back to article Banged-up Brit hacker hacks into his OWN PRISON'S 'MAINFRAME'

A UK hacker behind bars for computer fraud hacked into his prison's computer system during an IT lesson. Nicholas Webber, 21, of Southsea, Hampshire, was able to access the network after being allowed to join the jail's technology classes. Webber was sent down for five years in May 2011 for masterminding the infamous …

COMMENTS

This topic is closed for new posts.
  1. Tony Rogerson
    WTF?

    You just couldn't make it up!

    Its not funny but it is; or is it just bemusement?

  2. Anonymous Coward
    Anonymous Coward

    Prison Mainframe?

    They need a mainframe to operate a few security cameras and doors?

    Seems abit OTT to keep a few chavs behind bars?

    A cat C prison is basically Butlins by another name isn't it?

    1. Anonymous Coward
      Anonymous Coward

      Re: Prison Mainframe?

      When I was a contractor I worked for a 3rd party vendor that looked after the prisons. I believe they run a two tier system. One for the doors and other security and an internal system that just sits and blink lights.

      I think the reason that the prison had a mainframe (more likely windows server environment) is because some think tank had suggested it. I doubt that anything of worth would be stored on the closed network.

      The 3rd party service provider only had access to the external infrastructure. From memory they were quite poor with their security and let anyone work on the system. That was the reason that I stood down, as I have a criminal record as a political activist.

      1. Anonymous Coward
        Anonymous Coward

        Re: Prison Mainframe?

        "I have a criminal record as a political activist."

        Is it something by Billy Brag?

      2. philbo
        FAIL

        Re: Prison Mainframe?

        I've been inside more nicks than the hardest of prisoners.. door control will never be on the same physical network as the PCs; they used to have a proper mainframe-based system called LIDS which couldn't be on the same physical network as the rest of the prison IT (given that it ran on VT-100 sort of terminals). Then you'd have the 4x4 Access-based prisoner records system (the pet project of a PCO from HMP Preston that got used so widely it became a de facto standard)

        But that all changed when EDS took control of the Home Office, fucked up the system they were supposed to be delivering, and from the sound of it managed to get prison training PCs on the same network as their IT systems - IMHO the people who should be disciplined in this are not the course trainers, but whoever set up a training room for inmates that actually hooks up to the same network as the rest of the prison IT... some numpty at EDS, no doubt, not realizing that IT training rooms in prisons are not the same as IT training rooms in normal companies.

        1. Ian 55

          Re: Prison Mainframe?

          About the only believable bit of IT in Skyfall was that the security service would put a highly dangerous terrorist, known to have compromised their systems, inside a 'prison cell' with just an electronic lock rather than, oooh, a £5 padlock securing the door from the outside.

        2. Simon Westerby 1
          Mushroom

          Re: Prison Mainframe?

          " ... IT training rooms in prisons are not the same as IT training rooms in normal companies."

          Yes they are, and neither should allow access to ANY other network... (interwebs included!)

          Mushroom cloud icon - the result of NOT doing the above!

        3. Anonymous Coward
          Anonymous Coward

          Re: @Philbo

          When I was at EDS they never had any computers that the inmates used, granted I didn't spend too much time on that account as mentioned in my previous post. No CRB check and a whole list of passwords that could lock down courts or open prison doors.

          But computers in the prison on the same network - nope (although I am not saying that a numpty culture didn't exist )

          1. philbo

            Re: @Philbo

            @Simon Westerby 1

            >" ... IT training rooms in prisons are not the same as IT training rooms in normal companies."

            >Yes they are, and neither should allow access to ANY other network... (interwebs included!)

            ..in an ideal world, you're probably right; in practice, most places I've worked have their IT training rooms on the same network.

            @AC 09.28

            >When I was at EDS they never had any computers that the inmates used, granted I didn't spend too much

            >time on that account as mentioned in my previous post. No CRB check and a whole list of passwords that

            >could lock down courts or open prison doors.

            My experience of EDS in prisons was uniformly bad: including them showing up at a private prison (not one they were contracted for) and informing the IT staff there that they now "owned" all their PCs; charging surreal costs for support which rarely materialized; and not being entirely honest to the prisons about what their remit was.

            ..Confict of Interest warning: EDS spent years telling Home Office prisons that they weren't allowed to buy the system I'd written, because they were going to be supplying one to do the same job. If EDS had been half-way ethical (e.g. in admitting that they didn't have a working system, and were utterly inept when it came to writing one), I'd be if not rich, then finanically secure. Life's a bitch, ain't it?

