Frustrated contractor sentenced for hacking FBI to speed deployment

So you get caught hacking into a server at FBI headquarters, making off with hashed passwords for thousands of Bureau employees, including FBI Chief Robert Mueller, then use L0phtcrack to decode them and gain unauthorized access to still more restricted Bureau systems. What’s the penalty? Five years in prison? Ten years? Twenty? Try 12-18 months, plus around $40K in damages.

Not too bad, you say? Well, in the recently settled case of Joe Colon, there are what you could call “extenuating circumstances.” Colon, who was sentenced on June 29 in U.S. District Court for the District of Columbia, wasn’t some wily hacker, or an Al Qaeda operative. He was just a poor slob working as a contractor for BAE Systems and given the thankless job of trying to deploy the hardware infrastructure to support the FBI’s now legendary, $500 million software boondoggle known as “Trilogy.”

Countless Congressional and government oversight groups have already weighed in on the disastrous, unbelievably expensive piece of vaporware, which was more than four years in the (un)making. The system was supposed to enable FBI agents to integrate intelligence from isolated information silos within the Bureau. (Read “Stop 9/11.”) Most recently, the GAO in May said that the Trilogy project failed in its core mission of improving the Bureau’s investigative abilities and was “plagued with missed milestones and escalating costs, which eventually totaled nearly $537 million.” The malfeasance included loose or nonexistent internal controls of payments to contractors, payments for questionable contractor costs, and little accountability for assets purchased with Trilogy project funds.

Totally devoid of accountability and even basic project oversight at the top, the FBI appears to be entirely overmanaged and moribund at the bottom, where IT staff try to perform their jobs in what sounds like a bureaucratic hell worthy of a Terry Gilliam movie, even for a contractor like Colon, who came to the job with Top Secret govt. clearance from an earlier stint in the Navy, according to court documents.

To quote from a memorandum filed prior to his sentencing:

“During the (Trilogy) conversion process it became apparent to Mr. Colon and the FBI’s Springfield IT department that the conversion was being bogged down by a ‘ticket’ procedure. This procedure

required a ‘ticket’ to perform such routine and mundane tasks as setting up workstations, printers, user accounts and to move individual computers from one operating system to another. Obtaining a ticket involved making a written request to and receiving authorization from the DC Field Office of the FBI. The ‘Ticket’ process could take between 1 and 3 days.”

Hey — we’ve all been there, right? You need to add a printer or get access to a server and the network admin just isn’t around. Your cube buddy offers you his credentials to “make it happen” and voila! You’re in.

Unfortunately, the higher ups at the FBI didn’t see it that way, and Colon’s efforts to cut through the FBI red tape, in service of an ultimately futile goal (implementing “Trilogy”) landed him a choice interview with the FBI’s Computer Intrusion Squad. To quote (from that same memo):

“With respect to the element of punishment, we would submit that the actions of the Computer Intrusion Squad of the Washington DC Field Office – in isolating Mr. Colon without food or breaks while subjecting him to repeated polygraph examinations – peppered with threats of life in jail for treason- quite frankly scared this young man out of his wits.”

Ouch!