Consultant Easily Broke into FBI Servers

Highlighting the problems with data security within the United States government, court filings revealed this week that a consultant for the FBI was able to break into a computer containing classified information using tools widely available on the Internet, the Washington Post reported Thursday.

The break-ins comprised information relating to FBI activities including the Witness Protection Program and counterespionage work. Additionally, the passwords of 38,000 employees of the FBI including Director Robert Mueller were exposed, the paper said.

Former BAE Systems consultant Joseph Colon broke into the system four times during 2004, and was allegedly authorized by officials in the Springfield, Illinois FBI field office. Court filings by Colon's lawyers indicate that he was frustrated with the bureaucracy of the agency, and broke in to speed up his work.

While the government does not believe that the consultant was intentionally attempting to harm national security, he was charged and pleaded guilty to four counts of intentionally accessing a government computer without authorization.

Colon lost his job with BAE Systems as a result and was stripped of his security clearance. He could potentially serve up to 18 months in prison for the offense when sentenced next week.

While the break-in is troubling, the FBI says it has since implemented new measures including tougher security measures on its system, and additional training for employees.

Colon's activities are being called a "curiosity hack," where the person's activities, while still a break-in, are not intended to be malicious. Either way, security experts like Sam Kline, Chief Engineer and Architect at SAINT Corporation in Bethesda, Md., are concerned and are sounding the alarm.

"Malicious attackers and 'curiosity hackers' are becoming ever more sophisticated in their techniques to penetrate computer networks. With this comes an increased risk to confidential, personal information," Kline told BetaNews. "The FBI breach is a reminder that every company needs to revisit their security policies and procedures and stay up-to-date with technology that attackers employ."

Both attorneys for Colon and the FBI declined to comment on the case.