FBI Computer System So Screwed Up, You Need To Hack It To Get Stuff Done

from the not-very-comforting dept

The incredible saga of the FBI's overbudget $500 million computer system that needed to be scrapped after it turned out it was useless in fighting terrorism apparently had some other problems as well. The news has come out today that a contractor hired to work on the computer system was so frustrated by the bureaucracy he needed to go through to do something as simple as adding a printer to the network, that he used some free internet tools to breach the network and get access to the usernames and passwords of 38,000 FBI employees, including director Robert Mueller. The contractor pleaded guilty to various charges, though even the FBI admits that he only appears to have done what he did to actually get work done. It's not clear which part is more disturbing: that the FBI's computer system was so easily hacked, or that the best way to get work done at the FBI is to breach its computer security.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 6 Jul 2006 @ 11:44am

    And you are concerned with the govt. wiretap issue why?

    link to this | view in thread ]

  2. identicon
    anonymous coward, 6 Jul 2006 @ 11:56am

    whether you work for the government or a large corporation, it is all the same. i work for a large corporation as a project manager and my job is to hack my way around the bureauacracy...

    link to this | view in thread ]

  3. identicon
    garrett, 6 Jul 2006 @ 12:29pm

    See this is another case of the media highlighting a worse case scenario. This guy had 'access' to 38,000 usernames and passwords. It doesn't say he did anything with them. Hell it doesn't even say that he READ them, just that he COULD have. And of course you have to mention that Mueller's info was amoung them, makes the story so much better. How hypocritical is the FBI when they charge him for doing what was necessary to get the job done that they hired him for? BS if you ask me. Another article I read said that he had the blessing of the feild agents at the location he was working in. They too were probably frustrated with the amount of red tape there was too just add a printer. Looks to me like the only charged him because they were worried that it would look like they condoned hacking of their own system.

    link to this | view in thread ]

  4. identicon
    Frink, 6 Jul 2006 @ 12:56pm

    Re:

    So you believe that a breach of security allowing private access to a list of people in the Federal Witness Protection Program is OK? If your name was on that list would you feel the same? You are absolutely certain this Colon person (sounds a bit odd, huh?) would never use what he knows for personal gain? You don't think the Feds involved should or will suffer consequences? You think this story does not merit any media attention or scrutiny? What is the best case scenario here? Would we all be better off not knowing about this? He was not hired to hack the system and the Feds involved had no authority to help him do it.

    You scare the hell out of me. You should go to jail with him and be his Colon bitch. The Feds involved should be in the cell next door.

    /.

    link to this | view in thread ]

  5. identicon
    Alvin Fong, 6 Jul 2006 @ 12:56pm

    He might have needed to do it to get the job done...But he still violated laws in the process. Don't forget about the due process step. If a judge sees this and the FBI (which has already verified this) that he did it only to get his job done, then the judge will either throw out the case, or withhold punishment.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 6 Jul 2006 @ 1:24pm

    Re: Re:

    Why 'Colon' sound odd to you? It's a legitimate last name.

    link to this | view in thread ]

  7. identicon
    WirelessGuy, 6 Jul 2006 @ 1:34pm

    Re: Re:Paranoia will destroy yah

    Come off it will yah. I have access to millions of subscriber records, call detail, billing, SSNs, and one little thing called integrity.

    Would it be better if the world didn't publish this crap trying to sell papers by creating a hysterical environment where open WiFi is the devil's work, you can't walk with a cell phone and talk or you will get hit by a train or lightning, and the government is watching you take a shower in the morning? Oh My Lord would it be....the problem is that there are just too many news outlets now with everyone trying to get those adsense bucks one tenth of a cent at a time that they will make every story out to be the end of the world.

    I am certain of one thing, the people that buy into this crap are also the ones who felt that Y2K was going to end the world, that aliens on X-Files are real, that the US Military piloted the planes into the WTC, and that Bert and Ernie were gay lovers.

    link to this | view in thread ]

  8. identicon
    Ex-Gov. Employee, 6 Jul 2006 @ 1:37pm

    Re: Re:

    Woah there budy,

    Where did you get that they were on the Federal Witness Protection Program? It did not say that. You are, ehum, assuming that.

    So what if he does use it for personal gain?! Won't that land him in jail?!!!!!!!!

    The VA Director of Computer Security made out with 50,000.00 records containing names, SSN's, addresses etc., etc.. What about him? He was a DIRECT EMPLOYEE for crying out loud.

