FedBizOpps.gov contractor under FBI investigation

Friday - 6/29/2012, 5:41am EDT

Jason Miller, executive editor, Federal News Radio

Download mp3

The federal contractor running three governmentwide websites, including FedBizOpps.gov, is under investigation by the FBI for allegedly trying to access without permission websites of their competitors in the education sector.

The Eastern District Court of Virginia in Alexandria issued a search warrant March 5 to the FBI. The FBI conducted the search before March 19 of Symplicity Corporation's offices in Arlington, Va.

The FBI stated in its request to the judge for the search warrant that a witness alleges Symplicity tried on several occasions since 2009 to access the networks of its competitors, Maxient LLC of Charlottesville, Va., and Pave Systems of Richardson, Texas. Both Maxient and Pave Systems offer software to colleges and universities, and neither have done any federal business in fiscal 2012, according to USASpending.gov.

"On Nov. 4, 2011, a cooperating witness who formerly had been employed by Symplicity for approximately five years provided information to the FBI concerning the conduct of Ariel Friedler, the Chief Executive Officer of Symplicity. According to the [witness], Ariel Friedler showed the [witness] how to connect to Maxient's website and to look for specific customers by putting in Maxient's main URL, , followed by a question mark and a school abbreviation," the search warrant obtained by Federal News Radio stated. "Friedler told the [witness] that this was how Friedler checked for new customers on Maxient's website. The [witness] stated that every time Friedler found a new customer on Maxient's website, Friedler would send an instant message or email to the [witness] about it. The [witness] also stated that Friedler discussed using anonymizers and The Onion Router to hide Friedler's activity when Friedler was looking at competitor's networks and that Friedler was very interested in using these technologies."

The Onion Router Project is intended to enable online anonymity on the Internet.

Suspension a possibility

Symplicity, which is in the Small Business Administration's 8(a) program, won more than $30 million in contracts so far in 2012 from a variety of agencies, according to USASpending.gov. More than half of their contracts and dollars came from the General Services Administration for providing services and running FedBizOpps.gov, the Electronic Subcontracting Reporting System and the Catalog of Federal Domestic Assistance. It also won $4.4 million in contracts from the Executive Office of the President and $3.2 million from the Veterans Affairs Department.

While the FBI's search warrant doesn't put any of Simplicity's current contracts at risk, the vendor could face suspension or proposed debarment on future federal contracts based on the issuance of the search warrant, said Bill Shook, a procurement attorney with Government Contracts Attorneys.

Under the FAR, an agency could suspend a contractor for the "commission of any other offense indicating a lack of business integrity or business honesty that seriously and directly affects the present responsibility of a government contractor or subcontractor."

Shook said suspension or debarment based only on the warrant is unlikely, but if Symplicity is indicted, then suspension would surely follow.

GSA spokesman Adam Ellington said the agency is "unable to comment at this time" and referred all questions about the investigation to the FBI.

The FBI would not confirm or deny an investigation is ongoing or even took place.

But the search warrant explains in some detail the allegations against Symplicity.

Audit logs show attempted unauthorized accesses

In the search warrant, the FBI alleges someone using IP addresses assigned to Symplicity tried to access Maxient's client log-in pages in May 2009. In 2010, Maxient's audit logs showed someone using a Symplicity IP address again tried several times to log-in to their client pages, the bureau stated.

The search warrant also alleges several other attempts from IP addresses that either belonged to Symplicity or employees of Symplicity.

The FBI also alleges Symplicity used Structured Query Language (SQL) Injection attacks to get inside Maxient's network.

"Based on my training and experience, I know that attempting to repeatedly submit malformed queries like the ones submitted to Maxient's website from the Symplicity IP address is a method often used by hackers to attempt to gain unauthorized access to websites," wrote Michael French, a FBI special agent who is in charge of the investigation.

The FBI also stated Friedler called the owner of Pave Systems, Ghasson Nino in 2010 with an offer to buy the company's student conduct business. During the call, the search warrant stated, Nino said Friedler mentioned several clients by name even though such a list is confidential and not publicly available.