Feeds

back to article Banged-up Brit hacker hacks into his OWN PRISON'S 'MAINFRAME'

A UK hacker behind bars for computer fraud hacked into his prison's computer system during an IT lesson. Nicholas Webber, 21, of Southsea, Hampshire, was able to access the network after being allowed to join the jail's technology classes. Webber was sent down for five years in May 2011 for masterminding the infamous …

COMMENTS

This topic is closed for new posts.

Page:

WTF?

You just couldn't make it up!

Its not funny but it is; or is it just bemusement?

4
0
Anonymous Coward

Prison Mainframe?

They need a mainframe to operate a few security cameras and doors?

Seems abit OTT to keep a few chavs behind bars?

A cat C prison is basically Butlins by another name isn't it?

16
1
Anonymous Coward

Re: Prison Mainframe?

When I was a contractor I worked for a 3rd party vendor that looked after the prisons. I believe they run a two tier system. One for the doors and other security and an internal system that just sits and blink lights.

I think the reason that the prison had a mainframe (more likely windows server environment) is because some think tank had suggested it. I doubt that anything of worth would be stored on the closed network.

The 3rd party service provider only had access to the external infrastructure. From memory they were quite poor with their security and let anyone work on the system. That was the reason that I stood down, as I have a criminal record as a political activist.

2
1
Anonymous Coward

Re: Prison Mainframe?

"I have a criminal record as a political activist."

Is it something by Billy Brag?

25
0
Coat

Butlins?

I didn't realise our prisons were THAT harsh!

(Pick-pocket icon of course!)

6
0
FAIL

Re: Prison Mainframe?

I've been inside more nicks than the hardest of prisoners.. door control will never be on the same physical network as the PCs; they used to have a proper mainframe-based system called LIDS which couldn't be on the same physical network as the rest of the prison IT (given that it ran on VT-100 sort of terminals). Then you'd have the 4x4 Access-based prisoner records system (the pet project of a PCO from HMP Preston that got used so widely it became a de facto standard)

But that all changed when EDS took control of the Home Office, fucked up the system they were supposed to be delivering, and from the sound of it managed to get prison training PCs on the same network as their IT systems - IMHO the people who should be disciplined in this are not the course trainers, but whoever set up a training room for inmates that actually hooks up to the same network as the rest of the prison IT... some numpty at EDS, no doubt, not realizing that IT training rooms in prisons are not the same as IT training rooms in normal companies.

17
1
Bronze badge

Re: Prison Mainframe?

About the only believable bit of IT in Skyfall was that the security service would put a highly dangerous terrorist, known to have compromised their systems, inside a 'prison cell' with just an electronic lock rather than, oooh, a £5 padlock securing the door from the outside.

14
1
Mushroom

Re: Prison Mainframe?

" ... IT training rooms in prisons are not the same as IT training rooms in normal companies."

Yes they are, and neither should allow access to ANY other network... (interwebs included!)

Mushroom cloud icon - the result of NOT doing the above!

6
0
Anonymous Coward

Re: @Philbo

When I was at EDS they never had any computers that the inmates used, granted I didn't spend too much time on that account as mentioned in my previous post. No CRB check and a whole list of passwords that could lock down courts or open prison doors.

But computers in the prison on the same network - nope (although I am not saying that a numpty culture didn't exist )

1
1
Big Brother

Re: Prison Mainframe?

We sentence you to 5 years hard COBOL

3
0

Re: @Philbo

@Simon Westerby 1

>" ... IT training rooms in prisons are not the same as IT training rooms in normal companies."

>Yes they are, and neither should allow access to ANY other network... (interwebs included!)

..in an ideal world, you're probably right; in practice, most places I've worked have their IT training rooms on the same network.

@AC 09.28

>When I was at EDS they never had any computers that the inmates used, granted I didn't spend too much

>time on that account as mentioned in my previous post. No CRB check and a whole list of passwords that

>could lock down courts or open prison doors.