    2. tirk
      Coat

      Butlins?

      I didn't realise our prisons were THAT harsh!

      (Pick-pocket icon of course!)

    3. Ken 16 Silver badge
      Big Brother

      Re: Prison Mainframe?

      We sentence you to 5 years hard COBOL

      1. Anonymous Coward
        Anonymous Coward

        Re: Prison Mainframe?

        COBOL isn't hard. Or it wasn't in 1992.

        1. Michael H.F. Wilkinson Silver badge
          Joke

          Re: Prison Mainframe?

          Wasn't COBOL (Capitalization Of Boilerplate Oriented Language) classified as cruel and unusual punishment under the Geneva Convention (or the declaration of human rights, I forget which one)

  3. NumptyScrub
    Meh

    I am conflicted...

    One the one hand, the point of prison is surely the rehabilitation. He deserves as much chance to make good as anyone else.

    On the other, who would not have been wary of a convicted computer criminal asking to be in on the computer classes? This is a classic "should have seen it coming" premise.

    I could not say for sure what I would have done, were it my decision to let this happen or not... :/

    1. Elmer Phud

      Re: I am conflicted...

      "Fox said he was not aware of Webber's crimes when the hacker joined the prison's IT class. Fox also maintained that it wasn't his decision to admit the lad to the course, which aims to give young offenders skills that will give them a better chance of finding gainful employment once they leave prison"

      Sounds like they sacked the wrong person -- who was in charge of the paper shuffling?

      1. Arrrggghh-otron

        Re: I am conflicted...

        What sort of IT qualifications can you get at her majestys? Could actually be a valid alternative to paying through the nose for them...

        1. Michael H.F. Wilkinson Silver badge
          Joke

          Re: I am conflicted...

          "What sort of IT qualifications can you get at her majestys? ..."

          MCSE?

          (Master Criminal Solutions Expert)

          runs for cover

          1. TeeCee Gold badge
            Coat

            Re: I am conflicted...

            They'll all be ITIL* qualifications.

            * IT for Incarcerated Lags.

        2. Anonymous Coward
          Anonymous Coward

          Re: I am conflicted...

          Since the replies are tongue in cheek I'll post a serious one.

          I know of an open prison that has links with a particular network equipment manufacturer, they give them books/equipment (pretty good stuff too, not old crap)/visits to their sites and the prisoners get a chance to study for some of the qualifications offered by this particular manufacturer.

      2. Shagbag

        Re: I am conflicted...

        Fox:

        1) said he was not aware of Webber's crimes when the hacker joined the prison's IT class,

        2) maintained that it wasn't his decision to admit the lad to the course,

        3) was blamed for the hack and excluded from the prison, and

        4) was cleared of any wrongdoing at a disciplinary hearing last March.

        Another public circus fustercluck. No doubt those in charge at HMP Isis are still there. That's the real crime.

      3. pixl97
        FAIL

        Re: Elmer Phud

        My mom has worked for the county jail for close to 20 years now, the stories about mistakes in the paper shuffle would blow your mind.

        Once recent case involved a guy my sister went to school with. He committed an armed robbery in Austin, was arrested in Dallas, but was shipped to the county of his residence which my mom happens to work at. Dallas county didn't send the felony arrest paperwork with him, he just just had a traffic warrant at the county here. The officer in charge was getting the court paperwork ready for the traffic ticket (in which he would have likely been bonded out the same day) when my mom recognized him and looked at the paperwork and noticed the serious problem. She quickly got the original warrant from the NCIS and reclassified him as a high risk inmate. Had it been her day off, or she was on vacation, the guy would have walked (which he was a flight risk because of an attempt to flee to Mexico).

        Events like this are pretty common. : (

    2. Steven Roper

      Re: I am conflicted...

      "One the one hand, the point of prison is surely the rehabilitation. He deserves as much chance to make good as anyone else."

      Well, he's not showing much likelihood of that is he? Banged up for computer fraud, and he can't stop himself hacking the prison system as well? That looks to me like somebody who doesn't give a fuck and will simply re-offend as soon as he gets out.

      I believe these kinds of sociopaths who don't give a fuck that their activities ruin people's lives cannot be rehabilitated. You can't force someone to have a conscience if they don't have one. A psychologist of my acquaintance described a victim reparation meeting between a home invader and the family he robbed, and when confronted firsthand with the trauma he'd inflicted, he showed no emotion or remorse whatsoever. This hacker is probably similar - he doesn't give a fuck whose lives he ruins, as long as he gets what he wants.