    I would rather trust a contract who sees thousands of ID information on a daily basis and can't remember but 1 or 2, than a full timer!

    No I am not a contracter.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 6 Jul 2006 @ 1:55pm

    You asked "Where did you get that they were on the Federal Witness Protection Program?"

    Follow the last link, it is in that article.

    link to this | view in thread ]

  10. identicon
    anonymous coward, 6 Jul 2006 @ 2:12pm

    WHAT THE HELL ISS WITH THESE DANG CAPITALS?
    anyway back to my normal state. well to get through a company network its simple. You don't

    It'd be really nice if they would give you passwords and crap but no... My company seems to be so darn stupid that I have to get a juniour administrator to open the computer before I , a Technition can get into the damn thing.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 6 Jul 2006 @ 2:15pm

    Re:

    They are worried that you will infect the spellchecker.

    link to this | view in thread ]

  12. identicon
    Smitty, 6 Jul 2006 @ 2:24pm

    Re: Hacking the FBI

    One small difference, when you hack the FBI you go to jail. When you hack your way through corporate BS you just get a small raise.

    link to this | view in thread ]

  13. identicon
    Joseph, 6 Jul 2006 @ 2:29pm

    Ha

    I'm glad he hacked there system,,, It just show's them that they spent 5 million on nothing! they waste our tax dollar on shit and thats what they got!,this guy is probably using a home made computer that didnt cost him over $300.00 to make,and the only reason he was even arrested is for the fact that he did it,,,now dont forget there are ten thousand more people that can do that too and another 15,000 children under the age of 15,, so get off ur high damn'd pedestal's and ur bureaucracy my ass he didn't hurt no one no one died and nobody would have know if he didn't tell them, sound to me like the fed need comp/training 101 ,,c'mon they cant get a printer online so they need to hire some one if u ask me they deserve it and now they look like fool's.



    And remember' Joey from Brooklyn is always happy to see ya

    link to this | view in thread ]

  14. identicon
    greytech, 6 Jul 2006 @ 2:41pm

    Re: Re: FBI Computer System So Screwed Up, You Nee

    I can only think that Frink's comments are because of he's a drone that works for the FBI as well or he/she is a government worker as government workers are the only freaks who could stand up for the FBI's behavior.

    link to this | view in thread ]

  15. identicon
    ForkBoySpam, 6 Jul 2006 @ 2:41pm

    Re: Re: Re:Paranoia will destroy yah

    Wait...the aliens on X-Files weren't real?? Damn it! I was wrong about the Easter Bunny too.....

    link to this | view in thread ]

  16. identicon
    ForkBoySpam, 6 Jul 2006 @ 2:43pm

    Re: Ha

    Honestly - I'd rather see them looking like fools without having to waste taxpayer's money (being that I'm one of em).....

    link to this | view in thread ]

  17. identicon
    Govt Employee, 6 Jul 2006 @ 2:49pm

    This is crazy...

    First and foremost, the individual should be promoted not punished! I dont care what his job title is/was... the fact that he wasnt a certified hacker and was probably an average joe when it comes to computers should show the FBI that they made a detrimental mistake with the upgrades they recently went through. Hell, i would even venture to say that this instance gets swept under the carpet. Secondly, paranoia will destroy people. This guy wasnt out to fuck anyone over... just trying to get his job done. If anyone has a problem with him, find out his name, email, or whatever, and write the man a letter with your concerns. I assume people reading/writing on this page have the skills to get info like that... If you do, write him, get his side of the story instead of believing EVERYTHING you read.

    link to this | view in thread ]

  18. identicon
    chaoticset, 6 Jul 2006 @ 2:49pm

    Wow. No, really, wow.

    A government bureau riddled with inefficiency and punishment for those who dare to find ways to actually *do* things?

    Amazing. How could that possibly have happened?

    link to this | view in thread ]

  19. identicon
    Govt Employee, 6 Jul 2006 @ 2:53pm

    Re: Wow. No, really, wow.

    well said!

    link to this | view in thread ]

