Consultant Breached FBI’s Computers


Using standard script kiddy tools a consultant managed to compromise some of the FBI’s computers containing confidential information.

Quite a hack eh?

A government consultant, using computer programs easily found on the Internet, managed to crack the FBI’s classified computer system and gain the passwords of 38,000 employees, including that of FBI Director Robert S. Mueller III.

The break-ins, which occurred four times in 2004, gave the consultant access to records in the Witness Protection Program and details on counterespionage activity, according to documents filed in U.S. District Court in Washington. As a direct result, the bureau said it was forced to temporarily shut down its network and commit thousands of man-hours and millions of dollars to ensure no sensitive information was lost or misused.

The consultant Joseph Thomas Colon was approved (although he does have a somewhat unfortunate surname).

The incident is only the latest in a long string of foul-ups, delays and embarrassments that have plagued the FBI as it tries to update its computer systems to better share tips and information. Its computer technology is frequently identified as one of the key obstacles to the bureau’s attempt to sharpen its focus on intelligence and terrorism.

As usual with the government, no specifics are available..It seems like he got a hold of the SAM file or the shadow file from one of the systems then brute forced the hashes with john the ripper or something similar.

According to Colon’s plea, he entered the system using the identity of an FBI special agent and used two computer hacking programs found on the Internet to get into one of the nation’s most secret databases.

Colon used a program downloaded from the Internet to extract “hashes” — user names, encrypted passwords and other information — from the FBI’s database. Then he used another program to “crack” the passwords by using dictionary-word comparisons, lists of common passwords and character substitutions to figure out the plain-text passwords. Both programs are widely available for free on the Internet.

The new names they are coming up with for this stuff is straight out of the matrix.

The FBI’s Trilogy program cost more than $535 million but failed to produce a usable case-management system for agents because of cost overruns and technical problems, according to the Government Accountability Office.

While Trilogy led to successful hardware upgrades and thousands of new PCs for bureau workers and agents, the final phase — a software system called the Virtual Case File — was abandoned last year. The FBI announced in March that it would spend an additional $425 million in an attempt to finish the job. The new system would be called “Sentinel.”

Hopefully they will do it right this time.

Source: Washington Post

Posted in: Hacking News, Legal Issues

, , ,


Latest Posts:


truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.


Comments are closed.