FBI Computers: You Don't Have Mail

Sun Feb 6 18:09:48 PST 2005

<http://www.msnbc.msn.com/id/6919621/site/newsweek/print/1/displaymode/1098/>
  MSNBC.com

FBI Computers: You Don't Have Mail
By Michael Isikoff and Mark Hosenball
Newsweek

Feb. 14 issue - The FBI's computer woes got even worse last week when
bureau officials were forced to shut down a commercial e-mail network used
by supervisors, agents and others to communicate with the public. The
reason, sources tell NEWSWEEK, was an apparent "cyberintrusion" by an
outside hacker who officials fear had been tapping into supposedly secure
e-mail messages since late last year. FBI spokesmen publicly sought to
downplay the damage, saying the compromised commercial server-maintained by
AT&T-was used exclusively for unclassified and "nonsensitive"
communications that did not involve ongoing investigations. One example,
they said, was notices from public-affairs offices' fbi.gov addresses to
members of the press. But privately, officials were highly concerned-and
recently notified the White House. One top FBI official says he regularly
used his shut-down fbi.gov e-mail account to send messages to state and
local police chiefs. Another source tells news-week that more than 3,000
old and current e-mail accounts were shut down. Others say the same
apparently compromised server also provided accounts to other government
agencies. Justice Department officials, who launched their own cybercrime
investigation into the apparent intrusion, noted that there was no telling
the potential damage at this point, given the common tendency for everybody
to say too much-including making references to law-enforcement "sensitive"
cases-even in theoretically routine e-mails. "This is an eye-opener for all
of us," says one FBI official.

The bigger question, sources say, was how the hackers penetrated the
bureau's e-mails-and why it took the FBI so long to notify the rest of the
government. The FBI e-mail system was erected with firewalls that were
supposed to prevent even sophisticated hackers from penetrating. But while
officials stressed there was no evidence that the apparent intruder or
intruders were part of any terrorist or foreign intelligence organization,
the authorities were still baffled as to how they got into the system.
According to sources familiar with the investigation, one suspicion is that
hackers either used sophisticated "password cracking" software that tries
out millions of password combinations or somehow eavesdropped on Internet
transmissions. Over the weekend, NEWSWEEK has learned, the Department of
Homeland Security posted a computer-security alert to agencies throughout
the federal government urging e-mail users to be more careful about
choosing their passwords by avoiding obvious clues-like nicknames,
initials, children's names, birth dates, pet names or brands of car. "Such
information can be easily obtained and used to crack your password," the
bulletin states.

The e-mail compromise couldn't have come at a worse time for the bureau.
Just last week, the Justice Department inspector-general released a report
sharply criticizing the FBI's management of its new Virtual Case File
computer system-a $170 million software upgrade that bureau officials now
concede they may have to -scrap. The VCF system was supposed to make it
much easier for agents to electronically access vital information relating
to ongoing cases in different FBI offices. But the I.G. found that poor
planning and ineffective management have resulted in a system that is
nearly unworkable. FBI chief Robert Mueller, who sources say has personally
briefed President George W. Bush on the matter, took responsibility "at
least in part" for the fiasco before a Senate subcommittee. "No one is more
frustrated and disappointed than I," he said.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'