Soon,real soon.Lax e-security aided FBI spy Karen Dearne APRIL 23, 2002 A UNITED States commission reviewing FBI security in response to treason by a former special agent has been shocked at how easily he was able to steal vast amounts of secret information. Over 22 years, Robert Hanssen gave the Russians documents and computer diskettes filled with national intelligence of "incalculable value". In a report delivered to the US Attorney-General John Ashcroft, commission chairman William Webster said a "pervasive inattention to security" allowed Hanssen to gather information that was "tremendously useful" to hostile foreign powers. Hanssen has pleaded guilty to 15 counts of spying and is awaiting sentencing, due next month. Mr Webster, a former CIA and FBI director, led the commission's year-long review. "As shocking as the depth of Hanssen's betrayal is the ease with which he was able to steal material," Mr Webster said. "Hanssen usually collected this material in the normal routine of an FBI manager privy to classified information that crossed his desk or came up in conversation with colleagues." The treacherous agent worked in the Bureau's intelligence division and helped establish an automated counter-intelligence database. "He was proficient in combing FBI automated records, and printed or downloaded to disk reams of highly classified information," Mr Webster said. "He also did not hesitate to go into offices where he had worked some time before, log on to standalone data systems and retrieve, for example, the identities of foreign agents who US intelligence services had compromised - information vital to US interests and even more immediately vital to those he betrayed." Hanssen initially communicated with the Soviets through encoded radio transmissions, using a one-time pad - a practically unbreakable cipher he created himself. He installed unauthorised software on his office computers, including a password-breaking program discovered on his hard drive. On at least one occasion, he hacked into a colleague's computer, and even downloaded a classified document from the hard drive of the chief of the Bureau's Soviet intelligence section - purportedly to demonstrate weaknesses in the system. Early on, he suggested to his handlers that they communicate by email, but the Soviets weren't keen. Later he urged them to buy personal digital devices, so he could beam data to them. The commission found security was often seen as an impediment to operations, which depended on the free flow of information within the Bureau. "Operational imperatives will normally and without reflection trump security needs," Mr Webster said. "For instance, senior Bureau management recently removed certain security-based access restrictions from the FBI's automated record system -- the principal system Hanssen exploited -- because they hindered the investigation of the September 11 terrorist attacks. This might make sense operationally, but it was done without consulting the Bureau's security apparatus." One unforeseen and presumably unintended result was general access within the Bureau to highly restricted information obtained by warrant under the Foreign Intelligence Surveillance Act. "This violates the basic security principle that such information should only be circulated among those who need to know," he said. But the commission recognised the need for operational efficiency at a time when the country was under terrorist siege. Accordingly, it has recommended changes to address flaws in process, while establishing a new workplace culture to balance the two key needs.
