There’s something about penetration testing that is just so attractive. Can you imagine being paid to find embarrassing security holes? It’s the ultimate puzzle with the ultimate “I’m smarter than you” grand prize.

And I just know that it would appeal to some of the people who read my blogs, as evidenced by the unmitigated glee they get when they can point out a typo. [Beginning of rant: For example, in a piece I posted in the IT Leadership blog, I typed an X instead of a Y in referring to the millennials. For that one mistaken letter, a few people indicted my research skills and totally disregarded the real point of the blog. Okay, rant over.]

Back to penetration testing.

Chris Goggans, senior security consultant at security firm PatchAdvisor Inc. in Alexandria, Virginia, has been a pen tester since 1991. You’d think he’d be pretty immune to some network vulnerabilities, having been discovering them for all those years. But imagine how he felt when he was able to hack the FBI’s database in about six hours. According to a piece in ComputerWorld by Sandra Gittlen,

During a routine network scan, Goggans discovered a series of unpatched vulnerabilities in the civilian government agency’s Web server, as well as other parts of the enterprise.

He used a hole in the Web server to pull down usernames and passwords that were reused on a host of enterprise systems. In those systems, he found further account details that allowed him to get Windows domain administrator privileges — a classic escalation-of-privileges attack.

Using this privileged access, he was able to gain full control of almost all Windows-based systems in the enterprise, including workstations used by the on-site police force. He noticed that several police workstations had a second networking card installed that used the SNA protocol to directly talk to an IBM mainframe.

By covertly installing remote control software on those workstations, he found programs on their desktops that automatically connected the workstations to the FBI’s NCIC database. “That software, coupled with a keystroke capture program, would allow an attacker to grab the credentials needed to log into the FBI’s National Crime Information Center database,” he says.

Another consultant at a Big Four company was able to immediately gain full administration access to all of that organization’s applications.

To read about this and more, see the rest of the ComputerWorld piece.