Contractor Awaits Sentencing In FBI Hack Case

Think employees and outside hackers are the main threats to your company's information security? Don't forget about the consultants. The U.S. District Court for the District of Columbia this week will sentence Joseph Thomas Colon to up to 18 months in prison for hacking the FBI's network. Colon was a contractor helping upgrade the FBI's IT infrastructure.

Colon--a former employee of BAE Systems, a major U.S. defense contractor--worked in the agency's Springfield, Ill., office on the FBI's Trilogy program, a large-scale project to modernize the agency's outdated IT. He pleaded guilty in March to four counts of intentionally exceeding his access clearance, according to court documents.

Four times in 2004, Colon hacked the FBI's Security Account Manager, a classified database that holds encrypted user and group password data on more than 38,000 accounts. He used the L0phtCrack decryption tool to unlock the passwords.

As a result, the FBI instituted training for its employees and contractors on information security. A smart step, but the bureau's compulsory program is a reaction to a problem that the agency should have already addressed.