Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Security IT Idle

Cyber-criminal Left In Charge of Prison Computer Network 389

Posted by samzenpus
from the fox-in-the-hen-house dept.
samzenpus writes "A 27-year-old man serving six years for stealing £6.5million using forged credit cards over the internet was recruited to help write code needed for the installation of an internal prison TV station. He was left unguarded with unfettered access to the system and produced results that anyone but prison officials could have guessed. He installed a series of passwords on all the machines, shutting down the entire prison computer system. A prison source said, 'It's unbelievable that a criminal convicted of cyber-crime was allowed uncontrolled access to the hard drive. He set up such an elaborate array of passwords it took a specialist company to get it working.'"

*

This discussion has been archived. No new comments can be posted.

Cyber-criminal Left In Charge of Prison Computer Network

Comments Filter:
  • by daninspokane (1198749) on Wednesday October 07, 2009 @01:24PM (#29672525)
    ...hire these people for the FBI or something? At least that's how the movies go...
    • by eln (21727) on Wednesday October 07, 2009 @01:58PM (#29672995) Homepage
      Nah, that's just what they tell the rubes at DEFCON to make them want to get caught. They go up and show a bunch of faked pictures of hackers in FBI t-shirts tanning themselves on the roof of the J. Edgar Hoover building with a couple of scantily-clad "analysts", and tell everyone how these hackers were so good that they ended up being hired by the FBI and are now living happily ever after. Meanwhile, the burned up corpses of these hackers are resting in an abandoned locker room in the middle of a post-apocalyptic hellscape near a satellite uplink station. You know, sort of like in The Running Man.
      • Re: (Score:3, Funny)

        by ArsenneLupin (766289)

        with a couple of scantily-clad "analysts",

        Think of the straight hackers! Supply some scantily-clad "vaginalists" as well :-)

    • Re:Don't they... (Score:5, Informative)

      by JeffSpudrinski (1310127) on Wednesday October 07, 2009 @01:58PM (#29672999)

      Paragraph 4 of TFA has the hidden "gem":

      "The blunder emerged a week after the Sunday Mirror revealed how an inmate at the same jail managed to get a key cut that opened every door."

      I wonder if that fella was employed as a locksmith at the jail after having been arrested for breaking and entering...

    • by Spittoon (64395) on Wednesday October 07, 2009 @02:34PM (#29673475) Homepage
      Why would they hire some guy so inept he got caught TWICE?
  • This guy wants to appear like he is technical but only makes himself look foolish. The operating system was compromised. The protections should have been put in place to limit his rights to access the system and should always have been done so under supervision and with logging. They were foolish, he did what was to be expected
    • by gnick (1211984) on Wednesday October 07, 2009 @02:43PM (#29673601) Homepage

      ...should always have been done so under supervision and with logging...

      I agree with the logging side, but if they give him Admin then all the log will contain is him locating and killing the logging script (This CAN be avoided, but I doubt that they would have gone through that much trouble even if they were logging). The supervision probably would have been pointless though. More than likely, it would be a trained guard standing over him watching him do EXACTLY what he did. And, if asked what he was doing, he'd explain that he was adjusting permissions so that everything would work. If they hired somebody to supervise that could accurately determine whether he was being malicious, they could probably just ask the supervisor to do the job.

      Hell, if you ask me to supervise an inmate in a chem lab while he brews up aspirin and he's actually making nitroglycerin, I'd probably stand there and ignorantly watch him make nitroglycerin.

  • Oh man... (Score:5, Funny)

    by david@ecsd.com (45841) on Wednesday October 07, 2009 @01:24PM (#29672529) Homepage
    Where's a "whatcouldpossiblygowrong" tag when you one?
  • ehh (Score:2, Interesting)

    by Dyinobal (1427207)
    I stumbled this a long while ago. I'm surprised to see it is just now on slashdot.
  • by Absolut187 (816431) on Wednesday October 07, 2009 @01:27PM (#29672567) Homepage

    Thats almost as dumb as putting a Halliburton CEO in charge of the entire military.

    Luckily nothing that stupid would ever happen here in America.

  • by Anonymous Coward on Wednesday October 07, 2009 @01:27PM (#29672569)

    Chicken Coop, Inc. is proud to announce the promotion of Mr. Fox to the position of chief of security...

