back to article Inmate hacked prison network, broke into employee database

A former prison inmate has been arrested and charged with hacking the facility's computer network, stealing personal details of more than 1,100 prison employees and making them available to fellow inmates. Francis G. Janosko, 42, gained access to the names, addresses, dates of birth, social security numbers and telephone …

COMMENTS

This topic is closed for new posts.
  1. yeah, right.

    relevant?

    It would be relevant in a technology publication for the author to mention what operating system they are using, instead of just rewording existing news articles and claiming it as your own.

  2. Simpson
    IT Angle

    not so bad

    See... Gary McKinnon won't have it so bad, he will still be able to access the internet.

    This one us really a stretch... I am guessing that the "aggravated identity theft" is simply using the credentials of another user to access the internet, then telling others how to do the same. Probably just for viewing porn, and to see what your cellmate is "in" for. This is hardly identity theft. It is just unauthorized access.

    As for viewing "digital photographs of prison employees", OH MY GOD! Now they've seen my FACE! Call the British to confiscate the film!

    So what. Do the guards walk around wearing hoods all the time? The prisoners already know what they look like.

    30 days in solitary + no computer access for the offender could fix this, so could a severe beating (so could suspending computer access for the whole prison + telling the other inmates who caused the suspension of privileges).

    At some point we need to fix the laws so that there is a difference between "looking at", downloading from, downloading + distributing, uploading to (using), and actively exploiting (trying to exploit). Sort of like how drug laws have one set of penalties for personal use, and another set for distribution.

    But there is also a large gray area in this... Let's say a person buys a web enabled security camera to monitor their property, but sets it up with a blank password. A google search for the camera brand may return a link to the camera feed of the person, and I click on it. The camera shows a couple having a heated argument about who vacuumed the living room two weeks ago. I find it funny and email the link to a few friends... I found it on google. Did the couple want me to view it? Am I invading their privacy? The guy didn't set it up with a password, but he didn't understand that he was supposed to. He didn't intend for it to be public, but it was. Is this unauthorized access? Does his own thought or intent make him a victim of me? Does my emailing of the link to others make it worse?

    I could see a jury convicting on this. They might think "that poor guy", "that could be me", "I believed the defendant, until he emailed others". Tech prosecutions need to be tempered with some kind of caveat emptor. Maybe it can be called "caveat read the manual"

  3. Dan
    Alert

    Why???

    If the machine hadn't have been connected to the net it wouldn't have needed those windows updates to be safe to begin with - any major updates could have been done directly or by temporarily connecting the machine when required...

    This seems more like the prison IT staff were being lazy &(*^ers and got caught with their pants down (possibly literally) ;->

  4. Ian
    Thumb Down

    physical access?

    So management in this prison allowed a prisoner repeated physical access over a period of several months to a computer containing (or networked to) a system containing staff records and a connection to the internet?

    Well duh, who thought that was a good idea?

    If the prisoners have access to computers (I'm not necessarily against that as part of normal prison privileges) then at least make them stand-alone or on a totally separate network with no access to prison admin systems or the internet. And for God's sake don't let the prisoners physically into the prison admin offices.

    Someone, somewhere in that prison needs a 'could do better' on their annual performance review.

  5. Danny

    Where do you want to go today?

    "connected through the prison's network to the internet solely so that it could obtain updates to its Windows operating system"

    I wonder if the governor also leaves the prison gates wide open in case a fire-engine ever needs to get in. The IT staff will be the only employees that don't have to worry, it won't be in the prisoners self interest to have those idiots replaced. Just goes to show, even with shotguns, walls and razorwire you can't secure against a MCP armed with windows.

  6. yeah, right.

    @me (relevant....)

    I'm an utter prat. Even having read the article 3 times I didn't notice that Dan HAD in fact mentioned which OS they used.

    Sigh.

  7. Martyn
    Paris Hilton

    Hacking a prison network

    Nothing like increasing your chance of being caught is there.

    paris. even she couldnt be that dumb?!

