Programming With The Enemy

Programming With The Enemy

This post is also available in: heעברית (Hebrew)

In a cost-saving move, Pentagon contractors subcontracted their work to the Russians, a four-year probe concludes.

The probe was started in 2011 after John C Kingsley, who has extensive experience working with the US military, tipped off the Pentagon that Russian computer programmers were writing code for sensitive US military communication systems. Kingsley made the discovery after being appointed to run one of the firms contracted to execute a secure-communications project in 2010. According to his statements, the affected software made it possible to infect the Pentagon’s communication systems with viruses.

“On at least one occasion, numerous viruses were loaded onto the DISA [Defense Information Systems Agency] network as a result of code written by the Russian programmers and installed on servers in the DISA secure system,” Kingsley said in his complaint.

The Defense Informations Systems Agency provides secure and secret communication systems in support of battlefield operations. In 2008, two firms – Computer Sciences Corporation and NetCracker, whom it subcontracted – were awarded a $22 million contract to secure and administer the agency’s computer networks. Greed took the upper hand here, Kingsley alleged. Russian programmers, who were willing to work at cut-rate prices – one third of the rate American programmers with equivalent experience and the appropriate security clearance could command – were subcontracted by the two firms for the DISA project.

Alana Johnson, spokeswoman for DISA, declined to comment on whether the Russian’s involvement led to US military communications systems being compromised, as commenting could compromise the agency’s “national security posture.”

“It’s something that we take very seriously,” Johnson said in a telephone interview on Tuesday. “The Department of Defense’s posture on cybersecurity ultimately affects national security.”

This security breach taints and tarnishes a much larger partnership  – a $613 million contract – between Computer Sciences Corporation and DISA. In 2014, the Computer Sciences Corporation collected a total of $1.5 billion from the Pentagon.

In light of the severity of the breach and the scale of the contracts, the $12.75 million settlement between the parties seems rather paltry, but the settlement agreement does leave room for the Justice Department to pursue criminal charges against the companies.

Under the False Claims Act, Kingsley’s share of the settlement is $2.3 million, according to the Justice Department.