The DOJ web site has the executive summary of a 600+ page top secret report on Hanssen's espionage activities, including some of his computer exploits. The reaction of the FBI computer security and physical security "professionals" is pretty scarey. Summary report is at

http://www.usdoj.gov/oig/special/03-08/index.htm

Some interesting tidbits include

Let's see now, I was only checking security Boss.

While in the NSTL Unit, Hanssen committed two serious and flagrant security breaches. First, he hacked into the FBI's computer system and accessed highly sensitive Soviet counterintelligence documents located on the hard drives of his colleagues and supervisors in the National Security Division. Hanssen grew nervous about what he had done and decided to report it to FBI management in the guise of revealing a flaw in the FBI's computer security. Hanssen's ruse succeeded, and no one questioned his breach of computer security......
Audit log reviews are a waste of time, right?

During Hanssen's detail to the State Department, the FBI provided him with a desktop computer that was connected to the FBI's ACS computer system. The ACS system gave Hanssen access to thousands of internal FBI classified documents for which he had no "need to know." To determine whether he was under investigation by the FBI, Hanssen also frequently searched the ACS system for references to his own name and address. In addition, he successfully mined the system for information concerning the FBI's most sensitive espionage investigations. While the ACS system had audit capability, Hanssen's improper searches went undetected because the FBI did not conduct audit trail reviews absent an allegation of wrongdoing.
Installing hardware is a challenge to all of us, right?

Hanssen's most egregious security breach at OFM - an attempt to install password breaker software on his FBI computer - was discovered by the FBI's computer specialists, who documented the incident and referred it to the FBI's Security Programs Manager. Hanssen told the Security Programs Manager that he had installed the hacking program in order to connect to a color printer, however, and he suffered no negative consequences as a result of this misconduct. As with Hanssen's other security violations, nothing about the matter was recorded in either his personnel or security file.
The rest of it is interesting also, of course only our government would think a 21 page summary was short enough to be useful.