My experience of EDS in prisons was uniformly bad: including them showing up at a private prison (not one they were contracted for) and informing the IT staff there that they now "owned" all their PCs; charging surreal costs for support which rarely materialized; and not being entirely honest to the prisons about what their remit was.

..Confict of Interest warning: EDS spent years telling Home Office prisons that they weren't allowed to buy the system I'd written, because they were going to be supplying one to do the same job. If EDS had been half-way ethical (e.g. in admitting that they didn't have a working system, and were utterly inept when it came to writing one), I'd be if not rich, then finanically secure. Life's a bitch, ain't it?

3
0
Bronze badge

Re: Prison Mainframe?

COBOL isn't hard. Or it wasn't in 1992.

0
0
Silver badge
Joke

Re: Prison Mainframe?

Wasn't COBOL (Capitalization Of Boilerplate Oriented Language) classified as cruel and unusual punishment under the Geneva Convention (or the declaration of human rights, I forget which one)

1
0
Bronze badge
Meh

I am conflicted...

One the one hand, the point of prison is surely the rehabilitation. He deserves as much chance to make good as anyone else.

On the other, who would not have been wary of a convicted computer criminal asking to be in on the computer classes? This is a classic "should have seen it coming" premise.

I could not say for sure what I would have done, were it my decision to let this happen or not... :/

7
0
Silver badge

Re: I am conflicted...

"Fox said he was not aware of Webber's crimes when the hacker joined the prison's IT class. Fox also maintained that it wasn't his decision to admit the lad to the course, which aims to give young offenders skills that will give them a better chance of finding gainful employment once they leave prison"

Sounds like they sacked the wrong person -- who was in charge of the paper shuffling?

16
0

Re: I am conflicted...

What sort of IT qualifications can you get at her majestys? Could actually be a valid alternative to paying through the nose for them...

5
0
Silver badge
Joke

Re: I am conflicted...

"What sort of IT qualifications can you get at her majestys? ..."

MCSE?

(Master Criminal Solutions Expert)

runs for cover

19
0
Silver badge

Re: I am conflicted...

Fox:

1) said he was not aware of Webber's crimes when the hacker joined the prison's IT class,

2) maintained that it wasn't his decision to admit the lad to the course,

3) was blamed for the hack and excluded from the prison, and

4) was cleared of any wrongdoing at a disciplinary hearing last March.

Another public circus fustercluck. No doubt those in charge at HMP Isis are still there. That's the real crime.

17
0
Gold badge
Coat

Re: I am conflicted...

They'll all be ITIL* qualifications.

* IT for Incarcerated Lags.

10
0
Anonymous Coward

Re: I am conflicted...

Since the replies are tongue in cheek I'll post a serious one.

I know of an open prison that has links with a particular network equipment manufacturer, they give them books/equipment (pretty good stuff too, not old crap)/visits to their sites and the prisoners get a chance to study for some of the qualifications offered by this particular manufacturer.

1
0
Silver badge

Re: I am conflicted...

"One the one hand, the point of prison is surely the rehabilitation. He deserves as much chance to make good as anyone else."

Well, he's not showing much likelihood of that is he? Banged up for computer fraud, and he can't stop himself hacking the prison system as well? That looks to me like somebody who doesn't give a fuck and will simply re-offend as soon as he gets out.

I believe these kinds of sociopaths who don't give a fuck that their activities ruin people's lives cannot be rehabilitated. You can't force someone to have a conscience if they don't have one. A psychologist of my acquaintance described a victim reparation meeting between a home invader and the family he robbed, and when confronted firsthand with the trauma he'd inflicted, he showed no emotion or remorse whatsoever. This hacker is probably similar - he doesn't give a fuck whose lives he ruins, as long as he gets what he wants.

I'm strongly opposed to the death penalty, but at the same time I don't believe these sociopathic creatures can ever be returned to society, no matter how long they are "rehabilitated." We don't let lions run around loose in our streets for much the same reasons as these fraudsters and scammers shouldn't be let loose. You can't stop a lion acting like a lion, and you can't stop a sociopath acting like a sociopath. They are what they are, and what they are is incompatible with the behaviours required to function in civilisation.

