A former computer support employee for Baltimore’s Department of Public Works was using a city-owned computer for a variety of extracurricular and forbidden purposes, including piracy, watching porn and political campaign activity, according to Baltimore’s inspector general.
An investigation found the former PC support technician, no longer employed by the city, “was in possession of pirating software and hazardous licensing software” and other disallowed IT tools on a city-owned computer, according to a summary report released by Inspector General Isabel Mercedes Cumming this morning.
The investigation began with DPW management filing a complaint that the employee was using city property for political campaign activity. While the OIG confirmed that finding, it also discovered other misconduct and resulting security risks, including the installation of pirating software and apps and add-ons for viewing porn.
The employee had maintained a mapped drive to sensitive DPW data, including plans for the city’s water system, and least one of the applications the employee installed had malware that put DPW’s computer systems and networks at “immediate risk.”
“The employee’s use of a City computer for extensive personal online activity placed the City’s information network and DPW critical infrastructure at risk for potential cyber exploitation and malware infection,” the summary said.
Baltimore Fishbowl has reached out to the OIG about how long the former technician had been working for DPW, and how long they were using a city computer equipped with pirating and other software.
The OIG worked with the Baltimore City Office of Information Technology on its investigation. Upon learning of the misconduct, BCIT and DPW management worked to mitigate the harm done.
And as a result of the probe, Mayor Catherine Pugh ordered the director of BCIT to review protocols and accountability measures for IT administrators in city agencies and departments.
In an attached letter dated this past Tuesday, Pugh wrote to Cumming that the findings raise “serious concerns about the lack of oversight and accountability on the part of IT administrators.” In addition to the review Pugh has ordered from BCIT, she’s also called for a risk assessment and any recommended fixes.
