Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security IT

Hackers Could Open Convicts' Cells In Prisons 203

Hugh Pickens writes "Some of the same vulnerabilities that the Stuxnet superworm used to sabotage centrifuges at a nuclear plant in Iran exist in the country's top high-security prisons where programmable logic controllers (PLCs) control locks on cells and other facility doors. Researchers have already written three exploits for PLC vulnerabilities they found. 'Most people don't know how a prison or jail is designed; that's why no one has ever paid attention to it,' says John Strauchs, who plans to discuss the issue and demonstrate an exploit against the systems at the DefCon hacker conference next week. 'How many people know they're built with the same kind of PLC used in centrifuges?' A hacker would need to get his malware onto the control computer either by getting a corrupt insider to install it via an infected USB stick or send it via a phishing attack aimed at a prison staffer, since some control systems are also connected to the internet, Strauchs claims. 'Bear in mind, a prison security electronic system has many parts beyond door control such as intercoms, lighting control, video surveillance, water and shower control, and so forth,' adds Strauchs. 'Once we take control of the PLC we can do anything (PDF). Not just open and close doors. We can absolutely destroy the system. We could blow out all the electronics.'"
This discussion has been archived. No new comments can be posted.

Hackers Could Open Convicts' Cells In Prisons

Comments Filter:
  • Internet? (Score:5, Insightful)

    by betterunixthanunix ( 980855 ) on Sunday July 31, 2011 @07:16AM (#36938440)
    Why are the prison control systems connected to the Internet? Who thought that was a good idea?
    • by gl4ss ( 559668 )

      most of them are not. but that's irrelevant, as most have network nodes across the entire prison. it would really have to be a targeted attack anyways, as you'd need to know which plc's they're using and so forth. but the point is, it's just couple of grand in hardware after you know what's in use in that specific prison.

    • Re:Internet? (Score:5, Informative)

      by SwedishChef ( 69313 ) <craig@networkessentials. n e t> on Sunday July 31, 2011 @08:35AM (#36938694) Homepage Journal

      The PLCs (and their controllers) form their own network that is not connected to the Internet; it's not even TCP/IP.

      However... the desktop computers that interface with the controllers are often on the Internet because they use the local area network to communicate with both the controllers and get email, surf the web, etc. There is a close connection between the SCADA software on the desktop PC and the PLC so that if a sophisticated attack on that PC is successful then the attacker can have complete control over the PLC system.

      Worse yet... many of the PCs controlling the PLC systems are older versions of Windows because updates are expensive (usually requiring specialists from outside the plant due to the nature of the systems) so people tend to put them off. I've seen lots of desktops running NT, for instance.

      • Not completely true. ProfiNet, Modbus/TCP, EtherNet/IP, FINS, BACnet are all communication over ethernet tcp/ip stacks to the scada system and capable of issuing write commands. But then again perhaps prisons are using DCS style hardwired systems. Now the control system operating drives, switches, sensors or whatever are generally going to use some other system like Modbus, CAN, I2C, ... but even then EtherCAT, EtherNet/IP are industrially used for plcs to talk to drives and sensors if you want.

        The scada

        • by OzPeter ( 195038 )

          I'm more worried about DNP3 substations than prisons since power companies tend to have a unified system and spread out over long distances though they know that.

          I've said it on many occasions that a single person with a 4wd vehicle, and a high powered rifle with a scope could do more damage to the power system in a short time and do it more easily than anyone with a keyboard and a computer.

          • Comment removed based on user account deletion
            • by OzPeter ( 195038 )

              Having said that I really do hope that the EEs who know the system best (IE the ones who actually keep the grid running) have removed line of sight from the most vulnerable junctions.

              A simple question for you to consider: How do you hide transmission lines from line-of-site?

              • by vlm ( 69642 )

                Having said that I really do hope that the EEs who know the system best (IE the ones who actually keep the grid running) have removed line of sight from the most vulnerable junctions.

                A simple question for you to consider: How do you hide transmission lines from line-of-site?

                The problem is you pop a hole in the bottom of an oil cooled transformer and as fast as the oil can run out, it'll overheat and shut down, or overheat and catch fire. Every hunting season at a previous job we used to lose power to a repeater site or two from that form of recreation.

            • by vlm ( 69642 )

              That person would have to risk getting caught.

