Insider Threat Example: FBI Computer Consultant Hacked Director’s Passwords

On Friday, 7/14/06, Silicon Valley reported:

"An FBI computer consultant who pleaded guilty to hacking the secret passwords of Director Robert Mueller and others will not serve any time in prison, a federal judge has ruled. Joseph Thomas Colon of Springfield, Ill., was sentenced Thursday by U.S. District Judge Richard Leon to six months of home detention and ordered to pay $20,000 in restitution to the FBI.

Colon pleaded guilty in March to four misdemeanor counts of intentionally exceeding his authorized computer access. He faced up to 18 months in prison after he acknowledged using two computer programs available for free on the Internet to extract the information and decode the passwords of Mueller and others.  Prosecutors do not believe Colon was trying to damage national security or use the information for financial gain. But the FBI said it was forced to take significant steps to make sure there was no harm from Colon’s actions.

“Joseph T. Colon was granted a substantial level of trust. He betrayed that trust,” FBI assistant director Charles S. Phalen Jr. said. “Once we identified the breach of security, we took quick and appropriate action to neutralize its impact.” Colon had said he was given a password to the FBI’s secret computer system to speed work he was hired to perform in the FBI’s Springfield office."

This points out that an insider is not always an employee.  It is anyone who has access within your facilities or to your network or computer systems.  In this case a contracted consultant. 

It would be interesting to know how they arrived at the $20,000 restitution amount.

This is a good example of an insider threat incident to add to your files and use in your awareness and training messages.

Technorati Tags

Leave a Reply