  • Six years? (Score:2, Insightful)

    by sitarlo (792966)
    6.5 million pounds vs. six years in prison. Considering 20 years in cube for about 2.5 million pounds total, this crime thing is looking like a better alternative career!
    • Re:Six years? (Score:5, Insightful)

      by Absolut187 (816431) on Wednesday October 07, 2009 @01:41PM (#29672783) Homepage

      Yeah, I'm sure they let him keep the money.

      How the hell is parent insightful???

      • Re: (Score:3, Insightful)

        by sitarlo (792966)
        Because I'm sure he had time to either squander, launder or hide a lot of his take. It's not like criminals open a domestic bank account and deposit their loot then report it to the queen. This dude may be broke, but then again, he may have a bundle waiting for him when he gets out. Or, he may have lived large while he was operating and now he's paying the price. Still, I think it is comparable to cubical life. People who work for corporations that knowingly screw consumers aren't really on a higher mo
        • by gnick (1211984) on Wednesday October 07, 2009 @02:53PM (#29673697) Homepage

          Still, I think it is comparable to cubical life.

          OK, that may be the most ignorant, presumptive thing I've read all day. I've seen prisons and I work in a cubicle. The two situations are nothing alike.

          Prisoners get access to a gym and exercise yard...

          • Re: (Score:3, Interesting)

            by craagz (965952)
            More details here

            IN PRISON: You spend the majority of your time in a 10X10 cell.
            AT WORK: You spend the majority of your time in an 8X8 cubicle.

            IN PRISON: You get three meals a day.
            AT WORK: You get a break for one meal and you have to pay for it.

            IN PRISON: You get time off for good behavior.
            AT WORK: You get more work for good behavior.

            IN PRISON: The guard locks and unlocks all the doors for you.
            AT WORK: You must often carry a security card and open all the doors for yourself.

            IN PRISON: You can w

      • Re:Six years? (Score:5, Insightful)

        by Clandestine_Blaze (1019274) * on Wednesday October 07, 2009 @02:06PM (#29673117) Journal

        I think the poster that you're replying to was implying that the six year sentence is hardly a deterrent for the amount that the criminal was convicted for stealing. If stealing 6.5 million pounds gets you six years in the slammer, and the alternative is working 20 years for only 2.5 million pounds, then suddenly the risk of getting caught doesn't seem so bad.

        (Well, I wouldn't want to even spend one minute in prison, let alone six years, but that's just me :-D )

        I think their whole point was that six years is way too small of a sentence for someone who stole that much money, not that he got to keep it after he was released. Keep in mind, there are cyber-criminals that are still at large, so there are some that get away with it. They usually get caught only when they don't know their boundaries and try to go for TOO much.

      • by cs668 (89484)

        Burn through 1 Mil, hide the rest and tell the cops you spent it all on drugs and hookers!

  • Hmmm. (Score:2, Insightful)

    Interesting that inmates have access to computers and TV. I'm glad we pay for that for them while normal citizens are having a hard time finding a job...
    • Re:Hmmm. (Score:4, Insightful)

      by vertinox (846076) on Wednesday October 07, 2009 @01:40PM (#29672757)

      Interesting that inmates have access to computers and TV. I'm glad we pay for that for them while normal citizens are having a hard time finding a job...

      Considering most of them are in their for minor drug charges and are no more evil than you or me...

      And that most of the tax money goes into the hands of the private corporations running the prisons and use the inmates for sub minimum wage labor at a profit which none goes back to the tax payers.

      So simple solution... Reform the laws and decriminalize these minor offenses and revoke the contracts with the private corporations running these prisions.

      • Re:Hmmm. (Score:5, Informative)

        by CrimsonAvenger (580665) on Wednesday October 07, 2009 @01:53PM (#29672933)

        Considering most of them are in their for minor drug charges and are no more evil than you or me...

        Oddly enough, when I start googling for statistics to support your statement, I find things that say that there are fewer Drug offenders in prison that people convicted of Property crimes, and fewer of both those groups combined than people convicted of Violent crimes.

        In other words, drug charges, major or minor, account for about 22% of the prison population in the USA.

        Oh, and 55% of the prison population are in for violent crimes, and the remainder for property crimes.

        • Re: (Score:3, Insightful)

          by Anonymous Coward
          Neither GP nor GPP specifically mentioned "prison" inmates, many drug offenders go to jail and are not included in your statistics. As someone who is about to go to jail for growing funny plants in my attic, I have to say.. what a way to waste your money.
        • Re: (Score:3, Insightful)

          by MobyDisk (75490)

          I wonder how many of those violent crimes were committed by drug addicts.