              Caught doing what? Surely not this:

              a single person with a 4wd vehicle, and a high powered rifle with a scope

              That would raise eyebrows in downtown Manhattan or maybe Norway now, but around here that is a standard issue hunter, a protected species, herd size measured in the hundreds of thousands each fall, no kidding. Mostly they spend "deer hunting time" drinking beer but they have been known to take pot shots at aerial fiber; I assume they occasionally miss our fiber and hit the electric co lines, insulators, and transformers. The big high voltage towers are supposed to be mu

    • Comment removed (Score:5, Interesting)

      by account_deleted ( 4530225 ) on Sunday July 31, 2011 @08:54AM (#36938790)
      Comment removed based on user account deletion
      • If there is a hostile situation *and your remote connection hasn't been compromised*, you still have control of those doors.

        Fixed that for you.

      • The person to control the door is not on site. So if he sees that I want to enter and he does not want me to, he can't be physically be forced to do so.

        I have a gun to someone's head. If you don't open the door, I'll shoot them. You will watch on the camera. I will repeat this until the door opens.

        The real question is: How much of a stomach do you have for watching people die because you won't push a button? Will you be able to live with yourself for the rest of your life seeing visions of their brain meats smeared across the wall?

        The problem with geeks is they never consider the human angle, just the technical one.

    • by nurb432 ( 527695 )

      I still say why are any of these connected to a commodity OS as well.

      You don't *need* it to be online directly, nor do you need it to be tied to any specific commodity OS at this stage of the game. In the old days this was the case. Isolated networks, and dedicated operating systems were the norm ( including the monitoring systems ).

      • I still say why are any of these connected to a commodity OS as well.

        You don't *need* it to be online directly, nor do you need it to be tied to any specific commodity OS at this stage of the game. In the old days this was the case. Isolated networks, and dedicated operating systems were the norm ( including the monitoring systems ).

        Name a major SCADA system that doesn't require Windows. Heck, I know some that require very specific versions and service packs or they don't work...

    • by mysidia ( 191772 ) *

      Why are the prison control systems connected to the Internet? Who thought that was a good idea?

      They are designed to operate without a connection to the internet. However, the computers used to control them run Windows on general purpose hardware.

      Which means it is possible to connect them to the internet.

      If you ask me, the designer of the system should utilize embedded hardware booted from flash media and basically read-only to the end user. Any reporting/data collection/data storage should be done

    • And why THE FUCK are they using a Windows OS for this kind of system? I mean controlling a nuclear enrichment facility or a prison security with Windows XP? What kind of marketing bullshit did they use to seal that deal?
    • Why are the prison control systems connected to the Internet? Who thought that was a good idea?

      • (1)Two prisons with a wall in common are getting refurbishment. The decision is made to have one control room for the two prisons (I don't know if this would work where prisons are privatised ; it would certainly work here where only a couple of prisons are privatised). This saves 8 full-time jobs (possibly 12, I don't know the shift/ vacation rotas) between the two prisons. Nothing goes wrong.
      • (2) Two prisons on
  • by DarwinSurvivor ( 1752106 ) on Sunday July 31, 2011 @07:44AM (#36938502)
    Expect this to be a new thing in hollywood movies. I think it's about the only thing they HAVEN'T used for a prison escape!
  • Wouldn't a good old switchboard do?

  • by vlm ( 69642 ) on Sunday July 31, 2011 @07:57AM (#36938550)

    All believable, right up to:

    We could blow out all the electronics.

    The best I can think of is turning on the entire HVAC system at the same instant, popping the circuit breakers to the facility.

    Maybe you could turn the power to the TVs on and off every second until the switching power supplies blow, or maybe that wouldn't work..

    The problem with getting "average joe" to infect a PLC, is PLCs and their systems are getting more complicated, to the point that only specialists mess with them. Its a temporary thing. In the past, they were too few to matter, in the future they'll be too complicated for all but specialists to have access. This is just a momentary thing where "joe average industrial maint electrician" could theoretically screw stuff up.

    • Re:BS (Score:4, Informative)

      by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Sunday July 31, 2011 @08:16AM (#36938630) Homepage Journal

      If you could activate all the doors at once you could possibly overload the system. You're not going to blow out all the electronics, but you may well disable a critical path system. And if you opened all the doors and then opened them all some more simultaneously, that might well get them stuck open to the point where a human would have to manually close and lock each cell.