  20. identicon
    Keith, 6 Jul 2006 @ 3:16pm

    Seems to like some have missed important facts her

    Security is a tiered approach. This was one aspect. You could still grant access to resources, without causing such a major breach. If he was given an account that could install software, then whats the big deal here? If you invite a detailer to your house, through your gate into your garage to detail your 2007 Mercedes Benz then one must assume that there is a certain level of trust implied. So. Will he need to bring his own water truck, own power source? If yes, then make sure those are in place before the job is started. And being smart, plan for the worst and provide a back up power outlet and water hose in the event that his fails. If every thing is available then you don't have to give him your car key, cause he is not test driving the vehicle.
    If No, then provide him with all he will need to complete the job.
    We can note 2 things here:
    1-The process was in place. Under normal circumstances, this is referred to as change management and it was not adhered to. (kind of silly to me. You need me to feed and walk the dog but provide not dog food or a leash. and I go to walmart and buy both to get the job done and I get punished) Just that it needed to be better implemented. First we must assume that the purpose of the contractor may not have been fully defined. Otherwise, you would know all that he would be required to do and place him in a group that already have those pre-defined privelliges, or have some other personel with the rights available to make the changes required. You should have provided the resources necessary to complete the job. Seems like the Project Manager had little idea of how to implement a project. Adding of a printer does not seem to be a serious security issue anyways. That is if we actually mean a print device ( cannon, HP Brother etc) and not a print server. In fact I can hardly envision a situation where one would not have a need to use a printer during the course of their job.
    2- This contractor was brought inside the company and given administrative rights and also a computer which he could perform administrative functions.
    The fact is that there are thousands of simple security measures and policies that could have prevented this breach. If you expect a plumber to fix your leaking faucet in your master bedroom, then lock away your jewelry in a safety box. Lock away your sterling silver. Otherwise, before the job is started, asked what will he need to get the job done, what resources will be needed to get the job done and provide it up front. If that cannot be done, make provision for it to be provided on demand.
    Then again what systems are we dealing with here? Windows? Novell?'NIX?

    link to this | view in thread ]

  21. identicon
    Joe Smith, 6 Jul 2006 @ 3:20pm

    Shooting the messenger

    So he tries to help the FBI and gets criminally charged for his trouble. There is a lesson in there for anyone thinking of doing business with the FBI.

    Now, the question is - has any been charged for pouring $500 Million dollars down a rat hole. Seems to me that it would take a life time of effort by 1000 ordinary Americans to scrap together that amount of money and someone has thrown away the equivalent of that 1000 life times of effort.

    link to this | view in thread ]

  22. identicon
    Agonizing Fury, 6 Jul 2006 @ 3:54pm

    I Feel his pain

    I am in the National Guard. I also work on computers as a hobby. I am currently activated for a special project, and they are just now getting the computers, etc. into place. Because these computers connect to the GA Guard Domain, I only have user rights on them (Despite the fact that when I was active duty, I was the IMO (Head IT Guy) for my unit). So today we get a new printer and guess what? I need administrator rights to install it. How many people in the company have administrator rights?......1! I had to wait 5 and a half hours for him to become available to perform a simple task. It was very tempting to just go out to my car and get my Win 2k/XP Password reset disk, but figured the government was just stupid enough to prosecute someone for being efficeint. I get home and read this. Now I know. On a side note, the reason I had that disk with me was because this IT guy had no clue it could be done and was about to re-image another computer that didn't have the right password set for the administrator account. Sheesh

    link to this | view in thread ]

  23. identicon
    Just Me, 6 Jul 2006 @ 4:36pm

    Don't Use Windows

    My guess: windows was the flateform in use.


    My Suggestion: Don't use Microsoft Windows. Use Linux, Unix, Solaris...anything else but windows if security is of concern to you.

    Plus, you end up saving loads of money, and less hassle if you wish to add more functionality to the system.

    link to this | view in thread ]

  24. identicon
    Sean, 6 Jul 2006 @ 4:45pm

    Secure work around.

    I went threw the same thing in Highschool. The network administrator had set up some Fortress program to keep people from writting on the hard drives. So I had to write and compile all my programs on floppy. PAIN IN THE ASS. some programs didn't fit on a floppy once compiled. so I decrypted the password: "spoon" word got around and i got kicked out of school and was made to pay a hefty fine. 6 months later I was back in school. new password: FORK!!!!

    I swear to God.

    If you keep up with the news I will give you 1 guess what school it was...
    Dover High of Pennsylvania, the same school board that braught up the teaching evolution in school bologna. Those idiots finaly got fired for that one.

    link to this | view in thread ]

  25. identicon
    Sean, 6 Jul 2006 @ 4:45pm

    Secure work around.

