http://it.slashdot.org/article.pl?si...31256&from=rssAn IT consultant for the FBI, hired to work on their new 'Trilogy' computer system, apparently got hold of the username and password hash databases for the FBI's network. He then used a common dictionary attack to get usable passwords out of the hashes, including that of FBI director Robert Muller, making him able to access virtually any data stored electronically at the FBI, including Witness Protection program records. The consultant, Joseph Thomas Colon, claims he used the passwords to avoid bureaucratic obstacles, and that his actions were condoned by the FBI agents he was working with at the agency.
Is it just me, or does this scare the heck out of anyone else? I mean, I know that the gap between "supposed to" and "reality" is pretty wide, especially concerning information technology and the government, but this is the FBI for crying out loud! How can this happen? Haven't they heard of cracklib, snort, or tripwire, or at the very least PROPER PERMISSIONS SETTINGS??? This is elementary stuff, really. The fact that he was able to do this MULTIPLE TIMES makes me shudder. And these are the folks who are supposed to be protecting us?? How does one protect others when they can't even protect themselves from their own?? To think that they're not even implementing a strong password policy makes me smack my head in disbelief.
And the solution is to go after the consultant???? HELLO! I don't think the consultant should have the book thrown at him, I think the IT staff over there should be held criminally accountable, and up the line if they were just following orders. There is absolutely no excuse for this to happen, in any circumstances. The strong password problem was solved back in, what, the 70s?? And the FBI hasn't caught on? If we know about this instance, what *don't* we know about.
I shudder at the thought.
Now, when the government wants permission to spy on you (track your internet patterns, monitor phone records, etc), will people still say "It doesn't bother me, I have nothing to hide".
It's a much bigger issue, when the gov't has obvious security breaches like this.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote