FAA worker gets a year in code theft

[InfoSec News <isn () c4i org>]

http://www.chicagotribune.com/news/metro/dupage/printedition/article/0,2669,SAV-0106130346,FF.html

By Matt O'Connor 
Tribune staff reporter 
June 13, 2001 

A former engineer for the Federal Aviation Administration who stole
the only copy of a computer code crucial to monitoring air traffic at
O'Hare International Airport was sentenced Tuesday to a year in
prison.

Thomas A. Varlotta headed the team that worked several years to
develop the so-called source code--necessary to fix glitches in the
automated system used to relay flight information between O'Hare and
controllers at an air-traffic facility in Elgin.

Varlotta stole the only copy of the software program when he resigned
from the FAA in June 1998, a month after learning of plans to bump him
down a pay grade, prosecutors said.

Assistant U.S. Atty. Lawrence Oliver II said the theft didn't raise
public-safety concerns but could have caused "monumental delays"
because the computer program allowed controllers to run as many as 100
flights in and out of O'Hare an hour.

"He intended to hold the FAA and O'Hare Airport hostage," Oliver told
U.S. District Judge William Hibbler.

Federal investigators recovered the software code in a raid on
Varlotta's home in Tinley Park in August 1998, but it was encrypted
with a 13-digit password, and experts at the National Aeronautics and
Space Administration said it could take as long as 400 years to
unscramble, Oliver said.

Months later, Varlotta gave authorities the13-digit password, even
though he knew it "condemned him to a conviction," said his lawyer,
Matthew P. Walsh.

"Three years ago I made the biggest mistake of my life," said
Varlotta, 44, who pleaded guilty to theft last September. "I have lost
my job, my career and the respect of my peers."

Hibbler criticized the FAA for not codifying the code before the
theft.

Prosecutors had contended the code's value was as much as $1.5
million, but Hibbler previously calculated the figure at only $60,000.
If the judge had agreed with prosecutors, Varlotta could have faced as
much as 5 years in prison.

Hibbler also ordered that Varlotta pay $13,000 in fines and
restitution.

The judge said Varlotta's actions were "mean-spirited" and that the
theft of the code, while not creating a danger, could have caused air
passengers "to feel less safe."



ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.