      I'm strongly opposed to the death penalty, but at the same time I don't believe these sociopathic creatures can ever be returned to society, no matter how long they are "rehabilitated." We don't let lions run around loose in our streets for much the same reasons as these fraudsters and scammers shouldn't be let loose. You can't stop a lion acting like a lion, and you can't stop a sociopath acting like a sociopath. They are what they are, and what they are is incompatible with the behaviours required to function in civilisation.

      So what I advocate is a kind of "Coventry", or gulag, like that described in the second part of Robert Heinlein's Revolt in 2100. This is not like transporting convicts to Australia, that still functioned as a regulated prison. Instead, you simply drop these sociopaths into the "Coventry" area, and leave them to fend for themselves, no guards, no cells, no rules. They have the absolute freedom to do as they want, limited only by their capacity to take it from each other. Like a lion safari park. I'd sterilise them first though. You don't want Darwinian selection breeding for the perfect sociopath...

      1. Matt2012
        Big Brother

        Re: I am conflicted...

        The problem with this is that from reading what you've written I would consider you sociopathic. In that you have made completely unsubstantiated claims about a human their motivations and their redeemability based on almost nothing. Then proceeded to hand out life term punishments. It's people like you who I see as a threat to the good order of society. You see the problem. Harsh punitive power is always going to be in the hands of some clique of thought - maybe not yours.

  4. DavCrav

    Why though?

    Did he think "I quite like prison and fancy hanging round a bit longer"?

    1. Code Monkey

      Re: Why though?

      Seems he's a skilled hacker but not that bright.

      1. Matt Bryant Silver badge
        Facepalm

        Re: Re: Why though?

        "Seems he's a skilled hacker but not that bright." I doubt if the prison employs the equivalent of the NSA's anti-hacking team, which would seem to imply Nicholas Webber is actually not a very good hacker if he got caught by them. And going by the fact that the class teacher got blamed, I'm guessing Webber's "skillz" amounted to peeking over the teacher's shoulder to pinch his login details.

        1. Throatwobbler Mangrove
          Flame

          Re: Why though?

          "I'm guessing Webber's "skillz" amounted to peeking over the teacher's shoulder to pinch his login details."

          hey I just read you

          and this is crazy

          but here's the key quote

          so RTFA maybe

          "Fox...was cleared of any wrongdoing at a disciplinary hearing last March."

      2. Anonymous Coward
        Anonymous Coward

        Re: Why though?

        You know what they say:

        Dumb criminals get convicted.

        Smart criminals get re-elected.

  5. TheTrouser
    Facepalm

    Porrige server hacks prison server...

    Porrige server hacks prison server while IT boffin who knew 'nuffin is blamed for hack and gets the sack

  6. Anonymous Coward
    Anonymous Coward

    Hmm...

    Now, I don't doubt that the prison service may have a mainframe, which runs the software to monitor prisoners, do payroll etc. but I seriously doubt that it would be on a closed network used for education in a particular prison. In fact, I seriously doubt that any "production" system would be internally connected in any way to the machines used for education.

    Is there any more information available? because I just can't see what's being reported as being accurate.

    1. diodesign (Written by Reg staff) Silver badge

      Re: Hmm...

      "Is there any more information available? because I just can't see what's being reported as being accurate."

      That's not very nice. The story is accurate TTBOOK. The word mainframe came from Fox during his tribunal hearing.

      C.

      1. Anonymous Coward
        Anonymous Coward

        Re: Hmm...

        Sorry, I wasn't meaning that the Reg's report was at fault, rather the initial source, it just sounds to unbelievable that anyone with any knowledge of IT security would setup a training room so that it could give criminals access to the mainframe of the prison service.

  7. kryptonaut
    FAIL

    Poor database design

    "GhostMarket's treasure trove of information was used to steal £15m from 65,000 bank accounts worldwide"

    If only they'd used a 32-bit int, they could have accessed over 4 billion accounts and stolen almost £1 trillion.

    1. Anonymous Custard
      Joke

      Re: Poor database design

      Or just read about it in the Daily Mail in the next few days when they pick up on it.

      By that point I'm sure the figures will have been inflated to around that level...

      1. Anonymous Coward
        Anonymous Coward

        Re: Poor database design

        > Or just read about it in the Daily Mail in the next few days when they pick up on it.

