A federal judge yesterday postponed the sentencing of a former government computer contractor who hacked the e-mail passwords of all FBI employees, including the director, several times in 2004.
The security breaches temporarily shut down an FBI classified records system containing data about witness protection and counterespionage, according to records in U.S. District Court in Washington.
Judge Richard Leon postponed until next week the sentencing of Joseph Colon, who pleaded guilty to four misdemeanor counts of intentionally accessing a computer while exceeding authorized access and obtaining government information illegally. He faces up to four years in prison under sentencing guidelines.
Mr. Colon’s attorney sought leniency, saying “the public would never know about this prosecution,” court records showed.
The case against Mr. Colon was not sealed. All of the court documents obtained by The Washington Times are public record.
Mr. Colon was working as a computer specialist at the FBI’s Springfield, Ill., office to help transfer networks from one system to another when security was breached four times in 2004, according to prosecutors and court records.
Mr. Colon’s illegal hacking “cost the FBI thousands of man-hours and millions of dollars to rectify and resulted in the temporary shutdown of the entire classified system,” the U.S. attorney’s office said in court pleadings filed last Thursday.
The FBI conducted a damage assessment after learning of Mr. Colon’s activities “to ensure the intrusion did not compromise national security,” prosecutors said.
FBI officials yesterday said they could not discuss specifics of the case because Mr. Colon had not been sentenced.
In a response to an inquiry from The Times about the current state of its computer network, the FBI issued a statement, saying it “takes the security of our internal data extremely seriously and has implemented measures to detect misuse.”
The FBI statement cited the creation of an “information assurance section” within its security division to “harden system defenses.” In addition, all employees and contractors last year began annual “information security awareness” training, the FBI said.
Mr. Colon’s attorney, Richard Winelander, said in court pleadings that the hacking stemmed from his client’s frustration over FBI delays in granting him a “ticket” to set up work stations and user accounts needed to perform his job.
Mr. Colon, who held a security clearance, used an FBI agent’s password, then gained entry into a secret network allowing him to speed up the network conversion process, according to defense pleadings.
Three agents from the Illinois office “knew and appreciated” what Mr. Colon was doing to perform the network transfer, Mr. Winelander said.
In his plea agreement, Mr. Colon admitted accessing files that contained encrypted versions of user passwords for all active FBI employees. He then used hacking software to crack passwords.
“In this case, the defendant, in a post-September 11 age, abused the trust placed in him by the FBI to gratuitously hack the passwords of every FBI employee, including the director, with access to the FBI’s classified secret database,” prosecutors said in memo to Judge Leon last month.
Assistant U.S. Attorney John P. Carlin has sought a roughly one-year prison sentence for Mr. Colon.
The prosecutor cited Mr. Colon’s lack of criminal history, cooperation with investigators and motivations for the crime in recommending a lesser sentence.
Mr. Carlin said in a sentencing memo last month that some prison time is necessary to send a message to the public that “curiosity hacks into sites containing national security information is a matter of grave concern and criminal import.”
Mr. Winelander said in a memo to Judge Leon that the judge need not concern himself with the issue of deterrence in meting out a sentence to Mr. Colon because “the fact of the matter is the public will never know about this prosecution.”
Mr. Winelander said the parties in the case entered into a confidentiality agreement to “prevent public dissemination of what happened here.”
Mr. Colon, who had been employed at BAE Systems, has lost his job and his security clearance.