Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
FedBizOpps.gov contractor under FBI investigation
Friday - 6/29/2012, 5:41am EDT
The federal contractor running three governmentwide websites, including FedBizOpps.gov, is under investigation by the FBI for allegedly trying to access without permission websites of their competitors in the education sector.
The Eastern District Court of Virginia in Alexandria issued a search warrant March 5 to the FBI. The FBI conducted the search before March 19 of Symplicity Corporation's offices in Arlington, Va.
The FBI stated in its request to the judge for the search warrant that a witness alleges Symplicity tried on several occasions since 2009 to access the networks of its competitors, Maxient LLC of Charlottesville, Va., and Pave Systems of Richardson, Texas. Both Maxient and Pave Systems offer software to colleges and universities, and neither have done any federal business in fiscal 2012, according to USASpending.gov.
"On Nov. 4, 2011, a cooperating witness who formerly had been employed by
Symplicity for approximately five years provided information to the FBI concerning
the conduct of Ariel Friedler, the Chief Executive Officer of Symplicity.
According to the [witness], Ariel Friedler showed the [witness] how to connect to
Maxient's website and to look for specific customers by putting in Maxient's main
The Onion Router Project is intended to enable online anonymity on the Internet.
Suspension a possibility
Symplicity, which is in the Small Business Administration's 8(a) program, won more than $30 million in contracts so far in 2012 from a variety of agencies, according to USASpending.gov. More than half of their contracts and dollars came from the General Services Administration for providing services and running FedBizOpps.gov, the Electronic Subcontracting Reporting System and the Catalog of Federal Domestic Assistance. It also won $4.4 million in contracts from the Executive Office of the President and $3.2 million from the Veterans Affairs Department.
While the FBI's search warrant doesn't put any of Simplicity's current contracts at risk, the vendor could face suspension or proposed debarment on future federal contracts based on the issuance of the search warrant, said Bill Shook, a procurement attorney with Government Contracts Attorneys.
Under the FAR, an agency could suspend a contractor for the "commission of any other offense indicating a lack of business integrity or business honesty that seriously and directly affects the present responsibility of a government contractor or subcontractor."
Shook said suspension or debarment based only on the warrant is unlikely, but if Symplicity is indicted, then suspension would surely follow.
GSA spokesman Adam Ellington said the agency is "unable to comment at this time" and referred all questions about the investigation to the FBI.
The FBI would not confirm or deny an investigation is ongoing or even took place.
But the search warrant explains in some detail the allegations against Symplicity.
Audit logs show attempted unauthorized accesses
In the search warrant, the FBI alleges someone using IP addresses assigned to Symplicity tried to access Maxient's client log-in pages in May 2009. In 2010, Maxient's audit logs showed someone using a Symplicity IP address again tried several times to log-in to their client pages, the bureau stated.
The search warrant also alleges several other attempts from IP addresses that either belonged to Symplicity or employees of Symplicity.
The FBI also alleges Symplicity used Structured Query Language (SQL) Injection attacks to get inside Maxient's network.
"Based on my training and experience, I know that attempting to repeatedly submit malformed queries like the ones submitted to Maxient's website from the Symplicity IP address is a method often used by hackers to attempt to gain unauthorized access to websites," wrote Michael French, a FBI special agent who is in charge of the investigation.
The FBI also stated Friedler called the owner of Pave Systems, Ghasson Nino in 2010 with an offer to buy the company's student conduct business. During the call, the search warrant stated, Nino said Friedler mentioned several clients by name even though such a list is confidential and not publicly available.
"The [witness] stated that several years ago Friedler provided the [witness] with a customer list that he said was from another Symplicity competitor, Pave Systems," the search warrant stated. "Friedler told the [witness] at the time that Pave Systems had no security on their network which made it easy for Friedler to get the list."