So what I advocate is a kind of "Coventry", or gulag, like that described in the second part of Robert Heinlein's Revolt in 2100. This is not like transporting convicts to Australia, that still functioned as a regulated prison. Instead, you simply drop these sociopaths into the "Coventry" area, and leave them to fend for themselves, no guards, no cells, no rules. They have the absolute freedom to do as they want, limited only by their capacity to take it from each other. Like a lion safari park. I'd sterilise them first though. You don't want Darwinian selection breeding for the perfect sociopath...

6
3
FAIL

Re: Elmer Phud

My mom has worked for the county jail for close to 20 years now, the stories about mistakes in the paper shuffle would blow your mind.

Once recent case involved a guy my sister went to school with. He committed an armed robbery in Austin, was arrested in Dallas, but was shipped to the county of his residence which my mom happens to work at. Dallas county didn't send the felony arrest paperwork with him, he just just had a traffic warrant at the county here. The officer in charge was getting the court paperwork ready for the traffic ticket (in which he would have likely been bonded out the same day) when my mom recognized him and looked at the paperwork and noticed the serious problem. She quickly got the original warrant from the NCIS and reclassified him as a high risk inmate. Had it been her day off, or she was on vacation, the guy would have walked (which he was a flight risk because of an attempt to flee to Mexico).

Events like this are pretty common. : (

2
0
Big Brother

Re: I am conflicted...

The problem with this is that from reading what you've written I would consider you sociopathic. In that you have made completely unsubstantiated claims about a human their motivations and their redeemability based on almost nothing. Then proceeded to hand out life term punishments. It's people like you who I see as a threat to the good order of society. You see the problem. Harsh punitive power is always going to be in the hands of some clique of thought - maybe not yours.

3
0
Silver badge

Why though?

Did he think "I quite like prison and fancy hanging round a bit longer"?

4
0
Silver badge

Re: Why though?

Seems he's a skilled hacker but not that bright.

1
1
Silver badge
Facepalm

Re: Re: Why though?

"Seems he's a skilled hacker but not that bright." I doubt if the prison employs the equivalent of the NSA's anti-hacking team, which would seem to imply Nicholas Webber is actually not a very good hacker if he got caught by them. And going by the fact that the class teacher got blamed, I'm guessing Webber's "skillz" amounted to peeking over the teacher's shoulder to pinch his login details.

4
1
Anonymous Coward

Re: Why though?

You know what they say:

Dumb criminals get convicted.

Smart criminals get re-elected.

16
0
Flame

Re: Why though?

"I'm guessing Webber's "skillz" amounted to peeking over the teacher's shoulder to pinch his login details."

hey I just read you

and this is crazy

but here's the key quote

so RTFA maybe

"Fox...was cleared of any wrongdoing at a disciplinary hearing last March."

1
1

This post has been deleted by a moderator

Bronze badge
FAIL

Re: This is supposed to be an IT journal

It took two whole posts for someone to do it, nine minutes before your own post.

No wonder you are an anonymous coward.

1
2
Anonymous Coward

Re: This is supposed to be an IT journal

Referring to Reg staff, not dopey commentards.

0
0
Facepalm

Porrige server hacks prison server...

Porrige server hacks prison server while IT boffin who knew 'nuffin is blamed for hack and gets the sack

4
0
Anonymous Coward

Hmm...

Now, I don't doubt that the prison service may have a mainframe, which runs the software to monitor prisoners, do payroll etc. but I seriously doubt that it would be on a closed network used for education in a particular prison. In fact, I seriously doubt that any "production" system would be internally connected in any way to the machines used for education.

Is there any more information available? because I just can't see what's being reported as being accurate.

0
0
(Written by Reg staff) Silver badge

Re: Hmm...

"Is there any more information available? because I just can't see what's being reported as being accurate."

That's not very nice. The story is accurate TTBOOK. The word mainframe came from Fox during his tribunal hearing.

