[conspire] Your government infosec dollars at work

Sat Nov 7 13:50:41 PST 2015

http://www.thedailybeast.com/articles/2015/11/04/pentagon-farmed-out-its-coding-to-russia.html

  Pentagon Farmed Out Its Coding to Russia
  By Patrick Malone, Center for Public Integrity

  The Pentagon was tipped off in 2011 by a longtime Army contractor that
  Russian computer programmers were helping to write computer software for
  sensitive U.S. military communications systems, setting in motion a
  four-year federal investigation that ended this week with a
  multimillion-dollar fine against two firms involved in the work.

  The contractor, John C. Kingsley, said in court documents filed in the
  case that he discovered the Russians' role after he was appointed to run
  one of the firms in 2010. He said the software they wrote had made it
  possible for the Pentagon's communications systems to be infected with
  viruses.

  Greed drove the contractor to employ the Russian programmers, he said in
  his March 2011 complaint, which was sealed until late last week. He said
  they worked for one-third the rate that American programmers with the
  requisite security clearances could command. His accusations were denied
  by the firms that did the programming work.

Yeah, like that.  The article's title is misleading (as is often the
case, and usually is the work of some drama-addicted editor, not the
author):  The Pentagon in this case was found to have properly let out
a $22M 2008 contract to major Beltway Bandit Computer Sciences
Corporation of Virginia -- which in turn subcontracted to sleazy
Massachusetts firm NetCracker Technology Corporation.  The latter
massively broke the law (and national security), and CSC & the Pentagon
merely failed utterly at necessary oversight.

NetCracker is said to have referred to its outsourcing arrangement to
cheap Russian employees as its 'Back Office'.  Like that?

As per the standard script, both firms' mouthpieces stoutly deny any 
wrongdoing, even while the hands beneath those mouths are cutting
cheques to pay fines totalling $12.75M.

One of the many interesting Snowden revelations (see the film
'Citizenfour' or journalist Glenn Greenwald's book _No Place to Hide:
Edward Snowden, the NSA, and the U.S. Surveillance State_) is that the 
USA and partners' domestic surveillance apparatus is _not_ run primarily
by governments, but rather by corporate outsourced business partners, 
and that the nature of that outsourcing arrangement and the identity of
the firms is among the spooks' most closely held secrets.

A $22M contract for a single classified military communications system
is chicken feed in the national-security biz, especially the booming
'cyberwar' industry that is siphoning away tax dollars at an increasing
rate.  However, the CSC/NetCracker case highlights two of the basic
facts about government contracting:

1.  Everyone outsources if he/she can get away with it.
2.  The biggest security problem isn't spies or terrorists, 
    but rather companies screwing up.
3.  Cheap ways to make a buck include selling data and access to
    criminals, foreign powers, or anyone else with money.

Next time you hear that the surveillance state wants us to trust it so
it can protect us, remember that that means trust the surveillance
state, its business partners, their sleazy contractors, and everyone 
who's getting leaks on the side.