        • Re:Hmmm. (Score:5, Insightful)

          by mcgrew (92797) * on Wednesday October 07, 2009 @02:46PM (#29673633) Homepage Journal

          I'm guessing you went to The Bureau of Justice Stastics [usdoj.gov] site, which indeed says that in 2005, 53% were for violent crimes, 19% were property crimes, and 19% were drug crimes (it also says 8% are "public order" crimes; i.e., bullshit "crimes" like public intoxiction or prostitution).

          While it's a relief that half of the prisoners aren't in there for drugs, fully one in five inmates are incarcerated for drugs.

          It gives 2008 numbers for how many there are, but 20% of 2,310,984 is 462,197. Half a million Americans are imprisoned for drug crimes. And when they get out of prison, where will they get their money? Nobody wants to hire an ex-con. I would guess that for many of the violent and property offenders, it wasn't their first visit. How many started out getting busted for dope, then couldn't get work and stole to eat?

          20% of prisoners, half a million people. It's a huge problem.

          • Re:Hmmm. (Score:5, Informative)

            by cream wobbly (1102689) on Wednesday October 07, 2009 @04:58PM (#29675147)

            The wikipedia article on the US Prison System [wikipedia.org] is even more enlightening (refs functional, emphasis mine):

            The United States has the highest documented incarceration rate in the world at 738 persons in prison or jail per 100,000 (as of 2005).[1] [usdoj.gov] A report released Feb. 28, 2008 indicates that more than 1 in 100 adults in the United States are in prison.[2] [pewcenteronthestates.org] The United States has 5% of the world's population and 23.6% of the world's prison population.[3] [kcl.ac.uk]

            I think that speaks of an industry that resists change.

        • Re: (Score:3, Insightful)

          by Princeofcups (150855)

          Considering most of them are in their for minor drug charges and are no more evil than you or me...

          Oddly enough, when I start googling for statistics to support your statement, I find things that say that there are fewer Drug offenders in prison that people convicted of Property crimes, and fewer of both those groups combined than people convicted of Violent crimes.

          In other words, drug charges, major or minor, account for about 22% of the prison population in the USA.

          Oh, and 55% of the prison population are in for violent crimes, and the remainder for property crimes.

          So did I, and I found very different numbers:

          Federal prisons were estimated to hold 179,204 sentenced inmates as of Sept. 30, 2007. Of these, 15,647 were incarcerated for violent offenses, including 2,915 for homicide, 8,966 for robbery, and 3,939 for other violent crimes. In addition, 10,345 inmates were serving time for property crimes, including 504 for burglary, 7,834 for fraud, and 2,006 for other property offenses. A total of 95,446 were incarcerated for drug offenses. Also, 56,237 were incarcerated f

          • Re: (Score:3, Insightful)

            So, basically you're saying that the other 1.8 million people in prison in the USA don't count?

            Hint: the federal prison population consists of people violating federal laws. Murder, arson, assault, rape, things like that? State laws cover them, unless committed on Federal land or against officers of the Federal government.

            Ditto for most property crimes.

            Drug crimes, on the other hand, include a lot of smuggling into the country. Which is federal territory.

            Hence a large number of drug offenders in Fed

      • Considering most of them are in their for minor drug charges and are no more evil than you or me...

        That depends on what you mean by "evil."

        My ideology/religion/worldview/whatever says everyone is evil. Some people are more "moral" and some are more "law-abiding" however. A minor drug charge is a shift in moral/law-abiding. Read on, though, I'll probably end up agreeing with you...

        And that most of the tax money goes into the hands of the private corporations running the prisons and use the inmates for sub minimum wage labor at a profit which none goes back to the tax payers.

        Using inmates for labor seems like a good idea to me, frankly. Why simply let them live at the taxpayers' expense? Why not have them work for it? And frankly, not sure why they should even necessarily be paid much, if at a

    • Re:Hmmm. (Score:5, Insightful)

      by arth1 (260657) on Wednesday October 07, 2009 @01:40PM (#29672765) Homepage Journal

      Civilized countries rehabilitate prisoners, and yes, that includes schooling them on what they will find in society once they've served their sentence.
      The alternative, a punishment based system like in the US, causes those coming out of prison to be unemployable, and their only recourse is crime. Which is one of the main reasons why the recidivism rate and percent of the population in prison is much higher in the US than in other western countries.

