FBI Password Database Compromised by Consultant
LackThereof writes "An IT consultant for the FBI, hired to work on their new 'Trilogy' computer system, apparently got hold of the username and password hash databases for the FBI's network. He then used a common dictionary attack to get usable passwords out of the hashes, including that of FBI director Robert Muller, making him able to access virtually any data stored electronically at the FBI, including Witness Protection program records. The consultant, Joseph Thomas Colon, claims he used the passwords to avoid bureaucratic obstacles, and that his actions were condoned by the FBI agents he was working with at the agency." (More below.)
"He has pleaded guilty to 4 counts of 'intentionally accessing a computer while exceeding authorized access and obtaining information from any department of the United States.' He initally gained access to the hash database by borrowing an agent's username and password; he then re-downloaded and re-cracked it three more times to keep up with the FBI's 90-day password expiration policy. Lesson: Your users are your biggest security hole. Don't trust your users, especially if they're government agents."
Slashdot Burying Stories About Slashdot Media Owned
is your sister single? hot?
Exercise caution when modding this message up: the author acts like a jerk when his karma is excellent.
"Rely on yourself for survival - rely on others to grow."
Fuck that. I grow my own.
Eloi are stupid, throw morlocks at them!
>Are we also going to do something to prevent this from happening again
No. That would be wrong for the following reasons:
- It would require admitting that the existing security system is sub-optimal.
- It would imply that the Dear Leader/FBI Director had made a mistake.
- Acknowledging that there was a problem would aid terrorists and Democrats.
- Creating a culture of accountability would damage agent morale and lead to #3 above.
- Sending some wanker consultant to jail makes staff feel good.
- The option of sending agents to jail and/or Butte, Montana must be reserved for the serious crime of embarrassing the Dear Leader.
Thank you for asking. However, the fact that you asked shows that you have no possible future with the FBI and are probably a threat to our National Security. We'll be in touch.Some mornings it's hardly worth chewing through the restraints to get out of bed.
With apologies to Bash.org
It only appears as Big98Boob$-311 to you since it's your password. To me it just looks like **************
Wax-Museum Fire Results In Hundreds Of New Danny DeVito Statues
The FBI illegally obtains our information, why can't we illegally obtain theirs?
Haiku for you!