FBI study: Hanssen had easy access to case files

FBI study: Hanssen had easy access to case files

The FBI's failure to secure its case files made it possible for Robert Hanssen to'freely and without detection'gain access to data for his espionage activities, a new report concludes.

What's more, according to the independent commission that conducted the review, the FBI still fails to adequately control its case files.

Hanssen's espionage 'demonstrated in a public and convincing way that the bureau's information systems security controls are inadequate,' noted the report from the commission headed by former FBI and CIA director William H. Webster. The unclassified portion is available on the Web at www.usdoj.gov/05publications/
websterreport.pdf
.

But the commission also found that after the Sept. 11 terrorist attacks'eight months after Hanssen's arrest'senior FBI officials lifted many access restrictions to the bureau's Automated Case Support system, a primary source of Hanssen's stolen information. The restrictions apparently slowed investigation of the World Trade Center and Pentagon bombings.

'The decision to loosen ACS restrictions was made essentially without the involvement of the Security Countermeasures Branch,' the report said.

Attorney general John Ashcroft ordered the study in March of 2001, after Hanssen's arrest on charges of selling information to Russia.

The FBI did not respond to specific findings of the report. In a statement, FBI director Robert S. Mueller called it 'instructive on the importance and urgency with which the FBI must treat its security. I agree we have much more to do, but I am confident we are on track to accomplish what this report envisions.'

Hanssen, using only his ordinary ACS rights, accessed thousands of files in which he had no legitimate interest.

'It does not appear that Hanssen possessed system administrator access or that he hacked into any files,' the report said.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group