      • by vlm ( 69642 )

        If you could activate all the doors at once you could possibly overload the system.

        I would disagree as "instant-lockdown" is probably one of the main features of the system. Any time they see a fight, to stop it from turning into a (bigger) riot, slap the big red switch to isolate the inmates. The opposite is the "fire switch" so you can instantly let all the inmates out of their cells; I suppose it depends on the security level of the inmates and local policies; some prisons might let them fry in their cells if there's a fire.

        And if you opened all the doors and then opened them all some more simultaneously, that might well get them stuck open to the point where a human would have to manually close and lock each cell.

        Now we're getting somewhere, cycle half open half closed unt

        • I would be totally unsurprised if you didn't have to at least account for motor start delay, especially when the prison is being built by the lowest bidder.

    • by DarkOx ( 621550 )

      The things is your typical "PLC" these days is pretty much a ruggedized PC running Windows, and a likely buggy stack of control software packages on top of that; which do not get along with the security patches for Windows, so Windows does not get patched. This is pretty serious problem when these machines are not properly isolated.

      • You got control of the PLCs, started the emergency generator, set it to run at 75Hz, and forced it to connect to the mains? I'm thinking that might blow up a few bits and pieces of electronics.

        Remember that Stuxnet was designed to use the PLCs to vary the frequency of the equipment.

        • Clearly you don't know much about how backup emergency diesel speed control systems are set up. Most of em are physically unable (as in a mechanical limiter) raise speed above 63 hz. And most if not all have automatic tripping if speed drops to or below 57 hz while loaded. I can see sitting there at 57 hz for a long time, that might cause high current draw from your loads, eventually leading long time delay current trips. Can't see much chance of long term damage. Might be a PITA to restart in manua

          • I don't know too much about diesel generators, but I *have* seen what happens when one is switched in when it's out of phase: no mechanical damage, but the magic smoke escaped from the transfer switch. I don't know if that counts as "blow[ing] out /all/ the electronics", but it definitely blew, and the server room was dark for hours.

      • by denobug ( 753200 )

        The things is your typical "PLC" these days is pretty much a ruggedized PC running Windows, and a likely buggy stack of control software packages on top of that; which do not get along with the security patches for Windows, so Windows does not get patched. This is pretty serious problem when these machines are not properly isolated.

        Actually the PLC itself is most likely designed with embedded architectures. The only company that advertise the use of an Intel processor is GE and I don't think I have heard them bragging about it for the last couple of years, most likely because their customer (or intended audience) do not like the fact that it is too similar to a standard PC.

        What is running the Windows are your operator interfaces, which is what the operator (in this case, the guards) would possibly be using to interface with the PL

    • If you root the PLC, then you can probably do something like cycle the locks until the solenoids burn out. Given the inherent conflict between safety and security, I wouldn't care to bet whether they'd fail in lockdown or free-for-all mode, or 50/50 either way. Any countermeasure implemented in PLC code instead of hardware (or a semi-autonomous downstream PLC) would be vulnerable to alteration. A well-designed PLC implementation will have only *monitoring* outputs accessible to Internet-connected PCs, while
  • The problem being the majority of these systems were designed at a time when malware and hacking were not as big an issue as today, common sense can stop most threats easily but, no internet access, restrict physical media. Sorted. On a bigger scale but, it really worries me, cyber warfare is here and nobody is prepared. Things are going to get messy, fun fun times are ahead. :)
    • Cyber warfare? Stand back, I have a laptop and I know how to use it!

      C'mon, melodrama much? Cyber warfare is the buzzword for "we were too stupid/miserly/lazy to implement security, now people found out how our shoddy semblance of a figment of security can be bypassed, so they are cyber terrorists and cyber criminals and cyber whatever. It's not that we were negligent/lazy/greedy, no way!"

  • by ControlsGeek ( 156589 ) on Sunday July 31, 2011 @08:23AM (#36938658)

    In the first place the prison control network is likeley not Ethernet. If it uses Allen Bradley PLCs in North America it is probably ControlNet a Token Passing bus topology. If it uses Gould/Modicon/SquareD/ Schneider it is probably Modbus Plus also a Token passing Bus Network. The PLC's will be executing Ladder Logic.
    The Control Computer that the article talks about is only used to modify or create code for the PLC's and thereafter disconnected.It would usually only be reconnected for Maintenance reasons. The control of the unlocking or locking of cell doors is likeley by push button in the Guard control room and done through the PLC I/O.

