This article is more than 1 year old
Ex IT chief at Homeland Security watchdog stole US govt software to pirate
Murali Venkata found guilty of conspiracy to resell case management app
A former acting branch chief of IT for the US Department of Homeland Security's (DHS) oversight office was convicted on Monday of conspiring to steal US government software in order to develop a commercial copy that could be resold to other government agencies.
Murali Venkata, 56, of Aldie, Virginia, served as acting branch chief of the Information Technology Division of the DHS Office of the Inspector General (DHS-OIG). He was indicted in March 2020 alongside former acting inspector general of DHS-OIG Charles Edwards, 59, of Sandy Spring, Maryland.
Both men faced charges that they and others conspired to steal government property and to defraud the US, that they stole government property, and that they committed wire fraud and aggravated identity theft. Venkata also faced an additional charge that he destroyed records.
Edwards pleaded guilty in January 2022; Sonal Patel, enterprise applications branch chief in the IT division of DHS-OIG who was indicted separately [PDF], pleaded guilty in April 2019 of stealing US government property in order to develop a commercial version of DHS-OIG's Enforcement Database System (EDS).
According to the indictment against Edwards and Venkata [PDF], Edwards worked for DHS-OIG from around February 2008 through December 2013, including a stint as DHS-OIG's Acting Inspector General. During at least part of that time, he supervised Patel, and she in turn supervised Venkata.
After leaving, Edwards formed a Maryland-based company in 2015 called Delta Business Solutions. According to the Justice Department, the company was used to commercialize software and data obtained from the US government.
The indictment of Edwards and Venkata, covering activities between October 2014 and April 2017, says that Edwards, Venkata, and Patel used their positions "to access, copy, steal, purloin, and convert (1) DHS-OIG's EDS system; (2) DHS-OIG's EDS source code, including the eSubpoena module; (3) DHS-OIG's database, which included the PII of DHS employees; and (4) USPS-OIG's STARS database and PARIS system, which included the PII of USPS employees."
Before DHS-OIG, Edwards worked at the US Postal Service Office of Inspector General (USPS-OIG). Around 2009, when he was Director of Information Technology and the Deputy CIO at USPS-OIG, the indictment says Edwards gave Patel "a CD containing USPS-OIG's STARS database, source code, scripts, and file server contents, which included the personally identifiable information ('PII') of USPS employees." This data is said to have been used to enhance DHS-OIG's audit systems.
Patel and Venkata are also said to have used their positions at DHS-OIG to access and copy Multiple Activation Keys and a Key Management Services Code associated with various Microsoft software products that were used in furtherance of this scheme.
Their purpose was so that "Edwards and his business DBS could create and develop a private, commercially owned version of a case management system to be offered for sale to government agencies for the benefit, enrichment, and profit of [Edwards]."
- Former US Homeland Security Inspector General accused of stealing govt code and trying to resell it to... the US govt
- Printer pwnage, phone poppage, and apparently US Homeland Security needs security help
- US Homeland Security warns of latest hacker craze – ERP pwnage
- SIX MILLION fingerprints of US govt workers nicked in cyber-heist
The plan, the indictment explains, was to develop EDS 2.0 – an improved version of the government's own case management software – and to sell it back to the US Department of Agriculture's Office of the Inspector General (USDA-OIG). The software modifications, it's said, were carried out by a contract software shop in Bangalore (Bengaluru), India.
The indictment does not make clear how the conspiracy unraveled, but multiple mentions of a witness who appears to have worked for USDA suggest that someone got suspicious enough to alert DHS-OIG investigators.
According to the Justice Department, "Venkata was convicted for his role in the conspiracy, which included exfiltrating proprietary source code and sensitive databases from DHS-OIG facilities, as well as assisting Edwards in setting up three computer servers in Edwards’s residence so that software developers in India could access the servers remotely and develop the commercial version of the case management system."
Venkata was convicted of theft of government property, wire fraud, aggravated identity theft, and obstruction; sentencing has not yet been scheduled. ®