        From the article:

        The hacker managed to sign up for the prison's IT class before infiltrating the prison's mainframe computer, The Daily Mail reported.

        1. Anonymous Custard

          Re: Poor database design

          OK missed that - will just have to wait for the insensed editorial in a few days for the rise, if this week continues to be slow for news.

    2. Anonymous Coward
      Anonymous Coward

      Re: Poor database design

      Or use a BIGNUM, and have no limits!

      1. Anonymous Coward
        Trollface

        Re: Poor database design

        VB6, for those who are interested, has a 'CURRENCY' datatype for just this kind of situation.

        Believe it or not, I've actually used it - for hardware control, no less. You laugh, but in some ways, heavily-modded VB6 using OS-level timers and calls is kind of a nicer environment than some giant managed-code behemoth which turn something like 'int x' into 'universe.galaxy->parse.system->solar().planet->object.earth.system->things->otherthings->WTF->datatypes->common_datatypes->the_most_common_datatypes_of_all.int x' or some shit.

        I mean, really.

  8. Pete 2 Silver badge

    Slow learner

    > A UK hacker behind bars for computer fraud

    So the guy wasn't smart enough to not get caught, which is how he ended up prison in the first place. Yet he thought (somehow) that a computer with the sole purpose of maintaining a secure environment would be a good target to hack. Even though once (inevitably) the intrusion attempt was flagged, the number of suspects who had the opportunity, the intent and the skills history of failure would land him in the spotlight before he could hit <RETURN>

    Loser.

    1. Tom 38

      Re: Slow learner

      Seems like he was smart enough to not get caught this time. We're only hearing about it because the guy they blamed for insists he isn't.

    2. Anonymous Coward
      Anonymous Coward

      Re: Slow learner

      @Pete 2 - You identify an IT guy trait - To not know one's limits, to see one's personal skills as "leet", to not understand that one doesn't understand enough about a subject to comment.

      How many people do you see commenting here who seem to know everything about Law enfocement, physics, chemistry, energy generation, national infrastructure, etc. etc. yet still seem to have a generic job only one or two steps up from helpdesk?

      1. Anonymous Coward
        Anonymous Coward

        Re: Slow learner

        Some of us actually do work in those areas.

        IT is just a side effect of the 'real' infrastructure I actually do.

  9. Dan 55 Silver badge
    Headmaster

    That's progress for you

    "At the time of this incident in 2011 the educational computer system at HMP Isis was a closed network. No access to personal information or wider access to the internet or other prison systems would have been possible"

    Now, of course, it is possible.

  10. This post has been deleted by its author

  11. ecofeco Silver badge
    Trollface

    Park Your Car Sir?

    Irony. They haz it.

  12. The Grump
    Facepalm

    Doh !

    He could of ordered himself an early release, but noooo. He had to change the prison menu to filet mignon, cracked snow crab, prime rib, and clams casino. It's hard to eat prison food after living the good life in the big town. Ten additional years hard labor for Homer Simson style stupidity. Doh !

  13. Anonymous Coward
    Anonymous Coward

    Why was whatever computer they used not air gapped?

    Why was whatever computer they used for this class not totally air-gapped from EVERYTHING (including the Internet)? Ideally, with no local spinning rust - all media either read-only optical or RAM disk, wiped at the end of class?

    1. Anonymous Coward
      Anonymous Coward

      Re: Why was whatever computer they used not air gapped?

      I strongly suspect that the systems were appropriately air-gapped - the source of the story is the Daily Mail and it reads like it's written by someone who doesn't know anything about computing.

      1. Gert Leboski
        Joke

        Re: Why was whatever computer they used not air gapped?

        He probably managed to run Minesweeper, DESPITE the fact that the IT people had deleted ALL of the shortcuts!

        That's hacking, by Daily Mail standards, isn't it?

  14. Restless
    Joke

    Meh...

    Prison these days is like a walk in the park.

    You might get raped.

    1. Anonymous Coward
      Anonymous Coward

      Re: Meh...

      You do know that the "Joke Alert" icon, is to be used before something funny?

  15. Tomas K.

    This is not a problem as I see it

    Just add 10 years on to his prison sentence.

  16. JassMan
    Happy

    Life skills

    Having been caught at his original game, he will now undoubtedly be offered a course in accountancy with specialisation in money laundering.

    Bring back the good old days, when you were taught how to sew a mailbag - a much more useful skill for staying away from crime.