C.

3
0
Anonymous Coward

Re: Hmm...

Sorry, I wasn't meaning that the Reg's report was at fault, rather the initial source, it just sounds to unbelievable that anyone with any knowledge of IT security would setup a training room so that it could give criminals access to the mainframe of the prison service.

0
1
FAIL

Poor database design

"GhostMarket's treasure trove of information was used to steal £15m from 65,000 bank accounts worldwide"

If only they'd used a 32-bit int, they could have accessed over 4 billion accounts and stolen almost £1 trillion.

24
0
Silver badge
Joke

Re: Poor database design

Or just read about it in the Daily Mail in the next few days when they pick up on it.

By that point I'm sure the figures will have been inflated to around that level...

1
1
Anonymous Coward

Re: Poor database design

> Or just read about it in the Daily Mail in the next few days when they pick up on it.

From the article:

The hacker managed to sign up for the prison's IT class before infiltrating the prison's mainframe computer, The Daily Mail reported.

1
0
Silver badge

Re: Poor database design

OK missed that - will just have to wait for the insensed editorial in a few days for the rise, if this week continues to be slow for news.

0
0
Anonymous Coward

Re: Poor database design

Or use a BIGNUM, and have no limits!

0
0
Silver badge
Trollface

Re: Poor database design

VB6, for those who are interested, has a 'CURRENCY' datatype for just this kind of situation.

Believe it or not, I've actually used it - for hardware control, no less. You laugh, but in some ways, heavily-modded VB6 using OS-level timers and calls is kind of a nicer environment than some giant managed-code behemoth which turn something like 'int x' into 'universe.galaxy->parse.system->solar().planet->object.earth.system->things->otherthings->WTF->datatypes->common_datatypes->the_most_common_datatypes_of_all.int x' or some shit.

I mean, really.

1
1
Silver badge

Slow learner

> A UK hacker behind bars for computer fraud

So the guy wasn't smart enough to not get caught, which is how he ended up prison in the first place. Yet he thought (somehow) that a computer with the sole purpose of maintaining a secure environment would be a good target to hack. Even though once (inevitably) the intrusion attempt was flagged, the number of suspects who had the opportunity, the intent and the skills history of failure would land him in the spotlight before he could hit <RETURN>

Loser.

3
0
Silver badge

Re: Slow learner

Seems like he was smart enough to not get caught this time. We're only hearing about it because the guy they blamed for insists he isn't.

2
0
Anonymous Coward

Re: Slow learner

@Pete 2 - You identify an IT guy trait - To not know one's limits, to see one's personal skills as "leet", to not understand that one doesn't understand enough about a subject to comment.

How many people do you see commenting here who seem to know everything about Law enfocement, physics, chemistry, energy generation, national infrastructure, etc. etc. yet still seem to have a generic job only one or two steps up from helpdesk?

2
0
Anonymous Coward

Re: Slow learner

Some of us actually do work in those areas.

IT is just a side effect of the 'real' infrastructure I actually do.

0
0
Silver badge
Headmaster

That's progress for you

"At the time of this incident in 2011 the educational computer system at HMP Isis was a closed network. No access to personal information or wider access to the internet or other prison systems would have been possible"

Now, of course, it is possible.

1
0

This post has been deleted by its author

Silver badge
Trollface

Park Your Car Sir?

Irony. They haz it.

2
0
Facepalm

Doh !

He could of ordered himself an early release, but noooo. He had to change the prison menu to filet mignon, cracked snow crab, prime rib, and clams casino. It's hard to eat prison food after living the good life in the big town. Ten additional years hard labor for Homer Simson style stupidity. Doh !

0
0
Anonymous Coward

Why was whatever computer they used not air gapped?

Why was whatever computer they used for this class not totally air-gapped from EVERYTHING (including the Internet)? Ideally, with no local spinning rust - all media either read-only optical or RAM disk, wiped at the end of class?

0
0

Page:

This topic is closed for new posts.