Front-end dev cops to billing NSA $220,000 for hours he didn't work
Scam undone by key card and timecard logs
A software developer employed by two different IT subcontractors participating in separate National Security Agency (NSA) contracts has pleaded guilty to submitting false claims about the number of hours he worked, according to the US Department of Justice.
Kyle Duran Smego, a 40-year-old software engineer residing in Raleigh, North Carolina, was hired to do front-end work for two NSA IT contracts. The contracts, identified in court documents only as CTS and ROADRALLY were overseen by an unnamed government contractor – possibly Lockheed Martin – that hired a different subcontractor for each job.
Smego worked for the first subcontractor from February 2016 to November 2017 and for the second from November 2017 and May 2018. In each instance, the work involved classified information, so Smego was required to work in secure locations subject to access control at Fort Meade, Maryland.
Unsurprisingly, the NSA keeps track of the comings and goings of people at secure facilities. According to the plea agreement, the agency's tally of Smego's time on-site fell short of his claimed work hours.
"A subsequent review by the NSA of key card and timecard information demonstrated that Smego was not actually present at his assigned duty stations for at least 1,326 of the 3,289 hours he had reported to Subcontractor 1 (40.3 per cent) on the CTS contract and 375 of the 797.5 hours he had reported to Subcontractor 2 (47 per cent) on the ROADRALLY contract," the court filing says.
Based on labor rates billed at $112.26 to $128.78 per hour for the first subcontractor and $159.08 per hour, the government overpaid $220,379.42. According to PayScale, the average hourly rate for a front-end developer in the Washington, DC, area is about $36.20 per hour.
Smego's plea agreement requires him to pay restitution and forfeit assets derived from the offense. At his sentencing hearing in October, he faces a maximum sentence of five years in prison. ®
- AdBlock Plus
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Microsoft 365
- Microsoft Office
- Microsoft Teams
- Palo Alto Networks
- Software License
- Trusted Platform Module
- Visual Studio
- Visual Studio Code
- Web Browser
- Zero trust