Dr. Emmanouil “Manos” Antonakakis runs a Georgia Tech cybersecurity lab and has attracted thousands and thousands of greenbacks within the outdated few years from the US authorities for Department of Defense be taught projects tackle “Rhamnousia: Attributing Cyber Actors By Tensor Decomposition and Unique Info Acquisition.”
The authorities the outdated day sued Georgia Tech in federal court, singling out Antonakakis and claiming that neither he nor Georgia Tech followed traditional (and required) security protocols for years, knew they weren’t in compliance with such protocols, and then submitted invoices for their DoD projects anyway. (Read the complaint.) The authorities claims this is fraud:
At bottom, DoD paid for protection pressure technology that Defendants saved in an atmosphere that used to be no longer stable from unauthorized disclosure, and Defendants did no longer even computer screen for breaches so that they and DoD would possibly perhaps perhaps well be alerted if data used to be compromised. What DoD obtained for its funds used to be of diminished or no mark, no longer the advantage of its cut price.
Oeisdigitalinvestigator.com: AV abominate
Given the nature of his work for DoD, Antonakakis and his lab are required to abide by many sets of security rules, at the side of those outlined in NIST Special Newsletter 800–171, “Conserving Managed Unclassified Info in Nonfederal Info Programs and Organizations.”
Indubitably some of the rules says that machines storing or having access to such “controlled unclassified data” resolve on to believe endpoint antivirus intention installed. But in accordance to the US authorities, Antonakakis truly, truly doesn’t tackle placing AV detection intention on his lab’s machines.
Georgia Tech admins asked him to comply with the requirement, but in accordance to an inner 2019 electronic mail, Antonakakis “wasn’t receptive to this kind of recommendation.” In a comply with-up electronic mail, Antonakakis himself acknowledged that “endpoint [antivirus] agent is a nonstarter.”
Consistent with the authorities, “Along with Dr. Antonakakis’s opposition, there used to be nothing fighting the lab from operating antivirus safety. Dr. Antonakakis merely did no longer are making an are attempting to whisk it.”
The IT director for Antonakakis’ lab used to be allowed to make employ of diversified “mitigating measures” as a change, corresponding to counting on the college’s firewall for additonal security. The IT director acknowledged that he realizing Georgia Tech ran antivirus scans from its community. On the different hand, this “assumption” turned out to be fully tainted; the college’s community “has never equipped” antivirus safety and, even though it had, the lab worn laptops that had been on a protracted-established foundation taken originate air the community perimeter.
The college realized after some time that the lab used to be no longer in compliance with the DoD contract rules, so an administrator determined to “suspend invoicing” on the lab’s contracts so that the college wouldn’t be charged with submitting faux claims.
Consistent with the authorities, “Within a pair of days of the invoicing for his contracts being suspended, Dr. Antonakakis relented on his years-lengthy opposition to the set up of antivirus intention within the Astrolavos Lab. Georgia Tech’s long-established antivirus intention used to be installed all the intention thru the lab.”
But, says the authorities, the college never acknowledged that it had been out of compliance for some time and that it had filed a monumental quantity of invoices while noncompliant. In the authorities’s telling, this is fraud.