Thursday, July 6, 2006

Consultant Breached FBI's Computers

Via WashingtonPost -

A government consultant, using computer programs easily found on the Internet, managed to crack the FBI's classified computer system and gain the passwords of 38,000 employees, including that of FBI Director Robert S. Mueller III.

The break-ins, which occurred four times in 2004, gave the consultant access to records in the Witness Protection Program and details on counterespionage activity, according to documents filed in U.S. District Court in Washington. As a direct result, the bureau said it was forced to temporarily shut down its network and commit thousands of man-hours and millions of dollars to ensure no sensitive information was lost or misused.

The government does not allege that the consultant, Joseph Thomas Colon, intended to harm national security. But prosecutors said Colon's "curiosity hacks" nonetheless exposed sensitive information.






This may sound pretty bad and it kinda is pretty bad. However, the truth is that this attack would have most likely worked on many many corporate networks. Insider attack vectors are overlooked many times, because the person / employee has been given a level of trust - even if they don't deserve it.

A simple password brute-forcer on an internal network could do a huge amount of damage very quickly....then we won't even start on MITM attacks.

No comments:

Post a Comment