    1. Anonymous Coward
      Coat

      Re: Life skills

      Or the standard US prison job job of license-plate making - which is particularly poetic in the case of New Hampshire, which has its state motto on the plates: "Live Free Or Die".

      Unfortunately I'm not sure they ever had their inmates making license plates.

      They did, however, haul a member of the Jehovah's Witnesses to court for covering up 'or die' on his plates - it went to the Supreme Court before being thrown out for obvious reasons. The phenomenal irony of legally compelling someone to display a state philosophy with which he disagrees was apparently lost on the local prosecutors.

      Actually, a bit of tape could make some nice modifications to that phrase...

      LIVE FREE OR DIE

      For existentialists:

      LIVE OR DIE

      For ER nurses:

      IV OR DIE

      For advocates of browser choice (with a partial letter cover-up):

      F F OR IE

      Yeah, yeah. I'll be here all week.

  17. mIRCat
    Stop

    Verboten

    From accessing computer systems for five years. Unless you're in prison, of course.

  18. John Smith 19 Gold badge
    Unhappy

    Well it's not unlike the convicted frauster being put in charge of the prison shop.

    Couldn't happen?

    You think not?

  19. chris lively

    For those questioning how dumb the kid was for even trying to hack the prisons computer system: he is 21. That isn't exactly an age known for good judgement. And certainly not one known for thinking about consequences before jumping in.

    Personally I'd like to know what constitutes "hacking" in this case. Did he use someone else's password? Although I'm not entirely sure why any training system would bother with user accounts or passwords. They should be stand alone machines as teaching an inmate how to do word processing or excel would be a much better skill than trying to learn any kind of mainframe interface.

    Honestly, I'd say that blame fully falls on whoever set up a system in which anything worthwhile at all might even be remotely accessible via the training machines. That shows a distressigly high level of dereliction of duty.

  20. Anonymous Coward
    Anonymous Coward

    What

    is the gardening group growing in the greenhouse?

  21. Anonymous Coward
    Anonymous Coward

    I always thought a prison mainframe

    was used to stretch prisoners till they fessed up.

    1. Gavin King
      Coat

      Re: I always thought a prison mainframe

      I suppose that explains why they're called "racks".

      1. Anonymous Coward
        Anonymous Coward

        Re: why they're called "racks"

        Rack is so Torquemada.

  22. Anonymous Coward
    IT Angle

    Prison Mainframe hacked?..

    This is a case of those really responciple for the HMP Isis computer shifting the blame onto an outside IT contractor. As in who in their right minds let criminals loose on a computer and don't expect it to be hacked. Lets deflect attention from this ...

    "During the five day inspection, the fingerprint-based roll call systema broke every day."

  23. Herby

    Why not...

    ...change his release date to be something a little less in the future? THAT sounds like something wonderful to do.

    He gets up to leave class and gets someone to say "You are leaving tomorrow", that was a short stay!

    Sounds like a winner for me...

  24. bag o' spanners

    re: What

    I visited an open prison nearly thirty years ago where some interesting foliage was being grown in the greenhouses. It was seen as a good way to keep the prisoners nice and placid, so a blind eye was unofficially turned. The place was full of small time smugglers who'd been caught by customs, so not really the sort of place that was hard to manage.

    In the grand tradition of putting the right lag in the wrong position, I know a a garden shed chemist who used his prison time to get an open university degree in...you guessed it.

    I also know a guy who did a few years for money laundering for an ecstasy importer, who got his qualifications at her majesty's pleasure. He now makes a very decent (and honest) living doing tax avoidance wheezes.

  25. Fred Flintstone Gold badge

    I love it..

    Next up: new prison occupational therapy teaches lock picking..

  26. Arachnoid
    FAIL

    WiFi

    Im surprised he didn't install a WiFi card on the system and do it remotely from a smartphone....

  27. Anonymous Coward
    Anonymous Coward

    Plot steal from Morse "Masonic Mysteries"

    The mastermind convict who effortlessly hacks his prison computer - and eventually penetrates all sorts of government and law-enforcement systems to remove his own records and falsely incriminate others? It's all there in the Inspector Morse episode "Masonic Mysteries" (highly recommended if you haven't seen it).

    In case you're still in any doubt, the common factor isn't a lack of IT security. It's the twits who are put in charge of the computers.

  28. This post has been deleted by its author

  29. FanniM

    It's shocking that the prison IT teacher lost his job over the hack. The prison needs to get a sense of humour.

This topic is closed for new posts.

Other stories you might like