The Seattle Times: Nation & World: Computer consultant hacked into FBI’s classified system — Now imagine yourself in the witness protection program up in the Seattle area (loaded with these folks from what I can tell) and you read this article. I think you’d be freaked. I also think that the consultant should be worried about being kidnapped to duplicate his efforts for the mob or terrorists. Geez.
WASHINGTON — A government consultant, using computer programs easily found on the Internet, managed to crack the FBI’s classified computer system and gain the passwords of 38,000 employees, including that of FBI Director Robert Mueller.
The break-ins, which occurred four times in 2004, gave the consultant access to records in the Witness Protection program and details on counter-espionage activity, according to documents filed in U.S. District Court in Washington. As a direct result, the bureau said it was forced to temporarily shut down its network and commit thousands of man-hours and millions of dollars to ensure no sensitive information was lost or misused.
The government does not allege that the consultant, Joseph Thomas Colon, intended to harm national security. But prosecutors said Colon’s “curiosity hacks” nonetheless exposed sensitive information.
Colon, 28, an employee of BAE Systems who was assigned to the FBI field office in Springfield, Ill., said in court filings that he used the passwords and other information to bypass bureaucratic obstacles and better help the FBI install its new computer system. And he said agents in the Springfield office approved his actions.
found by Alan Cole
Don’t believe this article. I think high up officials are trying to create this illusion that FBI systems are not safe just so they can bottle it down like we saw with the NSA / telco efforts. I doubt something like this to be true in any case. Propoganda for the administration is so easy these days.
Nothing in the story indicated that the consultant had done harm. But he did expose that a $1 billion program doesn’t work (yet, anyway). Yet he is being prosecuted, presumably by the FBI, who must be mighty embarrassed. Shouldn’t the FBI have kept this quiet, given the consultant a more responsible position, and retired some of their senior management who had been promoted past their level of competence?
Didn’t something similar happen at Intel years ago? The employee who revealed the holes in Intel’s computer security, did he end up serving prison time?
Awful hard to enjoy this cartoon when we don’t know who is wearing the white hats.
As a direct result, the bureau said it was forced to temporarily shut down its network and commit thousands of man-hours and millions of dollars to ensure no sensitive information was lost or misused.
The question is, would those programs “easily found on the Web” work from an external connection, or only because he had inside access?
one agent even gave Colon his own password, enabling him to get to the encrypted database in March 2004. Because FBI employees are required to change their passwords every 90 days, Colon hacked into the system on three later occasions to update his password list.
“Hacked into” from home, or a computer on the FBI’s internal network?
“Colon’s lawyers said FBI officials in the Springfield office approved of what he was doing, and that one agent even gave Colon his own password, enabling him to get to the encrypted database in March 2004”
And what punishment will the FBI officials who approved of it receive?
#3 the quoted word “forced” leaves a lot to the imagination. But what really forced them to shut down the network was the objective fact that it was hackable. So “forced” here could be like blaming the first observer that the emperor has no clothes, for the subsequent expenditure in gold cloth.
The apparent conclusion that the procedure ensured that no sensitive information was lost or misused, seems to prove that the consultant did no harm.
5 So “forced” here could be like blaming the first observer that the emperor has no clothes..
Thanks, I had intended to comment on that – hence the use of bold – but got side-tracked onto the issue of it being an “inside job”, vice my initial impresion that he had broken in from the outside.
Their administrative controls are FUBAR, but it is his fault for exposing the faults while gaming the system…
Him wanting to “streamline” installation of printers, etc on a secure network is just mind-boggling.
Reminds me of the Walker spy scandal the Navy had. When he was able to authorize a “secure” copier for use in an “eyes only” vault. [grin]
What good is a Colon if there isn’t an asshole nearby? Boy, the FBI sure doesn’t have a sense of humor. But they have a lot of assholes.
#3, #6 Yeah, I guess you’re right. I was trying that on as a kind of debating point. If his first priority really was to help the FBI, he would have revealed to them immediately how porous their security was.
Though I don’t know if full and immediate disclosure helped that guy at Intel.