oversight

Computer Intrusion

Published by the National Science Foundation, Office of Inspector General on 1999-09-30.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                                 NATIONAL SCIENCE FOUNDATION
                                                                                              -Page l
                                       4201 WILSON BOULEVARD
                                      ARLINGTON, VIRGINIA 22230




     OFFICE OF
INSPECTOR GENERAL



MEMORANDUM

Date:             September 30, 1999
To:               File No. I99050017
                                              ecial Agent

Via:
Subject:


Background:




and allegedly found no evide                 icating the system was compromised.

Investigation:

We met with several NSFIDivision of Information Systems (DIS) managers regarding the
              and the NSF Firewall Network. Our meeting confirmed the
             account and three prior incidents of potential computer abuses by
                            scan on NSF servers (possibly                '
                                                                                               w
                     and creating unauthorized user accounts. As a follow up tor niore




office space, thereby putting up a smaller       support relative to the other agencies. NSF allows
to make use of its Firewall Network.
 background o-revious             encounters with DIS, DIS provided e-mail accounts
 and logs for the warez incident.

 In addition, we interviewed Division of Administrative Services (DAS , which handle
 NSF building security, regarding the DAS response and accounts o&h            ysical
 security breach on May 14/15 and 17, 1999.




                                                                                                  -
 Findings:

Our initial investi ation, based on interviews and evidence, confirme
                                                                                   r
account of R a u t h o r i z e d eIectronicaccess of a federal computer (violation ofthe
Computer Fraud and Abuse Act, Title 18 U.S.C., Section 1030 (a)) on the night after his
emulovment was terminated Mav 14. 1999 at NCO. DIS interviews and evidence
ga&ered, also support tha-aintained            and created a         n t h e e r v e r (a
violation of No Electronic Theft-Act and Criminal Infringemiifit of a Copyright, Title 18
U.S.C., Section 23 19). We did not, however, uncover any likely personal gain for
in either violation.

Assistant U.S. Attorney, Eastern District of Virginia,         7          declined the
case for prosecution, since there was no substantial dzifnaw at east $5,000) or a profit to
support a felony conviction for the intrusion -na                Eastern District of VA
generally does not prosecute for misdemeanor intrusions aiid no personal gain piracy.

DAS and DIS have coordinated their efforts to assess and revamp NSF physical and
informational security procedures for handling employees and contractors who are no
longer employed at NSF. In the interim, DAS has set up a procedure with the guards for
those former employees and contractors who are not allowed in the building.

Given the declination, and thaQll)ls      a low risk threat to the NSF Network and
physical security2,no further investigation is warranted at this time. This case is closed.




        as assured us that all asswords have been altered and their servers have been audited and are
                                  DAS has assured us that they now keep a running list with the Front
Desk of all former emp oyemand contractors who are not allowed in the building.