Information Security News mailing list archives
Bogus IDs give easy access to CIA, FBI, Pentagon
From: William Knowles <wk () C4I ORG>
Date: Wed, 24 May 2000 23:53:23 -0500
http://www.theage.com.au/breaking/0005/25/A17287-2000May25.shtml [Moderators note: While this is on the razors edge of information security, It seems appropriate as far as security awareness goes.] WASHINGTON, May 24 - Using bogus credentials anyone can obtain from a catalogue or the Internet, armed investigators posing as federal agents or police officers easily breached security at the Pentagon, Justice Department, FBI, CIA, State Department and 14 other United States agencies and two large airports earlier this month. In one test of security, two investigators from the General Accounting Office flashing phoney IDs drove a rental van into the courtyard of the Department of Justice building. The vehicle was not searched or inspected, according to officials familiar with the investigation. "A team of undercover agents successfully penetrated (these agencies) and could have introduced weapons, explosives, chemical-biological agents, listening devices or other hazardous materials," said Robert Hast, assistant comptroller general at GAO, in a draft of prepared testimony obtained by Knight Ridder. A hearing on the security breaches is set for tomorrow before the House Judiciary Crime Subcommittee. Hast, who supervised the security tests at the request of the House subcommittee, told a closed-door meeting of federal officials yesterday that GAO employees, including two retired Secret Service agents, used counterfeit law enforcement IDs - FBI and New York Police credentials - from sources advertising on the Internet. "We did not utilise any genuine law enforcement credential," said Hast. "At least one agent always carried a briefcase or bag. In all cases, our agents were able to enter the facility by being either waved around or through a magnetometer, without their person or bag being screened." At Washington's Reagan National Airport and the Orlando (Florida) International Airport, the two GAO investigators had tickets and were able to obtain boarding passes and firearms permits to carry their weapons onto flights. Security staffers looked at their fake IDs and waved the pair through without having their briefcases go through an X-ray machine. At the CIA, FBI and the State Department, investigators were allowed to keep their weapons and unscreened bags but required to have an escort. At the CIA and FBI, the investigators were able to enter toilets with their bags, unescorted. At State they ditched their escort and walked through the building without being challenged. In five cases, including the Justice Department and the Pentagon, the investigators were able to reach the suites of offices occupied by the Cabinet official or agency head. The security tests followed reports to the House subcommittee alleging easy access to phoney badges and other credentials on the Internet. The counterfeit IDs were not even good imitations of the real thing, said subcommittee chairman Bill McCollum, an Orlando Republican. The GAO investigation was conducted at a time when security at federal buildings is coming under increased scrutiny. The State Department has been criticised for recent breaches that include a missing laptop computer that contained classified information on nuclear and chemical weapons. One security consultant who has worked with the federal government said he was not surprised by the GAO investigation. "There is little security consciousness among top officials, and their budgets scrimp on it," said Neil Livingstone of GlobalOptions, a Washington, D.C., security consulting firm. "Now with desktop publishing and colour printers, it's easy to make your own credentials." *-------------------------------------------------* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen. Alfred. M. Gray, USMC --------------------------------------------------- C4I Secure Solutions http://www.c4i.org *-------------------------------------------------* ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Bogus IDs give easy access to CIA, FBI, Pentagon William Knowles (May 25)