Victor Papagno, a former systems administrator at the US Naval Research Laboratory in Washington DC, has pleaded guilty to embezzling 19,700 pieces of computer and electronic equipment from the Navy.
Papagno, 40, faces up to 10 years in prison and a fine of up to £140,000 when he comes up for sentencing on 22 December. But under the terms of a plea agreement, the government will recommend he serve between 12 and 18 months in prison for the theft.
Court documents filed in the case show that Papagno began working as a computer specialist with the NRL in 1989. He began taking home computers and other office equipment without permission in about 1997 and continued doing so until August 2007.
During that time, Papagno was alleged to have stolen more than 100 desktop computers, nearly 7,000 pieces of computer storage media, over 80 computer monitors and hundreds of other items such as laptops, hard drives, peripherals, external storage devices, printers, power backups and software.
According to a source knowledgeable about the case, much of what Papagno took was old and obsolete equipment that would have been otherwise junked, although newer items were a part of the mix too.
If all of the items had been new, the retail value of the equipment seized from Papagno's home would have been around £900,000 according to court documents. Under the plea agreement however, the value of the stolen equipment was pegged at £68,000. Most of the property was apparently taken by Papagno for personal use as well as for use by his family and friends, although a few items were either sold or traded.
Most of the stolen items were recovered during a search of Papagno's home in August 2007 and carted away in a ‘large semi-trailer truck’ according to a statement yesterday by the US Attorney's office in Washington DC.
Officials at the NRL did not immediately respond to a request for comment.
The dangers posed by malicious insiders has been a well documented issue. But it is rare for someone with privileged access to steal computer equipment on the scale Papagno admitted to yesterday. Typically incidents involve either the theft of customer or other confidential and proprietary data or some form of network related sabotage.
Less than a month ago for instance, a former Intel design engineer was charged with the theft of trade secrets by the chipmaker while secretly working for rival AMD. In July, a database administrator who admitted to stealing the personal data of about 8.5 million consumers while he was working for check processing from Certegy Check Services was sentenced to 57 months in prison.
Others meanwhile have turned to sabotage. Last July, a disgruntled network administrator in San Francisco locked up a multi million dollar high speed city network for days by resetting network passwords that he then refused to divulge to other administrators for days. And in September 2007, a Unix systems administrator at Medco Health Solutions admitted to planting a logic bomb that, had it gone off, would have destroyed data, including crucial medical histories, on 70 servers.
Those types of incidents have prompted analysts to argue for the use of monitoring and physical controls to prevent rogue insiders from taking advantage of firms for which they work.
Find your next job with computerworld UK jobs