May 24, 2007 11:32 AM

Critical FBI Network Full of Security Holes, Government Auditors Report

A critical FBI communications network containing sensitive law enforcement and investigative data is rife with security flaws and is vulnerable to attacks from outsiders and insiders alike, according to an audit released Thursday by the Government Accountability Office. The unnamed network is part of the long delayed and scandal plagued Trilogy system that the FBI wants to […]

fbicioseal A critical FBI communications network containing sensitive law enforcement and investigative data is rife with security flaws and is vulnerable to attacks from outsiders and insiders alike, according to an audit released Thursday by the Government Accountability Office.

The unnamed network is part of the long delayed and scandal plagued Trilogy system that the FBI wants to replace its network of computers and networks, which for years was so bad that agents reportedly couldn't email one another.

System administrators have failed to keep obsolete software off the network, patch computers quickly, ensure passwords and data are strongly encrypted, log and audit security events and prevent insiders from having more privileges than necessary for their job, according to the audit (pdf). The report explicitly refers to rogue former agent Robert Hannsen, who misused his insider access to sell government secrets for years to the Soviets.

Ineffective controls threaten the confidentiality, integrity, and availability of the sensitive law enforcement and investigative information transmitted by the critical internal network. Certain information security control weaknesses existed in network devices and services, identification and authentication, authorization, cryptography, audit and monitoring, physical security, and patch management. The bureau’s lack of a comprehensive inventory of the current network operating environment— an enterprise wide view—compounds the effect of these weaknesses.[...] These weaknesses leave the bureau vulnerable to insider threats.

For its part, the FBI's Deputy Chief Information Officer Dean Hall agrees the FBI needs to make some changes, but contends it mostly all good.

"The FBI does not agree that it has placed sensitive information at an unacceptable risk for unauthorized disclosure, modification, or insider threat exploitation," Hall wrote in response to the report.

Ryan, a former writer for Wired's Epicenter blog, is the editor of the Threat Level blog. ... Read More

Staff Writer

Topicshacks Threat Level

US Takes Down Botnets Used in Record-Breaking Cyberattacks

The Aisuru, Kimwolf, JackSkid, and Mossad botnets had infected more than 3 million devices in total, many inside home networks, according to the US Justice Department.

Andy Greenberg

Using a VPN May Subject You to NSA Spying

US lawmakers are pressing Tulsi Gabbard to reveal whether using a VPN can strip Americans of their constitutional protections against warrantless surveillance.

Dell Cameron

CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards

The Quizlet flashcards, which WIRED found through basic Google searches, seem to include sensitive information about gate security at Customs and Border Protection locations.

Sammy Sussman

Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild

A powerful iPhone-hacking technique known as DarkSword has been discovered in use by Russian hackers. It can take over devices running iOS 18 that simply visit infected websites.

Andy Greenberg

Politicians Are Spending More Money on Security as They Increasingly Become Targets

Political candidates are purchasing more home alarms, bulletproof vests, and other protections amid rising fears of political violence.

Maddy Varner

Tech Companies Are Trying to Neuter Colorado’s Landmark Right-to-Repair Law

A bill in Colorado is a glimpse into the future of how corporations are working to limit the freedom people have to make their own fixes and upgrades.

Boone Ashworth

The DOJ Misled a Judge About How It’s Using Voter Roll Data

The acting head of the DOJ’s voting section told a judge last week that the agency had not touched the nonpublic voter roll data it has collected. That wasn’t true.

David Gilbert

Your Vape Wants to Know How Old You Are

Companies hope that biometric age-verification tech in cartridges could put flavored vapes back in business. But it's unlikely to solve the real problems.

Boone Ashworth

Livestream Replay: The War Machine

A panel of WIRED experts dissected the defense tech industry’s impact on modern warfare.

Tim Marchman

Iranian Hackers Breached Kash Patel’s Email—but Not the FBI’s

Plus: Apple makes big claims about the effectiveness of its Lockdown Mode anti-spyware feature, Russia moves to implement homegrown encryption for 5G, and more.

Andrew Couts

A Top Democrat Is Urging Colleagues to Support Trump’s Spy Machine

Congressman Jim Himes claims a sweeping surveillance authority should stay intact because he hasn't seen abuses by Kash Patel's FBI, according to internal messaging obtained by WIRED.

Dell Cameron

The IRS Wants Smarter Audits. Palantir Could Help Decide Who Gets Flagged

Documents show the tax agency is testing a Palantir tool to surface “highest-value” audit and investigation targets from a maze of legacy systems.

Caroline Haskins