[ISN] U.S. Probes Firm In Security Breach

From: InfoSec News (isnat_private)
Date: Wed Aug 21 2002 - 01:38:11 PDT

  • Next message: InfoSec News: "[ISN] Stolen data reveal undercover cops"

    By Robert O'Harrow Jr.
    Washington Post Staff Writer
    Wednesday, August 21, 2002; Page E03 
    Federal law enforcement authorities searched the computers of a San
    Diego security firm that used the Internet to access government and
    military computers without authorization this summer, officials said
    Investigators from the FBI, the Army and NASA visited the offices of
    ForensicTec Solutions Inc. over the weekend and on Monday, seeking
    details about how the company gained access to computers at Fort Hood
    in Texas and at the Energy Department, NASA and other government
    facilities, officials said.
    The searches began hours after The Washington Post reported that
    ForensicTec consultants used free software to identify vulnerable
    computers and then peruse hundreds of confidential files containing
    military procedures, e-mail, Social Security numbers and financial
    data, according to records maintained by the company.
    Consultants said the files were virtually open to inspection for those
    who knew where to look, or were protected only by easily guessed or
    easily cracked passwords.
    While ForensicTec officials said they wanted to help the government
    and "get some positive exposure for themselves," authorities are
    pursuing the matter as a criminal case. Under U.S. law, it is a felony
    to access a computer without permission.
    A spokesman for the FBI in San Diego acknowledged that a search
    warrant had been issued, but said he could not discuss the case
    because the warrant had been sealed. One official familiar with the
    case said about 20 investigators searched the company's offices on
    ForensicTec President Brett O'Keeffe, who was questioned by
    investigators late Friday and early Saturday, declined to comment.
    Marc Raimondi, spokesman for the Army Criminal Investigation Command,
    also declined to discuss the particulars of the military
    investigation. "We're supporting the FBI in their investigation," he
    said. "Unauthorized intrusion into Army computers, regardless of the
    justification, violates federal law."
    Tiffany Olson, spokeswoman for the President's Critical Infrastructure
    Protection Board, said people who come across vulnerabilities should
    report them. "They shouldn't go ahead and exploit that," she said.  
    "They should contact the government or company that is responsible for
    that vulnerability and report it."
    ForensicTec officials said they stumbled upon the military networks
    about two months ago, while checking on network security for a
    private-sector client. They scanned the networks with software that is
    available free on the Internet and found that many of the computers
    were open to scrutiny. Some machines were accessed, they said, by
    passwords such as "administrator" or "password." The consultants said
    they also used software that automatically cracks passwords.
    While examining the networks at Fort Hood, they found the online
    identifiers, known as IP addresses, of computers at other government
    and military facilities. As former employees of a private
    investigation firm -- and relative newcomers to the security field --
    the ForensicTec consultants said they continued examining the system
    because they were curious, and appalled by how easy it was.
    Last week, O'Keeffe said his consultants concluded that they had found
    a serious problem and wanted to help the government by bringing it to
    light. "We could have easily walked away from it," he said last week.
    Army investigators had been made aware of the intrusions at Fort Hood
    weeks earlier and had been looking into the situation when ForensicTec
    made public what it found, one government official said.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Aug 21 2002 - 03:56:25 PDT