      • Re: (Score:2, Insightful)

        by Absolut187 (816431)

        This guy's "rehabilitation" seems to be going well..

        Seriously, I agree that we should give SOME criminals a chance at rehabilitation.
        But when somebody (like this guy) shows that he is clearly NOT INTERESTED in rehabilitation whatsoever - execution.

        The hard-core criminals only interfere with the rehabilitation of those who might actually benefit from it.

      • Rehabilitation... well, I think that depends. I'm all for letting them work or letting them learn a skill. I'm not for forcing them or paying to try to force them. If they don't want to learn, they're not going to.

        And if you murder someone, I don't know what rehabilitation there is for you. Or rape. Or any other violent crime like that.

        The stats for repeat offenders is pretty high, as I recall. Rehabilitation isn't working so well. Maybe because you're not changing anything but their external observa

      • The Three R's (Score:2, Insightful)

        by FrozenGeek (1219968)
        That would be restitution, retribution, and rehabilitation. All three are necessary. Rarely are all three implemented. To whatever extent is possible, the victims of the crime should receive restitution (from the offender, not from the public at large). Punishment is needed to make certain that crime does not pay (if crime does pay, and the pay is better than the criminal can legally earn, we will have crime). Rehabilitation is required to minimize the chance of the criminal re-offending. If said crim
      • Re: (Score:2, Insightful)

        by Tanman (90298)

        No, the 'civilized' approach of which you speak means that they blindly perform acts that some expert says will reform the criminals, then they let them out, and finally the criminals commit crime again.

        That is why the vast majority of people in prison are repeat offenders: reform does not work most of the time.

      • Re:Hmmm. (Score:5, Interesting)

        by Grishnakh (216268) on Wednesday October 07, 2009 @03:00PM (#29673755)

        Sorry, I don't agree. The recidivism rate here is high because it's impossible to get a job with a conviction. It doesn't really matter what you do in prison, whether you just get in fights and get tattoos, or if you learn some useful skill with computers. Either way, you're going to be unemployed when you get out, and most likely your only way to survive will be to become a career criminal.

        This isn't a government problem; it's private companies that won't hire ex-cons. However, it is partially the government's fault for keeping Prohibition going for decades, creating a whole class of people who can't work normal jobs because they went to prison for possessing naturally-growing plants.

        • Re:Hmmm. (Score:5, Informative)

          by JaredOfEuropa (526365) on Wednesday October 07, 2009 @06:23PM (#29675891) Journal

          This isn't a government problem; it's private companies that won't hire ex-cons.

          Do companies in the US have access to that kind of information? In the Netherlands, these records are private, but companies often will require a "declaration of no objection" from new hires for positions of trust. These are requested from the police, and the declaration (if issued) will state that the applicant has nothing in his record indicating a risk for the position he applies for. This to ensure a convicted embezzler doesn't get to work as an accountant again, or a child molester gets a job at a day care center, or a violent criminal a membership at a gun range, while keeping irrelevant facts on that record private.

          • Re:Hmmm. (Score:5, Interesting)

            by Grishnakh (216268) on Wednesday October 07, 2009 @07:25PM (#29676251)

            I'm not an expert on this as I've never been convicted of (or arrested for) a crime, so this is just from what I've heard and read. Most employment applications ask if you've ever been convicted of a crime (other than speeding/parking tickets), yes/no. Answering this falsely can mean immediate termination if they ever find out, and possibly even get you sued (not likely). However, for them to find out means they'd have to do a background check. I'm pretty sure conviction information is publicly available, and background checking agencies specialize in finding that stuff. Not all employers do background checks; government jobs requiring a clearance obviously do this, and certain other jobs too, but most probably don't. As an embedded software developer, I think I've only had two, one when I was doing an internship for a military contractor, and at my most recent job which is in the financial industry. I don't think the other jobs did any background checks, and mostly didn't even bother checking references either.

            A quick Google search turned up some Yahoo! Answers questions about this topic, with totally different answers: 1) Honesty is the best policy, some employers will understand, etc., and 2) Honestly will keep you unemployed because no one will hire an ex-con when people with clean records are available.

