D.C.'s top IT security official charged with bribery
Reports: former boss Vivek Kundra to take leave from new job as federal CIO until more details are known about FBI investigation
Computerworld - WASHINGTON — Federal law enforcement officials filed bribery charges today against the District of Columbia's acting chief security officer, along with a one-time D.C. government employee who owns an IT outsourcing company that runs offshore operations in India. Both were later arraigned in federal court.
What is drawing extra attention to this case is its connection to Vivek Kundra, the former chief technology officer for D.C. who last week was appointed by President Barack Obama to be the federal government's first official CIO.
There is nothing in the court documents from today's arraignment to indicate that Kundra had any knowledge of the alleged illegal activity that led to today's arrests. However, NBC News and other media outlets reported late today that Kundra is taking a leave from the federal CIO job until more is known about the FBI's investigation of his former organization.
Arrested this morning was Yusuf Acar, who currently is the District of Columbia's acting chief security officer; police said they found $70,000 in cash in his Washington home. Acar's annual salary is $127,468, according to court documents.
The second suspect arraigned on bribery charges is Sushil Bansal, CEO and founder of Advanced Integrated Technologies Corp. (AITC), a Washington-based outsourcing vendor that has won a number of contracts from the district's IT department. The court documents said that from March 2004 to February of this year, AITC did more than $13 million worth of business with the D.C. government.
Kundra was named CTO in D.C. in 2007. AITC received contracts before and after he was appointed to that job, including the extension of an IT security support deal that involved antivirus deployment and incident response services.
In court, a somber U.S. District Judge John Facciola told Acar that the alleged crimes "speak of bribery" and added that these "are serious federal charges." Acar, 40, said nothing in court other than to state his name.
The U.S. attorney representing the government in the case, Tom Hibarger, told Facciola that Acar posed "a serious risk of flight." According to Hibarger, Acar has relatives in Turkey and had made statements that he was ready to leave the country "and take a large amount of currency with him."
Acar was ordered held without bail. Bansal was released, but ordered not to leave the area.
In an affidavit, the federal government alleged that Acar worked with a vendor to submit a purchase order for one quantity of goods, "and in actuality a lesser quantity [was] ordered and delivered." The scheme was complex and involved adding people to the payroll who didn't exist -- they were called "ghost employees." Payments were allegedly made to those "workers."
Acar is also accused of hiring ghost employees through a vendor and allegedly approving timesheets for them.
In what the government officials described as the "McAfee Software Scheme," Bansal's firm submitted a purchase order for 2,000 units of McAfee Foundstone software, which is used to provide automated scanning and vulnerability assessments, for $104,166. McAfee generated a quote for AITC for the purchase of 500 units of the software at $36,845, but AITC, the provider in this case, charged the D.C. government for 2,000 licenses.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Mitigating Security Risks at the Networks Edge This white paper provides strategies and best practices for distributed enterprises to protect their networks against vulnerabilities, threats, and malicious attacks.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!