    The network is not going to be connected to the internet as that would be stupid.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      The problem is that this is not the case as is detailed in the paper.

    • ++mod

      I agree and would like to add that when you say "likeley not Ethernet" also means that there are some that are. We've recently started using Directlogic PLC's. Some do have ethernet (like the DL205).
      http://support.automationdirect.com/docs/plc_selection_considerations.html [automationdirect.com]

      You could run all of your PLC's through a router so you could have all your PLC's programmable from a remote location. We've never done that, but then again we also don't have a prison population and access controls to deal with.

      • by OzPeter ( 195038 ) on Sunday July 31, 2011 @10:18AM (#36939212)

        You could run all of your PLC's through a router so you could have all your PLC's programmable from a remote location. We've never done that, but then again we also don't have a prison population and access controls to deal with.

        I've done things like this and it works well. Had multiple remote sites connected to the home base via a VPN over the Internet. Not that I recommend programming from a remote location, but being able to ensure you have central backups, and do a centralized version control is a boon. The alternative was to have contract cowboys in each region with their own private copy of what they think the PLC program should be. So now the contractor arrives at site, checks out the PLC code from the central repository, modifies the PLC and then checks the code back in.

    • by PPH ( 736903 )

      The Control Computer that the article talks about is only used to modify or create code for the PLC's and thereafter disconnected.

      Unless the control computer is running an HMI (Human Machine Interface) to monitor and/or control lock and alarm status. Then that's the attack vector. Think you can keep that system off the Internet? Good luck with that.

      From TFA:

      He and his team recently toured a prison control room at the invitation of a correctional facility in the Rocky Mountain region and found a staffer reading his Gmail account on a control system connected to the internet.

      Back when I worked for Boeing, we (engineering) supported some shop floor ATE (automated test equipment). Over our objections and warnings, management instituted a program to port all the ATE equipment over to Windows specifically so that shop floor personnel could use the system

      • by codegen ( 103601 )
        I don't know what CS graduates you are talking too, but none of our CS grads would consider Windows a securable system.
    • Since when has stupidity stopped something from being implemented? If there's a cent to save, it will be done. To hell with security, this is just to keep criminals locked up, where do you need security in that?

  • by RevWaldo ( 1186281 ) on Sunday July 31, 2011 @08:35AM (#36938692)
    This is you do it. You just break into the warden's office, find his PC, go to a command line and enter:

    UNLOCK ALL INMATE DOORS
    DEACTIVATE SECURITY SYSTEM

    Then you smash the screen with a hammer so that no one can override the commands. It's simple.

    What?

    .
    • by OzPeter ( 195038 )

      This is you do it. You just break into the warden's office, find his PC, go to a command line and enter: UNLOCK ALL INMATE DOORS DEACTIVATE SECURITY SYSTEM Then you smash the screen with a hammer so that no one can override the commands. It's simple. What? .

      Totally wrong. Wrong I tell you. You have to Deactivate the alarm system first, then open the doors. That way you you don't announce to the rest of the world that you have engineered the breakout. Just make sure not to overlook the hidden alarm that the was secretly put in by the super crime fighter to let him know when his nemesis has escaped.

      Unless of course you engineered the breakout to cover for the fact that you are committing a crime in another part of the city. In which case you only open som

      • Did I just write a hollywood movie? Or a series of movies????

        Depends.. Isn't that the plot of Batman Begins?

        • by OzPeter ( 195038 )

          Did I just write a hollywood movie? Or a series of movies????

          Depends.. Isn't that the plot of Batman Begins?

          You know, it probably was .. but I didn't have that movie in mind when I wrote my comments as I had totally forgotten about it - not to mention that I never saw it either

    • by Clueless Moron ( 548336 ) on Sunday July 31, 2011 @09:36AM (#36938994)

      This is you do it. You just break into the warden's office, find his PC, go to a command line and enter: UNLOCK ALL INMATE DOORS DEACTIVATE SECURITY SYSTEM .

      You left out a critical step. The computer will respond with ACCESS DENIED, at which point you type OVERRIDE

      • If you're going down that road...