            It sounds like your system in the Netherlands is much better, since most jobs don't need to know your criminal record (of course, unless you're around children, or large sums of money). Of course, your system on narcotics is much better too so that doesn't surprise me. We still haven't learned the lessons of Prohibition after 80 years, though unfortunately most other countries are making the exact same mistake.

          • Re: (Score:3, Informative)

            by Tynin (634655)

            Do companies in the US have access to that kind of information? In the Netherlands, these records are private, but companies often will require a "declaration of no objection" from new hires for positions of trust.

            The same does not hold true in the US. Any business can do a felony lookup on anyone once they apply and give said company their name, address, etc. Their are free services, often provided at tax-payer expense, to provide public access to felony conviction records.

            In the US, generally it is a financial death sentence to get a felony on your record because you will be treated like a pariah in the job market for all but the most menial tasks. This isn't always the case, some felons are able to make it back i

      • Re: (Score:3, Insightful)

        by rahvin112 (446269)

        The high incarceration percentage in the US has nothing at all to do with rehabilitation vs. punishment. The high US incarceration rate is due to Federal minimum mandatory sentences for drug related crimes. If you are caught with more than 1 gram of crack you go to jail for 10 years, no exceptions, no deals and no circumstances will change that sentence. It's a minimum mandatory sentence. Take the drug non violent drug offenders out of the US prisons and the incarceration rate would be identical to European

    • Re: (Score:3, Insightful)

      Yeah its not like giving them opportunity works and as a result we have a lower re-offending rate than America (harsher prisons) but higher than Sweden (nicer prisons), but fuck it, I'm having a hard time finding a job so all spending should be cut even if it makes everybody less safe and effect wastes more money (1 "expensive" stay vs 10+ cheap stays).

    • As stated by others, most are in for drug charges.

      Nor will this change. Drugs were made illegal as an easy pretext for jailing minorities in the early 20th century when African Americans and Mexicans were the primary users of marijuana. When almost everyone is doing something and you make it illegal, it becomes much easier to control them. Remember prohibition?

      So for these guys, I have a lot of sympathy. For violent criminals I have none and would prefer that they all be locked in solitary and dosed heavily

    • Interesting that inmates have access to computers and TV. I'm glad we pay for that for them while normal citizens are having a hard time finding a job...

      You'd rather the inmates reach their breaking points and tear each other up?

    • Re:Hmmm. (Score:5, Insightful)

      by ThrowAwaySociety (1351793) on Wednesday October 07, 2009 @02:01PM (#29673039)

      Interesting that inmates have access to computers and TV.

      Imagine a group of people with little respect for authority, and, in many cases, a history of violence.

      Now take away their TV.

      Do you really think that putting down prison riots is cheaper than just letting them vegetate in front of the idiot box? Are you, a normal citizen, volunteering for that job? I'm sure there's an opening there.

      • Re: (Score:2, Interesting)

        by L0rdJedi (65690)

        Do you really think they spend most of their time watching TV? Have you ever seen a prison inmate or one recently released? If they're in for any length of time, they work out. They work out all the time because there's nothing else to do. Even inmates can only watch so much TV before they become bored. Since they probably have to watch their back all the time and be ready for anything, they're better off working out and staying in shape.

        If they were sitting watching TV all day, they wouldn't have such

    • by couchslug (175151)

      "Interesting that inmates have access to computers and TV. I'm glad we pay for that for them while normal citizens are having a hard time finding a job..."

      That's because the purpose of prison is to make the most effeminate portions of the public feel good about themselves instead of deter crime by crushing criminals. That an inmate would dare do anything at all against orders means the system is too weak. We should admit we are facing bad people who are willfully beyond redemption and act accordingly. The i

  • by lbalbalba (526209) on Wednesday October 07, 2009 @01:34PM (#29672661)
    The case of Kevin Mitnick, who was initially restricted from using any sort of communications technology whatsoever (no computer access at all, no mobile phone, etc.), other than a landline telephone...
  • by wazzzup (172351) <astromac@@@fastmail...fm> on Wednesday October 07, 2009 @01:37PM (#29672707)

    You're a computer guy, right? My cousin's kid been trying to help us with this TV station thing we're doing but I don't think he knows what he's doing. Plus he's starting soccer now and he doesn't have much time anymore. It's not like you don't, eh? Heh heh.

    Anyway, can you help? We use The Windows and all that so it's pretty standard.

