D.C.'s top IT security official charged with bribery
Reports: former boss Vivek Kundra to take leave from new job as federal CIO until more details are known about FBI investigation
Computerworld - WASHINGTON — Federal law enforcement officials filed bribery charges today against the District of Columbia's acting chief security officer, along with a one-time D.C. government employee who owns an IT outsourcing company that runs offshore operations in India. Both were later arraigned in federal court.
What is drawing extra attention to this case is its connection to Vivek Kundra, the former chief technology officer for D.C. who last week was appointed by President Barack Obama to be the federal government's first official CIO.
There is nothing in the court documents from today's arraignment to indicate that Kundra had any knowledge of the alleged illegal activity that led to today's arrests. However, NBC News and other media outlets reported late today that Kundra is taking a leave from the federal CIO job until more is known about the FBI's investigation of his former organization.
Arrested this morning was Yusuf Acar, who currently is the District of Columbia's acting chief security officer; police said they found $70,000 in cash in his Washington home. Acar's annual salary is $127,468, according to court documents.
The second suspect arraigned on bribery charges is Sushil Bansal, CEO and founder of Advanced Integrated Technologies Corp. (AITC), a Washington-based outsourcing vendor that has won a number of contracts from the district's IT department. The court documents said that from March 2004 to February of this year, AITC did more than $13 million worth of business with the D.C. government.
Kundra was named CTO in D.C. in 2007. AITC received contracts before and after he was appointed to that job, including the extension of an IT security support deal that involved antivirus deployment and incident response services.
In court, a somber U.S. District Judge John Facciola told Acar that the alleged crimes "speak of bribery" and added that these "are serious federal charges." Acar, 40, said nothing in court other than to state his name.
The U.S. attorney representing the government in the case, Tom Hibarger, told Facciola that Acar posed "a serious risk of flight." According to Hibarger, Acar has relatives in Turkey and had made statements that he was ready to leave the country "and take a large amount of currency with him."
Acar was ordered held without bail. Bansal was released, but ordered not to leave the area.
In an affidavit, the federal government alleged that Acar worked with a vendor to submit a purchase order for one quantity of goods, "and in actuality a lesser quantity [was] ordered and delivered." The scheme was complex and involved adding people to the payroll who didn't exist -- they were called "ghost employees." Payments were allegedly made to those "workers."
Acar is also accused of hiring ghost employees through a vendor and allegedly approving timesheets for them.
In what the government officials described as the "McAfee Software Scheme," Bansal's firm submitted a purchase order for 2,000 units of McAfee Foundstone software, which is used to provide automated scanning and vulnerability assessments, for $104,166. McAfee generated a quote for AITC for the purchase of 500 units of the software at $36,845, but AITC, the provider in this case, charged the D.C. government for 2,000 licenses.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts