oversight

NSF Employee Misconduct

Published by the National Science Foundation, Office of Inspector General on 2003-09-05.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                                    CLOSEOUT MEMORANDUM




The Office of Inspector General's (OIG) Office of Audits notified the Office of Investigations
that KPMG had detected numerous instances of peer-to-pe& file sharing, via a program cilled
"Kazaay7involving PCs within the National Science Foundaion (NSF). KPMG detected the
vulnerabilities while conducting external and internal computer penetration testing for NSF.

The OIG investigation revealed that Internet Protocol (IP) addresses are assigned dynamically
and therefore, may change over time. Due to an agency-wide power outage since the time
KPMGdiscovered the peer-to-peer file sharing, it is impossible to determine which PCs had been
assigned the IP addresses identified by KPMG at the time KPMG obtained its data.

In light of the above, and because the use of peer-to-peer file sharing programs does not violate
any existing NSF policies prohibiting the use of such programs, this case is closed.

Accordingly, this case is closed.