Hacker a hero?

7/17/2006

In addition to prosecuting an FBI computer consultant who broke into the bureau's database, the government should be thanking him.

Joseph Thomas Colon, who was assigned to the agency's Springfield, Ill., office, was hired to help install the FBI's new computer system. The 28-year-old employee of BAE Systems says he and other FBI information technology employees had become frustrated with bureaucratic delays.

So he apparently obtained an agent's password to get into the secret database to speed installment of the new system. Before his odyssey was over he had cracked into the FBI's classified computer system, accessing the passwords of 38,000 employees, including Director Robert Mueller.

He was wrong to do so. And for intentionally exceeding his authorized computer access - gaining entree into any department in the United States - Mr. Colon pleaded guilty to four misdemeanor counts.

Prosecutors are recommending a year in prison. They don't believe the consultant acted maliciously or for any financial gain but say his "curiosity hacks" nonetheless exposed sensitive information.

Truth is they exposed a whole lot more.

To the everlasting chagrin of the FBI, which still struggles to update its computers to better share and collect information, it was relatively easy for Mr. Colon make his way into the network. In fact, he did it four times in 2004.

Mr. Colon, who also lost his job and security clearance after the admission, said he extracted the information with the help of a couple of free software programs easily downloaded from the Internet.

It wasn't even cutting edge technology, said Joe Stewart, a senior researcher with LURHQ Corp., a Chicago-based security company. "It was pretty run-of-the-mill stuff five years ago."

Anyone seriously concerned about homeland security has to be furious. After 9/11 the country was flabbergasted to learn how extensive computer problems were at the FBI - of all places.

The agency spent hundreds of millions to beef up its system and sharpen its focus on intelligence-gathering and terrorism investigations. Obviously, serious problems persist.

The FBI says it has recently implemented a "comprehensive and proactive security program" and, since last year, all agency employees and contractors must undergo yearly information-security awareness training.

Joseph Colon's hacking got him into trouble, but he did the country a favor by exposing the FBI's vulnerability.