At least two major Defense contractors outsourced the writing of code for communications applications to Russians, working for Russian companies and located in Russia.
The Pentagon was tipped off in 2011 by a longtime Army contractor that Russian computer programmers were helping to write computer software for sensitive U.S. military communications systems, setting in motion a four-year federal investigation that ended this week with a multimillion-dollar fine against two firms involved in the work.
The contractor, John C. Kingsley, said in court documents filed in the case that he discovered the Russians’ role after he was appointed to run one of the firms in 2010. He said the software they wrote had made it possible for the Pentagon’s communications systems to be infected with viruses.
Greed drove the contractor to employ the Russian programmers, he said in his March 2011 complaint, which was sealed until late last week. He said they worked for one-third the rate that American programmers with the requisite security clearances could command. His accusations were denied by the firms that did the programming work.
“On at least one occasion, numerous viruses were loaded onto the DISA [Defense Information Systems Agency] network as a result of code written by the Russian programmers and installed on servers in the DISA secure system,” Kingsley said in his complaint, filed under the federal False Claims Act in U.S. District Court in Washington, D.C., on March 18, 2011.
How can this even happen? The complaint was raised to the highest levels with NetCracker and ignored:
In his complaint, Kingsley asserted that Computer Sciences Corporation executives knew about Netcracker’s work in Russia. But a corporation spokeswoman, in a written statement, denied it. “[Computer Sciences Corporation] believes it is as much a victim of NetCracker’s conduct as is our [Defense Information Systems Agency] customer and agreed to settle this case because the litigation costs outweigh those of the settlement,” Heather Williams wrote. “Security is of the utmost importance” to the corporation, she wrote.
Kingsley also said in his whistleblower complaint that when he questioned NetCracker’s general counsel about the propriety of the arrangement, the counsel assured him nothing was wrong. When he asked the company’s board of directors for permission to discuss the Russians’ participation with the Defense Information Systems Agency, his “requests were rebuffed,” he said in the complaint.
The next day, in an email to the board of directors at NetCracker Government Services, the company’s general counsel characterized Kingsley’s conversation with the government official as an “unscheduled, one-on-one meeting” that ended with a “vitriolic rampage” and left the Defense Information Systems Agency officer with the impression that Kingsley was a “lunatic,” according to Kingsley’s complaint. Kingsley said in his complaint that this description of the meeting was incorrect and intended to hurt Kingsley’s reputation with the company’s other board members.
The violation seems to have been reported to a DoD employee who apparently did nothing with the information.
While the court case and guilty plea focuses on Computer Sciences Corporation and one of its subcontractors, NetCracker, using contract employees without a security clearance for classified work thereby making this a “false claims” case, this should be pursued as a national security matter. The companies are trying to make this out to be a benign misunderstanding but that really can’t be the case. The invoices from the Russian companies had to have raised some eyebrows somewhere. In addition to NetCracker, Computer Sciences Corporation was required to review the invoices and certify that they were appropriate and a project officer within DoD had to do the same. NetCracker had to notify CSC who in turn had to notify the DoD project officer when the new subcontractors were brought on.
On the other hand, you can virtually guarantee that the Russian FSB (we used to call this the KGB) knew there were Russian companies involved on the project and a very good chance that there were FSB trained coders on the project. Why bother hacking into a hostile power’s systems when you can create them to your specifications?
All along the way there were ample opportunities to stop this nonsense if anyone had been doing their job. Isn’t there anyone in the Pentagon focused on anything other than altering Bradley Manning’s genitalia and pushing women through Ranger School and into the SEALs?