FBI database hacked
p2p news / p2pnet: Using applications easily found online, together with a touch of social engineering, a 28-year-old consultant was able to pull hashes from FBI data bases and crack the bureau’s classified computer system, accessing the passwords of 38,000 employees including FBI director Robert S. Mueller III’s.
“As a direct result, the bureau said it was forced to temporarily shut down its network and commit thousands of man-hours and millions of dollars to ensure no sensitive information was lost or misused,” says The Washington Post, going on that Joseph Thomas Colon hadn’t, “intended to harm national security” but his, ” ‘curiosity hacks’ nonetheless exposed sensitive information”.
“Colon, 28, an employee of BAE Systems who was assigned to the FBI field office in Springfield, Ill., said in court filings that he used the passwords and other information to bypass bureaucratic obstacles and better help the FBI install its new computer system. And he said agents in the Springfield office approved his actions.”
Colon admitted to four counts of intentionally accessing a computer while exceeding authorized access and obtaining information from any department of the US and now faces up to 18 months in jail, The Washington Post, pointing out, “He has lost his job with BAE Systems, and his top-secret clearance has also been revoked.”
Colon’s lawyers said FBI officials in the Springfield office, “approved of what he was doing, and that one agent even gave Colon his own password, enabling him to get to the encrypted database in March 2004,” says The Washington Post.
“Because FBI employees are required to change their passwords every 90 days, Colon hacked into the system on three later occasions to update his password list.”
The FBI’s struggle to modernize its computer system has been a recurring headache for Mueller and has generated considerable criticism from lawmakers, the story adds.
Digg this.
Also See:
The Washington Post. – Consultant Breached FBI’s Computers, July 6, 2006
p2pnet newsfeeds for your site.
rss feed: http://p2pnet.net/p2p.rss
Mobile – http://p2pnet.net/index-wml.php
July 7th, 2006 at 8:31 pm
On one hand this is an extreme threat to our security that it’s that simple to hack the FBI!!!… of all people!!!!! How many OTHER ‘Gov’ agencies can be hacked that easily??????
On the other hand this is funnier than hell!!!!! Just think about it: The very ‘Gov’ who CLAIMS to be soooooo concerned about “National Security” CAN and HAS been hacked!
This reminds me of that movie War Games where this young teen manages to accidentally get into the ‘gov’ database and proceeds to play what he THINKS are games but almost creates WW III. Now THIS scenerio is NOT so funny!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
July 7th, 2006 at 9:51 pm
Did you spill a little Dew on your keyboard? Seems like you’ve got some sticky keys.
July 9th, 2006 at 5:56 am
This seems to be an ongoing issue. On one hand the public is told it’s in the interests of national security, on the other, security is so lax at a place you would expect computer security to be tight at.
It isn’t just the FBI; Homeland Security recieved dud ratings for the year, the story was carried here at p2p.net.
There’s another story where several years ago, a “kiddy” hacker got in by simply using common passwords. That story is carried here also. The individual has been sought through expedition proceedings from the UK; if I remember correctly, the ok has been given to allow it. The story smacks more of retaliation against anyone that would try to get in, not for hacking into the database but rather because someone could use a bit of commonsense to obtain access without messing with any sort of other security devices. In otherwords, because of lax policies by the agency itself, is the reason it could be done. Following typical cost estimates, there is an outrageous claim of the amount of money taken to fix the problem. The trouble with this claim is it is due to shoddy security and not because it was a brute force attack. It would have had to have been done anyway at some point. They are lucky it wasn’t malicious.
The government continues to show why it shouldn’t have most of the data it is seeking in the way it is getting it. Simply the data isn’t safe in their hands. Having your personal data, without court oversight, is exposure to possibly having your identity stolen with them providing the data source. This is not a pretty picture when the government can’t justify the obtaining of all this data and wants to cover it up and hide behind state secrets clauses. Somethings rotten in the government and it stinks to high heaven.
July 10th, 2006 at 6:13 pm
You just put it all in a nutshell.