        First of all, there will be a password prompt, in nice HUGE letters on the screen - you know in case the warden lost his reading glasses or something...
        You look around and notice a picture of his son on the table and a drawing signed "Joshua" on the wall... So now you know the password is "Joshua" (of course it is)

        UNLOCK ALL INMATE DOORS
        "Ok"

        DEACTIVATE SECURITY SYSTEM
        But wait! - the warden is not supposed to deactivate the security system! - "ACCESS DENIED!"

        But the warden bei

    • by lennier ( 44736 )

      Nah, you just need a stock standard R2-series astromech droid, have it insert its computer access probe into the nearest rotary dial socket, then tell it "Unlock all trash compactors on the detention level".

      Or load the secret battle station plans into it and tell it to launch a lifepod. Nobody will ever shoot it because, hey, it's just a droid, and droids never smuggle data.

      Or you send your droid into the druglord's hideout, and instead of doing a mandatory security wipe or even checking for hidden compartm

  • Recall all the Stuxnet comments on how it was so unique and targeted it was.
    The perfect safe digital weapon with layers of unique code to seek out a sub set of industrial units.
    Now cost cutting Microsoft based programmable logic controllers are at risk in other areas...
    Why are so many expensive unique projects connected to low end Windows code?
  • by OzPeter ( 195038 ) on Sunday July 31, 2011 @09:54AM (#36939082)
    TFA has lots of security related buzzwords, but for me the meat in TFA is buried down in

    Custom exploits are not hard to create for PLCs due to the ease of programming them by simplistic programming languages like Ladder Logic. For example, everyone on this research team was able to put together a PLC exploit in only a few hours. While we created the exploits for research purposes, there are many exploits that are publicly available and can be found online such as on Exploit-DB.com.

    There are multiple attack vectors that could lead to a compromise of the PLCs. If the machine controlling, monitoring, or programming is misused by personnel and connected to the internet, then the usual client side attack vectors are in scope. When it is connected to the Internet, it is also subject to conventional attacks such as, man-in- the-middle, network based attacks exploits, and forced updates – perhaps some with improper SSL certificates as was the case with Stuxnet

    So there are lots of scary buzzwords all over the place, but when it comes to saying what they actually achieved in their "research" they are extremely light on details. Sure don't tell the world what techniques you actually employed, but do tell us that you remotely snuck into a network and managed to flip some I/O signals etc. If anything the biggest joke in the paper is

    By accessing the loaded libraries of the software that control, monitor, or program the PLCs, we believe we have found an attack vector that is not vendor-specific.

    Thats like saying that hacking into the ECU of a car is a vulnerability that is present across all car manufactures. Yep it sure is, but then you need to step back and admit that every car manufacturer has a bespoke implementation of their control units and the real world is not like Independence Day.

    I have been using PLCs for longer that some /.'s have been alive and one thing I can say is that the only thing each manufacture's PLC has in common with each other is that they run off electrical power. And given the way PLC code is typically written, every prison control system is going to be a custom job, so there is not going to be any implementation consistency across the board. Stuxnet only worked through a sophisticated and well researched plan to directly target Iran's nuclear program. Regardless of who you blame as the originator, you have to admit that it was not the job of a script kiddy, but someone with immense resources behind them. If you think that someone is going to direct an equal amount of resources towards unlocking a prison, then you have more issues to consider than a bunch of dope dealers running around free.

    Finally the biggest laugh for me in TFA was

    The communications port is typically 9-pin RS-232 or EIA-485;

    That shows that the authors have no idea about how a modern PLC system is put together. Serial comms may be the rage for shoebox PLCs (and given that they spent only $2500 on hardware/software, they were NOT dealing with a big name PLC manufacturer, or anything larger than a "toy" PLC), but on a modern mid sized PC system we have upgraded to Ethernet, Proifbus and even fibre for comms. A colleague recently had a "small" PLC system on his desk - two PLC racks in a redundant setup and just the CPU and system cards, with no I/O racks. The list price of this hardware was $100,000 and it was nothing special. (Claims of Apple being over priced are nothing compared to PLC manufacturers).

    • The list price of this hardware was $100,000 and it was nothing special. (Claims of Apple being over priced are nothing compared to PLC manufacturers).

      Hm ... a hundred K seems a bit high, but you're right that the stuff isn't cheap. On the other hand, nobody in his right mind would use an Apple product to run valve & pump control for an oil refinery or some other critical process (although I'm sure there are people that try.) There are substantial liability issues with which manufacturers of industrial controllers have to contend that commercial vendors do not.

