Using standard script kiddy tools a consultant managed to compromise some of the FBI’s computers containing confidential information.
Quite a hack eh?
A government consultant, using computer programs easily found on the Internet, managed to crack the FBI’s classified computer system and gain the passwords of 38,000 employees, including that of FBI Director Robert S. Mueller III.
The break-ins, which occurred four times in 2004, gave the consultant access to records in the Witness Protection Program and details on counterespionage activity, according to documents filed in U.S. District Court in Washington. As a direct result, the bureau said it was forced to temporarily shut down its network and commit thousands of man-hours and millions of dollars to ensure no sensitive information was lost or misused.
The consultant Joseph Thomas Colon was approved (although he does have a somewhat unfortunate surname).
The incident is only the latest in a long string of foul-ups, delays and embarrassments that have plagued the FBI as it tries to update its computer systems to better share tips and information. Its computer technology is frequently identified as one of the key obstacles to the bureau’s attempt to sharpen its focus on intelligence and terrorism.
As usual with the government, no specifics are available..It seems like he got a hold of the SAM file or the shadow file from one of the systems then brute forced the hashes with john the ripper or something similar.
According to Colon’s plea, he entered the system using the identity of an FBI special agent and used two computer hacking programs found on the Internet to get into one of the nation’s most secret databases.
Colon used a program downloaded from the Internet to extract “hashes” — user names, encrypted passwords and other information — from the FBI’s database. Then he used another program to “crack” the passwords by using dictionary-word comparisons, lists of common passwords and character substitutions to figure out the plain-text passwords. Both programs are widely available for free on the Internet.
The new names they are coming up with for this stuff is straight out of the matrix.
The FBI’s Trilogy program cost more than $535 million but failed to produce a usable case-management system for agents because of cost overruns and technical problems, according to the Government Accountability Office.
While Trilogy led to successful hardware upgrades and thousands of new PCs for bureau workers and agents, the final phase — a software system called the Virtual Case File — was abandoned last year. The FBI announced in March that it would spend an additional $425 million in an attempt to finish the job. The new system would be called “Sentinel.”
Hopefully they will do it right this time.
Source: Washington Post
- Dradis v2.9 – Information Sharing For Security Assessments
- MagicTree v1.3 Available For Download – Pentesting Productivity
- Kvasir – Penetration Testing Data Management Tool
- Government Accountability Office Report Slams FBI Internal Security
- New Windows XP & Vista Full Take-over Hack with Firewire
- Botmaster Robert Matthew Bentley AKA LSDigital Sentenced
Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,133,462 views
- Hack Tools/Exploits - 576,834 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 411,702 views