    You will? Thanks buddy - I'll see that you get some extra "unmonitored" visits from the little lady this month.

  • ... that this happened when the "prison source" still refers to a computer as "the hard drive"?

  • by PolygamousRanchKid (1290638) on Wednesday October 07, 2009 @01:41PM (#29672785)

    . . . is assigned in prison to garden detail . . . and is given . . . a chainsaw!

    The prison now has a few open bunks.

    The prison psychologist stated, "I hoped that we could discover how to do pleasant things with a chainsaw, instead of nasty things."

    • by geekmux (1040042)

      . . . is assigned in prison to garden detail . . . and is given . . . a chainsaw!

      The prison now has a few open bunks.

      The prison psychologist stated, "I hoped that we could discover how to do pleasant things with a chainsaw, instead of nasty things."

      This may sound strange, but somewhere deep inside, I almost yearn for a "tax cut" type solution ala Running Man.

  • Why didn't he just alter his own records and get himself released?

    -jcr

    • Re: (Score:3, Funny)

      by cbhacking (979169)

      No no no, haven't you ever worked anywhere that you had Admin capabilities? The trick is to make yourself indespensible!

      Oh, wait...

      Seriously though, He probably didn't have access to their entire system. You can cripple a system for its intended use (by adding security restrictions to everything that you have access to) while still lacking acces to, for example, the prisoner info database.

  • Why did he do it? (Score:5, Insightful)

    by captaindomon (870655) on Wednesday October 07, 2009 @02:06PM (#29673123)
    My question is, why? I can understand stealing credit card information due to the financial side of things. Why would he pull a stunt like this? So he can get an extended prison sentence, and have no hope of being let out on parole? When you're in prison, do you want to piss off the prison staff? Do you know what happens when you do that? Idiot.
    • When i read TFS, it sounded like he installed passwords on computers. As in, they didn't have passwords before. Maybe he tried to get some time off In exchange for these passwords, though which certainly would be bad...
    • Re: (Score:3, Interesting)

      by phantomfive (622387)
      Not all places allow time off for good behavior. I don't know much about the penal code in UK where he was being held, but it is seems he got no extra time added to his sentence as a result of this.

      If anyone is an idiot in this situation, I think the prison officials absolutely deserve that title.
  • So much so for the privileges. Dumb fsck.
  • "Pen-testing" and "set a thief to catch a thief" does not mean letting a thief build your security infrastructure without supervision.

  • by Hurricane78 (562437) <deleted@@@slashdot...org> on Wednesday October 07, 2009 @02:40PM (#29673565)

    Ok, I wanted to link to a comment in a previous story here, where someone complained about everything being "cyber-" this and "cyber-" that, and that it makes you sound like it came from the 80s.
    I answered, that he then might not like my new "CyberCyber Virtu@l e-Cloud Turbo CoolClick iNetExplorer 2000 XFX GTX - Ultimate Social Web 2.0 Gold Edition"... or something like that.

    But strangely, the comment vanished from the face of the net. I searched Google, and even manually went trough all recent articles here containing "cyber". Especially "cybercyber". It's gone!
    How can that happen? Anyone care to explain, or find it, even if it's OT? Because this is really strange...

    • by Culture20 (968837) on Wednesday October 07, 2009 @03:44PM (#29674299)

      I answered, that he then might not like my new "CyberCyber Virtu@l e-Cloud Turbo CoolClick iNetExplorer 2000 XFX GTX - Ultimate Social Web 2.0 Gold Edition"... or something like that. But strangely, the comment vanished from the face of the net. I searched Google, and even manually went trough all recent articles here containing "cyber". Especially "cybercyber". It's gone! How can that happen? Anyone care to explain, or find it, even if it's OT? Because this is really strange...

      Because Taco has plans for a new CyberCyber Virtu@l e-Cloud Turbo CoolClick iNetExplorer 2000 XFX GTX - Ultimate Social Web 2.0 Gold Edition Slashdot and he doesn't want there to be a record of any prior art.

  • by night_flyer (453866) on Wednesday October 07, 2009 @03:15PM (#29673929) Homepage

    in charge of the Federal Reserve

  • by fluffy99 (870997) on Wednesday October 07, 2009 @03:24PM (#29674025)

    Obviously the prison didn't have anyone IT saavy or they never would have relied on an inmate. As I understand it, he simply changed some admin passwords and set the bios password. When they couldn't figure out how to change things back, they refused to let the guy show them how to fix it and hire an outside consultant.

