Dwayne F. Cross, of Upper Marlboro, Md., has pleaded guilty in a U.S. District Court to one count of unauthorized computer access. Mr. Cross has admitted responsibility for accessing confidential records belonging to over 150 people, including high profile individuals.
Dwayne Cross, 41, used to work as a contract specialist for the acquisitions office of the U.S. Department of State. He was fired in October 2008, when he became the subject of an investigation into access violations of the Department's Passport Information Electronic Records System (PIERS).
According to the authorities, Mr. Cross snooped through the passport applications of numerous musicians, actors, politicians, athletes, models, journalists, friends, and even his family members. The spying into the PIERS database was performed during the course of over five years, between January 2002 and August 2008, while working for the State Department, but as an administrative assistant in the Diplomatic Security Abduction Unit.
The repeated unauthorized access incidents were detected and tagged by a special protection mechanism within the system, but Cross's supervisors did not take drastic measures against this. However, Cross did legitimately have access to the PIERS database, as required by his position at the time, but only for justifiable queries.
Court documents note that Cross intentionally neglected the system alerts that warned him about his actions being logged and that the accessed data was confidential in nature. The scanned passport applications contained personal information protected under the Privacy Act of 1974, such as the applicant's name, current address, phone number, emergency contact, and even their photograph.
Dwayne Cross, is not the only former State Department employee who has been charged with such offenses. Lawrence Yontz was sentenced in December 2008 to 12 months of probation and 50 hours of community service, after pleading guilty to the same charges. The Department of State announced, back in March 2008, that three workers had illegally accessed passport records in PIERS. Cross and Yontz are two of them, while the third worker has only been disciplined.
Security researchers claim that one of the main reasons for security breaches affecting organizations or governmental institutions are caused by employees, either by ill intent or carelessness. Just recently, we have reported that a worker from the Chicago US Attorney's Office of Patrick Fitzgerald has accidentally disclosed the real names of 25 witnesses in a federal investigation. The names were listed on a confidential page that was unintentionally attached to a digitized copy of the complaint sent to the press.