A former acting Inspector General for the US Department of Homeland Security (DHS) was indicted on Friday for allegedly ripping off proprietary software and confidential databases and packaging it all up so that his company – Delta Business Solutions – could sell an enhanced version back to the government at a profit.
A federal grand jury in the District of Columbia returned a 16-count indictment against Charles K. Edwards, 59, of Sandy Spring, Maryland, and one of his underlings, Murali Yamazula Venkata, 54, of Aldie, Virginia, the Justice Department (DOJ) said.
They’re both looking at charges of conspiracy to commit theft of government property and to defraud the government, theft of government property, wire fraud, and aggravated identity theft. Venkata is also charged with destroying records.
They were working the scheme for a number of years, according to the indictment. It alleges that Edwards had a network of insiders working on stealing data from the DHS Office of Inspector General (OIG) from October 2014 to April 2017.
According to court documents, the stolen data included sensitive government databases that contained personal identifying information (PII) of DHS and Postal Service (USPS) employees. The plan was to sell the enhanced, so-not-free-anymore version of DHS-OIG’s software to the OIG for the Department of Agriculture. Prosecutors also allege that Edwards kept it all up even after he left DHS-OIG in December 2013, maintaining his relationship with Venkata and other DHS-OIG employees to keep the intellectual property (IP) and PII flowing.
His ex-colleagues did more than just keep up the alleged insider theft, the indictment says: Venkata and others are also said to have served as Edwards’ help desk. They allegedly reconfigured Edwards’ laptop so as to better upload the stolen software and databases, gave him troubleshooting support whenever he needed it, and helped him set up a testing server at his home with the stolen software and databases.
Edwards also allegedly hired software developers in India to help him develop his commercial alternative of DHS-OIG’s software. That’s an aspect of the alleged crimes that could make his penalties yet more severe if he’s convicted, given that he’s not only charged with stealing proprietary software and the PII of government employees, but also with sending it overseas.
The indictment is part of an ongoing investigation by DHS and Postal Service inspectors general and was announced by the two agencies, the DOJ and the US attorney’s office for the District of Columbia, which is prosecuting the case.
If Edwards and Venkata are convicted, they’ll be looking at a maximum of five years for conspiracy to commit theft, 10 years for theft of government property, 20 years for wire fraud, and a minimum of two years for a count of aggravated identity theft. Venkata also faces another 20 years for destruction of records. They would also face fines of up to $250,000 for each count. Having said that, maximum sentences are rarely handed down.
The Washington Post has been following this case for a while. As it reports, it looks like Friday’s indictment is connected to an April 2019 guilty plea from a DHS federal technology manager, Sonal Patel.
Ms. Patel admitted to conspiring with a former acting Inspector General to steal a database containing the PII of nearly 250,000 DHS employees, according to court filings. From The Washington Post:
Patel in court papers acknowledged instructing a subordinate to send her directions on how to install the copy, and steering the Agriculture Department inspector general’s office to using the commercial version instead of the free government version. In June 2016, her plea statement said, she handed two DVDs with copied data to Co-Conspirator 1 ‘on the side of the road’ before the latter boarded a flight from Dulles International Airport to meet with software developers in India,’ who would create the copycat program.
After pleading guilty to one count of conspiracy to commit theft of government property and agreeing to cooperate with prosecutors regarding “a scheme that ran from 2014 to 2017,” Patel was looking at a maximum of five years in prison.
Crime doesn’t pay, even if you have the audacity to try to gussy up and sell your employer its own, free software and – ouch! – PII from your own colleagues.
Latest Naked Security podcast
Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.