Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×

FBI Password Database Compromised by Consultant 373

Posted by timothy from the this-is-the-beg-forgiveness-part dept.
LackThereof writes "An IT consultant for the FBI, hired to work on their new 'Trilogy' computer system, apparently got hold of the username and password hash databases for the FBI's network. He then used a common dictionary attack to get usable passwords out of the hashes, including that of FBI director Robert Muller, making him able to access virtually any data stored electronically at the FBI, including Witness Protection program records. The consultant, Joseph Thomas Colon, claims he used the passwords to avoid bureaucratic obstacles, and that his actions were condoned by the FBI agents he was working with at the agency." (More below.)
"He has pleaded guilty to 4 counts of 'intentionally accessing a computer while exceeding authorized access and obtaining information from any department of the United States.' He initally gained access to the hash database by borrowing an agent's username and password; he then re-downloaded and re-cracked it three more times to keep up with the FBI's 90-day password expiration policy. Lesson: Your users are your biggest security hole. Don't trust your users, especially if they're government agents."
This discussion has been archived. No new comments can be posted.

FBI Password Database Compromised by Consultant More

FBI Password Database Compromised by Consultant

Comments Filter:

  • Upon trying to read the blurb (Score:4, Funny)

    by LFS.Morpheus ( 596173 ) on Thursday July 06, 2006 @10:43AM (#15666939) Homepage
    Nothing for you to see here. Please move along.

    Indeed... in-deed...

  • Wow. (Score:5, Funny)

    by Rob T Firefly ( 844560 ) on Thursday July 06, 2006 @10:45AM (#15666961) Homepage Journal
    The consultant, Joseph Thomas Colon
    What is he, some kind of a... no, sometimes it's too easy a shot, even for me.

  • Good news! (Score:3, Funny)

    by Krellion ( 795134 ) on Thursday July 06, 2006 @10:48AM (#15666975)
    Now all we have to hear is that his laptop got stolen before he was caught.

  • Re:scary (Score:3, Funny)

    by rjhubs ( 929158 ) on Thursday July 06, 2006 @10:50AM (#15666992)
    While there are many problems with this story, the worst is that director Robert Mueller password was broken from a simple dictionary attack. Who is in charge of network security at the FBI, elmo? The password of the day is Apple.

  • Re:A hacker? (Score:5, Funny)

    by dJOEK ( 66178 ) on Thursday July 06, 2006 @10:57AM (#15667046)
    is your sister single? hot?

  • Re:Forced password expirations (Score:1, Funny)

    by Anonymous Coward on Thursday July 06, 2006 @11:03AM (#15667098)
    Oh dear lord. So I work at a security company. We have about 20 different password we have to remember. Our login. Our ticket system. Our Exchange server. Plus local accounts for various things, and numerous other company wide accounts. Each one has a different policy, expiration, and a stupid set of rules to follow when generating.

    Must have a number in it, but can't be at the beginning or end and must have a symbol in it! Expires in 90 days so you have to think up another password you can barely type, let alone remember since you have to have a different one for each site because each site has different policies! What?! I can't use my secure, hard to type, but easy for me to remember password on site Y because site Y has a different password policy?! Fuck you!

    Our company's solution? Give us a program to store all our passwords in. Which can then be 'protected' by a simple password with no rules or expirations.

    Rant rant rant.

  • Re:scary (Score:5, Funny)

    by GungaDan ( 195739 ) on Thursday July 06, 2006 @11:09AM (#15667157) Homepage
    "Rely on yourself for survival - rely on others to grow."

    Fuck that. I grow my own.

  • Re:And we're going to fix this... (Score:5, Funny)

    by Kozar_The_Malignant ( 738483 ) on Thursday July 06, 2006 @11:12AM (#15667183)

    >Are we also going to do something to prevent this from happening again

    No. That would be wrong for the following reasons:

    1. It would require admitting that the existing security system is sub-optimal.
    2. It would imply that the Dear Leader/FBI Director had made a mistake.
    3. Acknowledging that there was a problem would aid terrorists and Democrats.
    4. Creating a culture of accountability would damage agent morale and lead to #3 above.
    5. Sending some wanker consultant to jail makes staff feel good.
    6. The option of sending agents to jail and/or Butte, Montana must be reserved for the serious crime of embarrassing the Dear Leader.
    Thank you for asking. However, the fact that you asked shows that you have no possible future with the FBI and are probably a threat to our National Security. We'll be in touch.

  • Re:comprise != compromise (Score:2, Funny)

    by hevenor ( 931854 ) on Thursday July 06, 2006 @11:34AM (#15667325)
    They would but the bureaucracy involved in reading TFA is way too onerous. I recommend stealing the passwords of the /. overlords and skipping the mountain of red tape.

    Sincerely,

    James Colon
  • With apologies to Bash.org [bash.org]

    It only appears as Big98Boob$-311 to you since it's your password. To me it just looks like **************

  • So What? (Score:5, Funny)

    by spykemail ( 983593 ) on Thursday July 06, 2006 @11:43AM (#15667389) Homepage
    The FBI illegally obtains our information, why can't we illegally obtain theirs?

  • Re:Our Government (Score:4, Funny)

    by Buzz_Litebeer ( 539463 ) on Thursday July 06, 2006 @12:04PM (#15667557) Journal
    You need to chill out, if our government doesnt hire honest people then the government would fall apart. I mean, it would be terrible to have dishonest people with so much information! Right now this proves that we have a lot of honest people and one or two bad apples which are caught in a timely manner, the government can run clean. The reason we allow the government to have all of our information and view it so easily is to stop terrorists and those that act like terrorist but are classed as criminals in our judicial system.

    If we dont get all this information together we wont be safe, and without being safe our entire country would fall apart. So we have to have complete and unfettered trust in our government that it is doing the right thing as they know everything about us!

    Remember to smile for the security camera, there is an angel on the other side.

  • Re:Has the 'consultant' (Score:1, Funny)

    by Anonymous Coward on Thursday July 06, 2006 @12:53PM (#15667961)
    Wha' choo talkin' 'bout Foo?

  • Re:Yep, works for me. (Score:3, Funny)

    by CheeseTroll ( 696413 ) on Friday July 07, 2006 @01:59PM (#15677389)
    I hadn't even thought of applying the idea to the kids. Mine aren't old enough yet for that to be an issue, but the future is full of possibilities, esp. if you exploit the gender stereotypes!

    For boys:
    MyPrettyPony
    BarbieIsNeat
    ILikeGirls (only embarrassing up to a certain age, I suppose)

    For girls:
    ExtraHairy
    GirlsRSmelly
    BoysAreCool

    Now that I've had fun dreaming these up, though, I wonder if the password could be so 'repulsive' that they will refuse to use the computer at all?

Slashdot Top Deals

A large number of installed systems work by fiat. That is, they work by being declared to work. -- Anatol Holt

Close