FBI Email Proven Insecure

Once again Anonymous has done something few expected possible, they intercepted a phone call between the Federal Bureau of Investigation and Scotland Yard. This was not really hacking, but hacking probably led to it. Most believe that Anonymous hacked into a FBI email account (not too difficult considering password security being so low), and received a simple phone number and code to get on the conference call. Many who have been on these types of conference calls know how easy it is to get on. You simply call the phone number, enter the code, and you are in. The group released a nearly 17-minute-long recording of what appears to be a Jan. 17 conference call devoted to tracking and prosecuting members of the loose-knit hacking group. The FBI has admitted that the call was a real one, and that this is seen as a criminal act. The act of being on the call itself is most likely not a criminal one, but hacking into the email account to get the phone number and code is. Proving who/how/when someone did this may be more difficult. It will most likely depend on how many people received the email with the contact information.

Once again it is proven that email security is VERY low, and is something that can easily be broken through. The simplicity of most people’s passwords, the ease of use to get passed even the newest firewalls, and the possibility to use various proxies to do so makes this all something far too easy to do (and far to difficult to get caught doing it). If the FBI and other security forces want to be taken seriously, they better start taking their own security more serious. The breach is likely to act as a wakeup call to law enforcement agencies globally, said Marcus Carey, who spent years securing communications for the NSA before joining security-risk assessment firm Rapid7. “A law enforcement agency using unencrypted, unsecure communications is a major fumble,” Carey said. “What if this event was talking about some terrorist plot to blow up something and ‘they’ were listening in? It could’ve been much worse if it was related to an al-Qaida plot or something … So this is a lesson learned.”

One of the first things they will need to do is get out of the dark ages, and start using more secure hardware and software. They need to train all of their employees in proper email and password security, and they need to get top notch IT people. To do that they will have to start coughing up the big bucks, and I just do not see that happening anytime soon.