normal patch management and backup cycles. As for how to prevent this from occurring again, I promised I would perform a communist purge with those responsible sent to a gulag. Actually, we drafted a plan to perform more frequent vulnerability scans and network mappings as well as periodic announced and unannounced physical reviews of contractor accessible offices.