Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Despite Choicepoint Spin There Are Still Many Informtion Security and Privacy Concerns | Main | Information Security & Privacy in a Digital World »

Insider Threat Example: FBI Computer Consultant Hacked Director's Passwords

On Friday, 7/14/06, Silicon Valley reported:

"An FBI computer consultant who pleaded guilty to hacking the secret passwords of Director Robert Mueller and others will not serve any time in prison, a federal judge has ruled. Joseph Thomas Colon of Springfield, Ill., was sentenced Thursday by U.S. District Judge Richard Leon to six months of home detention and ordered to pay $20,000 in restitution to the FBI.

Colon pleaded guilty in March to four misdemeanor counts of intentionally exceeding his authorized computer access. He faced up to 18 months in prison after he acknowledged using two computer programs available for free on the Internet to extract the information and decode the passwords of Mueller and others.  Prosecutors do not believe Colon was trying to damage national security or use the information for financial gain. But the FBI said it was forced to take significant steps to make sure there was no harm from Colon's actions.

``Joseph T. Colon was granted a substantial level of trust. He betrayed that trust,'' FBI assistant director Charles S. Phalen Jr. said. ``Once we identified the breach of security, we took quick and appropriate action to neutralize its impact.'' Colon had said he was given a password to the FBI's secret computer system to speed work he was hired to perform in the FBI's Springfield office."

This points out that an insider is not always an employee.  It is anyone who has access within your facilities or to your network or computer systems.  In this case a contracted consultant. 

It would be interesting to know how they arrived at the $20,000 restitution amount.

This is a good example of an insider threat incident to add to your files and use in your awareness and training messages.

Technorati Tags








 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on July 17, 2006 8:02 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/136

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.