Firewall Wizards mailing list archives

FBI's internal IT security

From: Rama Kant <kant () adeptech com>
Date: Sat, 24 Feb 2001 12:26:58 -0500

I think the recent FBI's mole case has lessons for us as well. We havebeen preaching log, log, log..., but auditing of logged information isstill rare. Had FBI been auditing its logs, IMHO, they could have caughtHANSSEN back in 1997/1998 when he began searching the Automated CaseSupport System for keywords related to his activities (Page 87 of FBI'sAffidavit).

HANSSEN a "Computer Wiz Kid"? Obviously, not a very effectiveone. Hacking 101 - disable logging and cover your tracks. From a covertperspective he should have disabled logging of his usage of the ACSS. Iguess he knew that logs are not audited at the FBI.


Rama Kant

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Napster.. Darren Reed (Feb 20)
- RE: Napster.. Steven Osman (Feb 20)
- Re: Napster.. Tib (Feb 20)
  - Re: Napster.. Darren Reed (Feb 20)
    - Re: Napster.. Wouter Slegers (Feb 21)
    - RE: Napster.. Ai Luong (Feb 21)
    - RE: Napster.. Chris Beckwith (Feb 21)
    - FBI's internal IT security Rama Kant (Feb 25)
    - Re: Napster.. Ben Eisenbraun (Feb 21)
    - Re: Napster.. daN. (Feb 25)
- Re: Napster.. poke (Feb 20)
- <Possible follow-ups>
- Re: Napster.. Steven M. Bellovin (Feb 20)
- RE: Napster.. Keith.Morgan (Feb 21)
  - Re: Napster.. John Ladwig (Feb 21)
- RE: Napster.. Vargas Miguel (Feb 21)
- Re: Napster.. Arthur Clune (Feb 25)