TECH.BLORGE.com
VISTA.BLORGE.com
MAC.BLORGE.com
GAMER.BLORGE.com

May 26, 2007 |

FBI’s network: feeble, backwards, and insecure

By George Gardner





fbilogo.jpgThe United States Government Accountability Office (GAO) was recently asked to assess the security on one of the Federal Bureau of Investigation’s critical networks. This specific network is used to communicate, capture, exchange, and access law enforcement and investigative information - something you certainly wouldn’t want to get in the wrong hands. No problems for the FBI, right? You’d be surprised how many errors were found.

In 2000, the FBI began the Trilogy project to upgrade its outdated IT infrastructure; which, at a cost of over $400 million and a period of over 3 years to complete, one would expect the U.S. ‘intelligence agency’ to  have not overlooked any details - especially when it comes to network security.

In an letter from the GAO to the House of Representatives, it was found that the FBI did not consistently:

  1. configure their network devices to prevent unauthorized insider access.
  2. identify and authenticate users on the network
  3. enforce the principle of ”least privilege” - a method that ensures a user can only access data that he/she is qualified to obtain.
  4. apply strong encryption techniques
  5. log, audit, or monitor security-related events
  6. protect the physical security of its network
  7. apply patches to servers and workstations in a timely manner

But this isn’t the first time the FBI has been warned about its insecure system. In May 2005, the U.S. Secret Service studied insider threats, and concluded that “insiders pose a substantial threat by virtue of their knowledge of, and access to, employer systems and/or databases.”

And when we hear “insiders,” the former FBI agent, Robert Hanssen, comes to mind; Hanssen, who had reached a high position in the FBI, was caught selling information to the Russians. It was later found that Hanssen had been trading information since as early as 1979.

The FBI responded to the GAO’s report, saying they disagree “with the GAO’s conclusion that the collective result of the information security weaknesses identified by the GAO present an increased risk to FBI information.”

In other words, the FBI doesn’t feel that any sensitive information is at risk; however, the GAO responded back, stating it still “believes that increased risk remains.”

Related:

  • Ooma aims to fuse land and VoIP calling; could be insecure
  • ‘Closed’ spam network proves indestructible
  • IE feels insecure, lashes out at Firefox
  • 75% of bank websites have major security flaws
  • Likely liars: AT&T says 3G network will reach Wi-Fi speeds by 2009

    • Sign up for the BLORGE email newsletter

    Entry was posted on Saturday, May 26th, 2007 at 2:55 am under Security, Uncategorized. Print This Post Print This Post

    Read more entries by George Gardner.
    StumbleUpon Toolbar Stumble It!



    Leave a Reply:

    Copyright © 2008 Engaging and compelling blogs that entertain and inform