  • First off it shows a STUNNING lack of of any sort of thought on the part of the people in charge of security and system design, connecting ANY command and control system of any kind to the real internet is something that should never, ever, be done, peroid.

    I don't care HOW convenient it is or how useful it is, it's painting a giant soft target on your system and anyone who does it should be fired.

    Furthermore, anyone who takes a usb stick or other media and plugs it into a secure C&C system needs to be f

    • Furthermore, anyone who takes a usb stick or other media and plugs it into a secure C&C system needs to be fired also, as a matter of fact such systems should probably be designed with little to no access to external media and any actually required access points should be as secured as possible.

      I know nothing about prison control systems, but I've spent a couple of decades in industry (okay, maybe a little more than that.) It is astounding the difference in security procedures you see across different organizations. I've seen some outfits that have completely electrically separate engineering/process and business networks, with all communication between those networks (if any!) being pinholed and heavily monitored, and other outfits that just run one big fiber loop around their facility and hook e

  • by Animats ( 122034 ) on Sunday July 31, 2011 @12:08PM (#36939926) Homepage

    Progress with programmable logic controllers has made them much more vulnerable. They used to be really dumb devices, often programmed by physically plugging in an EPROM. Their communications protocol tended to be some ancient multi-drop serial protocol like RS-485, or a vendor-specific proprietary network. The "host machine" tended to be some CPU on a card, connected to a dumb terminal or a control panel. This was dumb and static, but being totally isolated, secure from external intrusion.

    Now, PLCs tend to be reprogrammable over their communications link. Some support Ethernet directly. The proprietary networks were all overpriced, and although Ethernet is overkill for most low-level controllers, the interface parts are cheaper, the cables are cheaper, the connectors are cheaper, and more interface devices are available. Also, 10baseT, which has differential signalling and error control, has better noise immunity than some of the lower-speed proprietary networks. I've used devices that have a built in web server just for configuration purposes. With no security.

    Even if the low-level network is nonstandard, there's a tendency today to put in a gateway to an Ethernet. This allows connection to, inevitably, a PC running Windows, usually with some custom DLL from the controls vendor. (See page 9 of this Siemens brochure. [siemens.com]) This often allows reprogramming the low level controllers from a PC. This is exactly the configuration that was used in the Iranian centrifuge facility.

    Of course, once you have something that's IP over Ethernet with Windows machines on it, it tends to become accessible from the outside world. This is a recognized problem. Here's a Siemens paper on it. [siemens.com] They talk about "firewalls" a lot, but don't go into much detail over what they really do. Note that they mention an engineering terminal use for system programming (a PC), physically outside the firewall, coming in through an encrypted VPN. That's a classic point of attack.

    The trouble is that it's too convenient to have connections to external systems. The PLC system for lock control in a prison wouldn't seem to have to be connected to other systems. But there's going to be an inmate inventory system that tracks who is supposed to be in which cell. It's convenient if the interface to the locking system shows who is supposed to be where, and has important info like which prisoners are violent, which need extra medical attention, and such. Then you can have screens which show both door status and prisoner info.

    But others need to talk to the prisoner inventory system. The system for food ordering needs info about how many inmates are in which parts of the prison and maybe their dietary needs. And the system for food ordering needs to talk to external suppliers to place orders. That means a link to outside the prison. This is the sort of thing which leads to a data path from non-critical to critical systems.

  • People are shocked to see that standard PLCs are used in a wide range of industrial control applications.

    It's almost like they were designed for being used in a wide variety of applications.
  • "Some of the same vulnerabilities that the Stuxnet superworm used to sabotage centrifuges at a nuclear plant in Iran exist in the country's top high-security prisons where programmable logic controllers (PLCs) control locks on cells and other facility doors."

    They're going to spin the prison faster and faster until the cell doors shake off? Nice. I'd watch that.

  • Though it might work in some of the city and county jails. But the state prisons here are all run off gear that is non-networked. Sure, some of the newer facilities might have VOIP phones or IP-based cameras in some areas, but you're still not going anywhere or getting much done in a TX state prison without a ring of keys. About the best you could hope for might be to shut off a camera. Which might work if you're coordinating a hit, but you're better off doing that during a medical transfer or something si

To communicate is the beginning of understanding. -- AT&T

Working...