U.S. Probes Firm In Security Breach

[InfoSec News <isn () c4i org>]

http://www.washingtonpost.com/wp-dyn/articles/A42019-2002Aug20.html

By Robert O'Harrow Jr.
Washington Post Staff Writer
Wednesday, August 21, 2002; Page E03 

Federal law enforcement authorities searched the computers of a San
Diego security firm that used the Internet to access government and
military computers without authorization this summer, officials said
yesterday.

Investigators from the FBI, the Army and NASA visited the offices of
ForensicTec Solutions Inc. over the weekend and on Monday, seeking
details about how the company gained access to computers at Fort Hood
in Texas and at the Energy Department, NASA and other government
facilities, officials said.

The searches began hours after The Washington Post reported that
ForensicTec consultants used free software to identify vulnerable
computers and then peruse hundreds of confidential files containing
military procedures, e-mail, Social Security numbers and financial
data, according to records maintained by the company.

Consultants said the files were virtually open to inspection for those
who knew where to look, or were protected only by easily guessed or
easily cracked passwords.

While ForensicTec officials said they wanted to help the government
and "get some positive exposure for themselves," authorities are
pursuing the matter as a criminal case. Under U.S. law, it is a felony
to access a computer without permission.

A spokesman for the FBI in San Diego acknowledged that a search
warrant had been issued, but said he could not discuss the case
because the warrant had been sealed. One official familiar with the
case said about 20 investigators searched the company's offices on
Friday.

ForensicTec President Brett O'Keeffe, who was questioned by
investigators late Friday and early Saturday, declined to comment.

Marc Raimondi, spokesman for the Army Criminal Investigation Command,
also declined to discuss the particulars of the military
investigation. "We're supporting the FBI in their investigation," he
said. "Unauthorized intrusion into Army computers, regardless of the
justification, violates federal law."

Tiffany Olson, spokeswoman for the President's Critical Infrastructure
Protection Board, said people who come across vulnerabilities should
report them. "They shouldn't go ahead and exploit that," she said.  
"They should contact the government or company that is responsible for
that vulnerability and report it."

ForensicTec officials said they stumbled upon the military networks
about two months ago, while checking on network security for a
private-sector client. They scanned the networks with software that is
available free on the Internet and found that many of the computers
were open to scrutiny. Some machines were accessed, they said, by
passwords such as "administrator" or "password." The consultants said
they also used software that automatically cracks passwords.

While examining the networks at Fort Hood, they found the online
identifiers, known as IP addresses, of computers at other government
and military facilities. As former employees of a private
investigation firm -- and relative newcomers to the security field --
the ForensicTec consultants said they continued examining the system
because they were curious, and appalled by how easy it was.

Last week, O'Keeffe said his consultants concluded that they had found
a serious problem and wanted to help the government by bringing it to
light. "We could have easily walked away from it," he said last week.

Army investigators had been made aware of the intrusions at Fort Hood
weeks earlier and had been looking into the situation when ForensicTec
made public what it found, one government official said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.