Former FAA Contractor Convicted of Obtaining Unauthorized Access to a Protected Government System and Causing Damage
On March 14, 2018, Andre Victorian pleaded guilty in the U.S. District Court of Maryland, to an information listing criminal charges related to the unauthorized access and damage of a protected FAA computer system. As a result of his actions, FAA incurred a loss of $27,510.10, which included the time its employees were unable to work and that it took the Agency contractor to identify the cause of a database slowdown.
Victorian admitted that on or about August 27, 2014, and continuing through September 2014, he intentionally accessed an FAA procurement system known as PRISM. He had previously been a contractor responsible for maintenance of PRISM, but FAA elected to award the job to a different contractor. Victorian’s work for FAA ended on August 27, 2014.
Shortly afterward, the PRISM database began to experience unexplained slowdowns. FAA discovered that on August 27, 2014, an unauthorized intruder accessed the PRISM system and issued commands to delete data, which changed the configuration of the database and dramatically slowed system performance for authorized users. Further investigation revealed that on September 8, 2014, the intruder again accessed PRISM to delete logs evidencing the prior unauthorized access.
Analysis of the network activity and connections identified Victorian as the intruder on both August 27, 2014, and September 8, 2014. He also utilized the username issued to him while he was an FAA contractor. Victorian’s conduct impaired the integrity of the system by changing its configuration and making it difficult for authorized users to use it.