  • by Fantastic Lad (198284) on Wednesday October 07, 2009 @04:59PM (#29675165)

    I mean, come on. The man must have known that he would get caught, which leads me to wonder if in fact he really did anything wrong.

    Anybody here who wrote a program for a prison system would consider it irresponsible to NOT set passwords. But before you are given a chance to explain the very good reasons for what you've done, the big men with truncheons who are already watching you like a hawk assume the worst and start running around like Chicken Little with the sky falling.

    That's my guess.

    And chickens just LOVE it when the sky falls; it gives them a sense of purpose and an excuse to play 'hero'. Heck, I know a couple of cops, and they are good people, but their world view is very slanted due to regular exposure to the criminal element. Without a healthy means of grounding to the real world, their sense of reality can become wildly inaccurate. Add to that some over-enlarged ego, lots of fear, pack-mentality and a bit of down-home stupid, and you're looking at a system where innocence is not assumed and some really terrible things can -and do- happen.

    I'm not saying the guy was mister pure-heart, but I bet the whole story isn't being represented here. --What with the hysteria that both police and the media typically spin themselves into over anything to do with computer 'hackers', I think this is entirely likely.

    But it appears that many posters here aren't capable of remembering the patterns they see in the news wrt this kind of story. Hackers!

    -FL

  • by mrnick (108356) on Thursday October 08, 2009 @01:59AM (#29677955) Homepage

    I don't subscribe to the train of thought that the best security specialists are ex black-hats. Mainly because most black-hats are only out, open about it, because they have been caught. IMHO this doesn't make them good it just goes to show that they are rather poor at it. They did get caught right?

    Though they would never admit it, I imagine that most of the best white-hats / security specialists I have known have likely wore a black-hat at some point in their past.

    Just as I would state that the best computer scientists are those that grew up with a curiosity and interest in computing that cannot be extinguished one has to have the ability to put themselves in their opponent's mindset (the white-hat in the mind of the black-hat) or they won't be very successful.

    I have done so much information / network security tasks combined with countless internal security audits (Sarbanes, etc) that I cannot connect to a network or walk into a new building without thinking about how one would theoretically subvert the systems in place. This doesn't mean I am acting on this knowledge but I would say it is a switch that gets turned on in the best security professionals that cannot be turned off. I'll meet someone at their office for the first time and find myself saying something like: "Physical security is terrible here, why would anyone waste time hacking into a network located in this facility when they could just walk right through the front door?" This is constructive criticism, though I shouldn't be giving away my knowledge as doing so reduces the perceived impression of the value of people in my profession.

    I was working on Bank of America's firewall team, early in my career, and a potential candidate had made it past our teams rigorous technical screening and though maybe unknown to him he was going to be offered the job, as he had impressed us with his knowledge, and the meeting with our manager that turned into lunch with the team was just a formality. That was until during lunch when he openly stated "He had worn so man color hats, white, black, gray that he often gets confused on which he is currently wearing." We all looked at one another and sighed because we all knew such a statement had made him ineligible for the position. We were not upset that we might have hired a former black-hat but rather disappointed that he was so naive about the environment that he would openly state such a stupid declaration in front of us and our manager. If he were experienced enough to realize his mistake before making it he would have likely been a valuable member of that team.

    It's like a television show called MasterMinds on the History channel that shows supposedly criminal master-minds, the details of their crimes, and the story of how they were eventually caught. I wouldn't call any of these people criminal master-minds. A show about criminal master-minds would not be that entertaining because they would say this is how it was concluded that a crime had been committed, if they could even determine that, and then they would explain how they don't know how the crime(s) were committed, and that the unknown suspects have yet to be identified. This is because a true criminal master-mind would have never been identified and the crime would be so unique as to defy description.

    I tried to explain to a close-minded information security professor, during my Masters program, that going through detailed descriptions of known security exploits was a waste of time. I tried to no avail to explain that known (named) security exploits posed no threat, as they would have a countermeasure in place already and that the real risk was security exploits that have yet to be identified because their is no current countermeasure for them. I suggested that discussing the inherent security risks of deploying UDP on a network, for which I later wrote a research paper, or similar such topics would be a better use of our time. Rather than taking advice from a graduate student, the professor instead had us s

Mediocrity finds safety in standardization. -- Frederick Crane

Working...