  8. Jim

    @Martyn

    "A former prison inmate has been arrested and charged with hacking the facility's computer network"

    I'm guessing from the use of the word 'former' that no-one noticed until after he'd been released!

  9. Michael Chester
    IT Angle

    Wait a sec....

    "connected through the prison's network to the internet solely so that it could obtain updates to its Windows operating system"

    Surely if it wasnt connected to the internet there would be no reason to need most of the updates (which generally fix network security flaws)..... Once an OS is stable enough to run, it can be left unupdated on a non-networked computer, especially one just used by the inmates.

  10. Anonymous Coward
    Anonymous Coward

    Prison IT Staff

    The problem with Prison IT is many prisons don't have IT staff, except possibly one of the guards which dabbled with them at some point in the past. At the same time they may have 100+ machines across the prison.

    When these are then connected to the interweb, even when just staff are connected to them, users will be users and before long they've executed every bad executable going and the machine is as open as they come, not to mention fails to start up.

  11. Anonymous Coward
    Anonymous Coward

    Plymouth

    When I read the headline of the article, I thought "Someone in Plymouth hacked into another computer? No way man, they're not that bright in Plymouth..I know, I'm from the South West..but escaped and got a degree)..then I realised it was Plymouth County... USA.

    Phew..so my theory still holds true ?????

  12. Adam White

    RE: Why??? / Wait a sec....

    Not all Windows exploits rely on Internet access. An unpatched Windows box can be a security risk even if it has no network connectivity at all. And in this case the box obviously had some kind of networking setup so the users could access it via thin clients.

    The real WTF here is why they weren't using WSUS or any one of the other available patch management products to keep this machine up to date, rather than the much riskier method of allowing access to the Internet from an inmate-used system purely for Windows Update. Hell, they could have used sneakernet to patch it in a pinch.

  13. Danny
    Paris Hilton

    Massachusetts

    This is the People's Republic of Massachusetts we're talking about here. Nothing more need be said.

  14. Anonymous Coward
    Thumb Up

    How to...

    ..jail-break a prison PC?

  15. Matthew
    Alert

    Catch 22..

    If it wasn't connected to the internet in the first place then it wouldn't need regular updates....

    Still.. I guess the best of the best IT people don't work in US prisons....

  16. Anonymous Coward
    Joke

    Information

    just wants to be free.

  17. Shagrat

    sorry what?

    12 years and $250,000 dollars....

    I think I'll stick to getting drunk and accidentally running people over. Thats obviously only a minor crime looking at average sentences

  18. Justin

    @Michael Chester

    Mmm, true - but there's always the case of malicious users on the local network or even local PC.

  19. Thomas Baker

    @Shagrat

    "12 years and $250,000 dollars...."

    This might be that high because he's a previous offender and seems to have been in and out of nick for long spells already. I honestly don't know for sure but this may not be indicative or typical of what someone else would get for the same type of offence.

    But you are right generally, the crimes that do the least damage often are punished much more harshly than generally-accepted horrific crimes where someone is really hurt. See: people going to prison for not paying their poll (re-branded as: Council) tax, speeding - where the odds are millions to one that anyone will get hurt but you can still end up in big trouble and even prison for something that happens every second of every day on almost every road in Britain and yet only a tiny tiny percentage of the time does someone get hurt.

    But you can burgle someone's house/car/business property, assault someone, try to kill someone and fail, break into someone's house with a view to continue your stalking of a woman, murder as many people as you like in a foreign country (see: Blair), and it's unlikely the police will even put down their cheese sandwich let alone actually come out and investigate or heaven forbid prosecute. Why bother when new 'criminals' are being caught daily without you having to replace the lid on your thermos?

    What with speeders and file-sharers and benefits dodgers, (i.e. often people have to lie to get benefits as telling the truth usually exempts you from qualifying, regardless of the reality of your plight), and 'ultra-dangerous-hackers' like Gary McKinnon, and Charles Menezes...well they've got their hands full with all that, they can't come out if your aunt is assaulted on a bus and has her purse stolen, in broad daylight, on Chiswick high street, oh no...sorry, too busy.

    </rant>

This topic is closed for new posts.

Other stories you might like