.

Consultant Breached FBI's Computers... with Permission?

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Jul 07, 2006 12:25 pm

Consultant Breached FBI's Computers... with Permission?

A government consultant, using computer programs easily found on the Internet, managed to crack the FBI's classified computer system and gain the passwords of 38,000 employees, including that of FBI Director Robert S. Mueller III.

The break-ins, which occurred four times in 2004, gave the consultant access to records in the Witness Protection Program and details on counterespionage activity, according to documents filed in U.S. District Court in Washington. As a direct result, the bureau said it was forced to temporarily shut down its network and commit thousands of man-hours and millions of dollars to ensure no sensitive information was lost or misused.

The government does not allege that the consultant, Joseph Thomas Colon, intended to harm national security. But prosecutors said Colon's "curiosity hacks" nonetheless exposed sensitive information.

Colon, 28, an employee of BAE Systems who was assigned to the FBI field office in Springfield, Ill., said in court filings that he used the passwords and other information to bypass bureaucratic obstacles and better help the FBI install its new computer system. And he said agents in the Springfield office approved his actions.

For full story:
http://www.washingtonpost.com/wp-dyn/co ... 89_pf.html

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Kev

Post Fri Jul 07, 2006 2:24 pm

Re: Consultant Breached FBI's Computers... with Permission?

"As a direct result, the bureau said it was forced to temporarily shut down its network and commit thousands of man-hours and millions of dollars to ensure no sensitive information was lost or misused."
If they had done that in the first place, this might not have been an issue. Also, it looks like another example of the person that exposes a weakness in the government taking the fall as opposed to the person or persons responsible for having such a insecure network being answerable. Another good lesson about having very clear written authorization and rules of engagement so you don’t get burned.

Return to News from the Outside World

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software