Ethics and Hacking

From an anonymous source in the Commonwealth Office of Technology:

Before Mark Rutledge left, our AD servers were hacked by somebody outside the network. They covered it up and made sure everybody was scared to talk. We also deployed voip to many state offices. That server has also been hacked and depending on who you believe, there have been between $250,000 and $6,000,000 is international calls made. We can't seem to track down who did it.

Lastly, Mark Rutledge went to work for McAfee. That alone should be an ethics violation since he was responsible for their enterprise contract with us. Well, last week he made a sales call to the technology staff over at Education. That should really be a problem.

What does this mean? Let me interpret some of the techno-speak.

First the AD servers are the Active Directory Servers; the over-simplified explanation is that these machines are the master servers for the entire computer network. If you control these servers you control the network. If someone did hack these computers they would have access to all state records, personal information, financial information, email -- everything.

To cover up such a hack would be an act of major misfeasance. The last time Kentucky state government was the victim of such a hack Auditor Ed Hatchett blew the whistle.

Second, Voice over Internet Protocol (VoIP) is a technology that allows you to make voice calls using a broadband Internet connection instead of a regular (or analog) phone line. The concerns here are not only how much money was lost, possibly up to $6,000,000.00, but what was the nature of the calls?

Even if the financial loss was only $250,000.00, who runs up a quarter million dollar phone bill talking to his girlfriend spending the semester in France? Isn’t this something that crosses state lines and is therefore a federal matter? Wouldn’t the FBI or the Department of Homeland Defense be involved?

Regarding Mark Rutledge, the former Chief Information Officer of the Commonwealth, working for McAfee:

The state contract for McAfee is through Dell Computers, so that may technically mean that McAfee is not doing business with the state. However, the state does buy a lot of McAfee software and if Rutledge has already been making sales calls then it looks like someone is tap dancing around the rules.

The following post employment restrictions are placed on state employees.

A current or former officer or elected official is prohibited for six months following termination of employment from accepting employment or compensation from any person or business that does business with, or is regulated by, the state in a matter in which he was directly involved during the last 36 months of his state tenure.

There are a number of questions here that could stand a little sunlight.

Let us hope that someone is paying attention.

A number of people and agencies have the authority to look into this: Auditor Crit Luallen , the Executive Branch Ethics Commission, Secretary of Finance Jonathan Miller, or Attorney General Jack Conway.

And one other thing the reason I got an anonymous email from a COT employee is because “Posting on blogs or any other interactive media is strictly prohibited.”