[ISN] No Prison for FBI Network Hacker, Judge Decides

From: InfoSec News (alerts@private)
Date: Fri Jul 14 2006 - 01:09:40 PDT


By Eric M. Weiss
Washington Post Staff Writer
July 14, 2006

A government consultant who cracked the FBI's classified computer network 
and learned the passwords of 38,000 employees, including that of the 
director, was spared a prison sentence yesterday.

U.S. District Judge Richard J. Leon sentenced Joseph Thomas Colon to six 
months of home detention after finding that the computer consultant did 
not try to harm national security or use the information for his own 
benefit or profit.

"This is not a case of al-Qaeda people trying to sneak into the FBI 
system," Leon said. Instead, it was a case of someone being "too clever by 

Colon, 29, pleaded guilty in March to four counts of intentionally 
accessing a computer while exceeding authorized access and obtaining 
information from any department of the United States. He could have 
received as much as 18 months in prison.

Colon admitted he entered the system using the identity of an FBI special 
agent and two computer hacking programs found on the Internet to get into 
one of the nation's most secret databases. As a result, the bureau said it 
was forced to shut down its network temporarily and commit thousands of 
hours and millions of dollars to ensure no sensitive information was lost 
or misused.

During sentencing, Colon said he used the passwords and other information 
to bypass bureaucratic obstacles and better help the FBI install its new 
"Trilogy" computer system. He said he hoped to impress superiors and 
become an FBI agent.

"As with any IT systems administrator, whether in government or private 
business, Joseph T. Colon was granted a substantial level of trust," said 
Charles S. Phalen Jr., assistant director of the FBI's security division. 
"He betrayed that trust."

Colon has since lost his job as a consultant for BAE Systems and his 
top-secret clearance.

Prosecutors said Colon asked for additional clearances and was denied. 
They say he also used access to the system for "curiosity hacks" that were 
not related to his job.

Copyright 2006 The Washington Post Company

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Fri Jul 14 2006 - 01:22:48 PDT