Burgle the Boss
The FBI sensitive computer systems have been cracked. According to a Washington Post article, a contractor for BAE hacked a highly classified database in 2004. Four times. He got the passwords of 38,000 FBI employees using some shareware programs, which sound suspiciously like crack, a password-guessing program that's been used for at least 15 years.
Among the information contained in the database were details of counterespionage programs and get this--the Witness Protection Program.
What's wrong here? The FBI has undoubtedly spent hundreds of millions of dollars on their systems. Hell, I even worked on one once. Is it dumb computer programmers? Nope. Do they need more high tech systems to protect their computers? Nope. Do they need to understand Computer Security? Yep.
Stupid users are often blamed for security problems. "A junior technician made a mistake in the data center and exposed 14 million credit reports" or "one of our analysts took home a laptop with the personal information of every single American ever to serve in the military." We are then relieved to hear that the political appointee has fired the offending employee/contractor. That's a relief...for a second I thought that we had a security problem.
Fire the manager who let FBI agents use passwords that could be broken using crack, a program that every 15 year old script kiddy knows how to use. Fire the designer who made it that easy to get to multiple sensitive databases from a single system. Fire the security manager who wasn't actively looking for intruders.
The less-than-completely-computer-aware walking among us have a fatal, almost a religous belief that computers protect information like a locked safe. Because they can't imagine how to break into one, they can't conceive of anyone else doing it. Managers should know better. How do you fix computer security problems? Burn the boss.
Posted on July 06, 2006