    I went threw the same thing in Highschool. The network administrator had set up some Fortress program to keep people from writting on the hard drives. So I had to write and compile all my programs on floppy. PAIN IN THE ASS. some programs didn't fit on a floppy once compiled. so I decrypted the password: "spoon" word got around and i got kicked out of school and was made to pay a hefty fine. 6 months later I was back in school. new password: FORK!!!!

    I swear to God.

    If you keep up with the news I will give you 1 guess what school it was...
    Dover High of Pennsylvania, the same school board that braught up the teaching evolution in school bologna. Those idiots finaly got fired for that one.

    link to this | view in thread ]

  26. identicon
    Anonymous Coward, 6 Jul 2006 @ 4:52pm

    I blame my atrocious spelling, grammer, and double post on that educational facility...

    link to this | view in thread ]

  27. identicon
    Frink, 6 Jul 2006 @ 9:34pm

    Re: Re: Re:

    From TFA:

    "The break-ins, which occurred four times in 2004, gave the consultant access to records in the Witness Protection Program and details on counterespionage activity, according to documents filed in U.S. District Court in Washington. "

    Please go back and read TFA.

    link to this | view in thread ]

  28. identicon
    Frink, 6 Jul 2006 @ 9:42pm

    Re: Re: Re: FBI Computer System So Screwed Up, You

    Can't get anything past you can I? Yes, yes I am a spy.

    If you read my first post you might comprehend the fact that I was criticizing, not standing up for, the FBI behavior. Please develop some reading skills and get back to me. At the very least learn to follow the thread.

    link to this | view in thread ]

  29. identicon
    Frink, 6 Jul 2006 @ 9:59pm

    "I blame my atrocious spelling, grammer, and double post on that educational facility..."

    No regular visitor on any forum posts without mistakes all the time. We are all usually in a hurry to get our thoughts down and out before proofreading or spellchecking.

    If your thoughts get communicated clearly enough then there is no blaming necessary. It's just casual conversation and arguing and no grades are given out. This isn't English class.

    link to this | view in thread ]

  30. identicon
    Frink, 6 Jul 2006 @ 10:13pm

    Re: Re: Re:

    I just have a misunderstanding about why someone would have a name identical to a human organ. Now Colin would be nice. It could be worse though - names could be for body cavities. I can't imagine a person going through life named Sphincter although I know a few who might qualify.

    link to this | view in thread ]

  31. identicon
    a 16yr old, 10 Jul 2006 @ 11:20pm

    Re: Ha... but no

    but is that all he's tried to do? show the fbi that their system is sh*t? maybe, but he's got into the system (something you're not supposed to do) to add a printer, he could have added misc aswell. the red tape has obviously got him peeved off and he might have wanted revenge. What's stopping him? nothing. he's broken the law to get in, why not break it again and F*** up the whole thing.


    from a person with logic.

    link to this | view in thread ]

  32. identicon
    Gabriel, 12 Jul 2006 @ 7:16am

    shit, I work for a big Company here in Las Vegas, I have no Administration right, Admin lives in California and comes here twice a year, but they want me to fix everything and add computers to the network with restricted right.. I have to hack my way into the network everytime to install software, add a computer, add printer, basicly anything.. it sucks.. but they dont care.. they still wont give me admin rights.. i dont get it..

    link to this | view in thread ]

  33. identicon
    Dee, 12 Jul 2006 @ 10:56pm

    And We trust them?

    He was only doing what he was hired to do. And we trust the FBI? psh!

    link to this | view in thread ]

  34. identicon
    TTEWOR, 16 Aug 2006 @ 4:04am

    Re:

    Hell he should have done what he was paid to do and thats it . but if anyone knows how to contact him let me know because as like him ,I can not get the information I need out of the FBI so he may be of some help

    link to this | view in thread ]

  35. identicon
    feds are stupid, 2 Jan 2007 @ 7:41am

    hah

    I would be more concerned with the lil disgruntled employee at the corner mart who only makes min wage stealing my credit card number along with hundreds of others that prints out on a batch report at the end of the shift

    link to this | view in thread ]

  36. identicon
    tyler, 12 Feb 2007 @ 6:00pm

    man was doin his job and he gets fucked over like that wow what is the world coming 2

    link to this | view in thread ]

  37. identicon
    Anonymous Coward, 1 Nov 2007 @ 9:03pm

    your all a bunch of NERDS get a jod and get out of your mums basement and stop leaving stupid 10 page comments on this website

    link to this | view in thread ]

  38. identicon
    john, 31 Jan 2009 @ 8:04pm

    SUCK!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    YOU SUCK!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.