Misuse of computer resources? I've fired people for that. 
a) using unauthorized personal devices on secure networks
b) transmitting confidential information over unsecure channels
c) violating procedures for maintaining network integrity
d) using government networks for personal business
These policies and procedures exist for a reason. How many people reading this have found their name on spam lists because someone put you in their address book and then got compromised? Why anyone associated with this kind of flagrant actionable abuse of resources is still working at the White House, let alone has a security clearance, is beyond me. Speaking of security.... What about those Blackberry's?
This is a reminder for all OD employees that government office equipment and technology resources are primarily available for NIH work. Employees should use government office equipment/resources responsibly and appropriately.Please note: Employees do not have, and should not expect, privacy rights while using any government office equipment or resources, including accessing the Internet and using E-mail.
What is inappropriate use?
Inappropriate use of government office equipment or resources includes but is not limited to:
Creating, downloading, storing, copying, or transmitting;
sexually explicit information/materials;
information/materials that may embarrass or harass others on the basis of race, age, creed, religion, color, gender, disability, national origin, or sexual orientation;
materials to engage in or promote any activities prohibited by law (e.g., gambling, illegal weapons, terrorist activities, etc.); or
unauthorized broadcast transmissions, mass mailings, or chain letters that could congest, delay, or disrupt network service.Using government equipment or resources for private gain (e.g., consulting work for pay, sale of goods or services, etc.).
Using the Internet as a staging ground or platform to gain unauthorized access to other systems.
Engaging in any unauthorized fund-raising activity, endorsing any product or service, or participating in any lobbying or partisan political activity.What are the penalties for inappropriate use?
Employees who improperly use government office equipment or resources:
May be subject to disciplinary or adverse action and criminal penalties.
May be held financially liable for the costs of the improper use.
May lose the privilege of using government equipment and resources.
What part of subject to disciplinary or adverse action and criminal penalties is not clear? So once again, what is it going to take for Congress to toast these idiots? Anyone who works in an office where they have computers can relate to the egregious nature of these infractions.
At the outset, I said this may be nitpicking to some, but I bring it up for a simple reason. This is the sort of nuts and bolts thing people can easily understand. 300 billion dollars in deficits don't phase people as much as 3 dollars a gallon does. Playing fast and loose with lobbying rules may not phase people, but conducting private business on government time and equipment so you can escape detection from law enforcement ... that's a slam dunk if I ever saw one.
Of course there is also the matter of the platforms being used...those Blackberry's. Consider this little tidbit from Wired:
BlackBerry a Juicy Hacker Target
Kim Zetter 08.05.06 | 6:15 PM
LAS VEGAS -- A computer security researcher says he's found an unexpected new path into company networks: the BlackBerry.Jesse D'Aguanno, a consultant with Praetorian Global, has developed a hacking program that exploits the trust relationship between a BlackBerry and a company's internal server to hijack a connection to the network. Because the data tunnel between the BlackBerry and the server is encrypted, intrusion detection systems at the perimeter of the network won't detect the attack.
The technique is successful, D'Aguanno says, because most companies aren't equipped to detect someone trying to deliver an exploit from inside the network. It also works because few companies view the BlackBerry as a plausible attack vector.
....
Given how ubiquitous the BlackBerry is, it's an obvious target for attack, but few researchers have examined it for vulnerabilities. D'Aguanno says the attack could be prevented if companies built more secure architectures on the back end and tightened user policies so not just any user can install third-party code
"Securely deploying it shouldn't be that hard but there hasn't been a whole lot of documentation provided by (BlackBerry maker) Research in Motion in the past on securely deploying the BlackBerries."
D'Aguanno, who has met with Research in Motion about the issue, said the company posted two new documents on its website this week in anticipation of his presentation at the DefCon hacker convention here.
And how did Mr. D'Aguanno insert this exploit? Email....
I think the White House needs to demonstrate - to a legal certainty - that the widespread use of outside accounts in violation of standard documentation and audit regulations did not compromise yet another in a growing list of serious security breaches.
KEYWORDS: Karl Rove, gwb43.com, misappropriation of government resources, violation of network security, negligence, criminal malfeasance, actionable offense, mything the point
Sign up for a Complimentary Member Account... Join the community! It's fast. And it'll allow you to take advantage of all this site's great features!
| < Tuskegee Airman's Cry for Peace | Towards New Enlightenment In Africa > |
