U.S. probes Firm in Security Breach

August 21, 2002

By Robert O'Harrow, Jr., Washington Post Staff Writer


Federal law enforcement authorities searched the computers of a San Diego security firm that used the Internet to access government and military computers without authorization this summer, officials said yesterday.

Investigators from the FBI, the Army and NASA visited the offices of ForensicTec Solutions Inc. over the weekend and on Monday, seeking details about how the company gained access to computers at Fort Hood in Texas and at the Energy Department, NASA and other government facilities, officials said.

The searches began hours after The Washington Post reported that ForensicTec consultants used free software to identify vulnerable computers and then peruse hundreds of confidential files containing military procedures, e-mail, Social Security numbers and financial data, according to records maintained by the company.

Consultants said the files were virtually open to inspection for those who knew where to look, or were protected only by easily guessed or easily cracked passwords.

While ForensicTec officials said they wanted to help the government and "get some positive exposure for themselves," authorities are pursuing the matter as a criminal case. Under U.S. law, it is a felony to access a computer without permission.

A spokesman for the FBI in San Diego acknowledged that a search warrant had been issued, but said he could not discuss the case because the warrant had been sealed. One official familiar with the case said about 20 investigators searched the company's offices on Friday.

ForensicTec President Brett O'Keeffe, who was questioned by investigators late Friday and early Saturday, declined to comment.

Marc Raimondi, spokesman for the Army Criminal Investigation Command, also declined to discuss the particulars of the military investigation. "We're supporting the FBI in their investigation," he said. "Unauthorized intrusion into Army computers, regardless of the justification, violates federal law."

Tiffany Olson, spokeswoman for the President's Critical Infrastructure Protection Board, said people who come across vulnerabilities should report them. "They shouldn't go ahead and exploit that," she said. "They should contact the government or company that is responsible for that vulnerability and report it."

ForensicTec officials said they stumbled upon the military networks about two months ago, while checking on network security for a private-sector client. They scanned the networks with software that is available free on the Internet and found that many of the computers were open to scrutiny. Some machines were accessed, they said, by passwords such as "administrator" or "password." The consultants said they also used software that automatically cracks passwords.

While examining the networks at Fort Hood, they found the online identifiers, known as IP addresses, of computers at other government and military facilities. As former employees of a private investigation firm -- and relative newcomers to the security field -- the ForensicTec consultants said they continued examining the system because they were curious, and appalled by how easy it was.

Last week, O'Keeffe said his consultants concluded that they had found a serious problem and wanted to help the government by bringing it to light. "We could have easily walked away from it," he said last week.

Army investigators had been made aware of the intrusions at Fort Hood weeks earlier and had been looking into the situation when ForensicTec made public what it found, one government official said.

main page ATTRITION feedback