Slashdot Mirror
Cyber-criminal Left In Charge of Prison Computer Network
samzenpus writes "A 27-year-old man serving six years for stealing £6.5million using forged credit cards over the internet was recruited to help write code needed for the installation of an internal prison TV station. He was left unguarded with unfettered access to the system and produced results that anyone but prison officials could have guessed. He installed a series of passwords on all the machines, shutting down the entire prison computer system. A prison source said, 'It's unbelievable that a criminal convicted of cyber-crime was allowed uncontrolled access to the hard drive. He set up such an elaborate array of passwords it took a specialist company to get it working.'"
...hire these people for the FBI or something? At least that's how the movies go...
Slashdot is too nerdy for me.
Where's a "whatcouldpossiblygowrong" tag when you one?
Some cyber-criminal stole my 'need'!
Comment removed based on user account deletion
Chicken Coop, Inc. is proud to announce the promotion of Mr. Fox to the position of chief of security...
6.5 million pounds vs. six years in prison. Considering 20 years in cube for about 2.5 million pounds total, this crime thing is looking like a better alternative career!
Interesting that inmates have access to computers and TV. I'm glad we pay for that for them while normal citizens are having a hard time finding a job...
The case of Kevin Mitnick, who was initially restricted from using any sort of communications technology whatsoever (no computer access at all, no mobile phone, etc.), other than a landline telephone...
You're a computer guy, right? My cousin's kid been trying to help us with this TV station thing we're doing but I don't think he knows what he's doing. Plus he's starting soccer now and he doesn't have much time anymore. It's not like you don't, eh? Heh heh.
Anyway, can you help? We use The Windows and all that so it's pretty standard.
You will? Thanks buddy - I'll see that you get some extra "unmonitored" visits from the little lady this month.
Sexual offenders run the prison rape-prevention program.
No, that's already run by designated "I'll be your daddy and protect you from the others" representatives, fairly elected by the general population.
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
Comment removed based on user account deletion
. . . is assigned in prison to garden detail . . . and is given . . . a chainsaw!
The prison now has a few open bunks.
The prison psychologist stated, "I hoped that we could discover how to do pleasant things with a chainsaw, instead of nasty things."
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
Or starring Jeffrery Dahmer on an episode of Iron Chef.
Thats almost as dumb as putting a Halliburton CEO in charge of the entire military.
Luckily nothing that stupid would ever happen here in America.
You're right, that never happened. While Dick Cheney was at one point the CEO of Halliburton, he was in charge of the U.S. military before he worked for Halliburton. As Vice President he had no authority over the military.
The truth is that all men having power ought to be mistrusted. James Madison
There where those few hours while Bush was at the doctor's.
Their last good backup? heh
Welcome to MS-DOS
Copyright 1981,82 Microsoft, Inc.
c:\
My question is, why? I can understand stealing credit card information due to the financial side of things. Why would he pull a stunt like this? So he can get an extended prison sentence, and have no hope of being let out on parole? When you're in prison, do you want to piss off the prison staff? Do you know what happens when you do that? Idiot.
Just because I can hook a shark from a boat, I do no offer to wrestle it in the water.
And this felon had "no authority" over the prison computer system.
You don't need "authority", you just need access.
That would be restitution, retribution, and rehabilitation. All three are necessary. Rarely are all three implemented. To whatever extent is possible, the victims of the crime should receive restitution (from the offender, not from the public at large). Punishment is needed to make certain that crime does not pay (if crime does pay, and the pay is better than the criminal can legally earn, we will have crime). Rehabilitation is required to minimize the chance of the criminal re-offending. If said criminal lacks the means to get and hold a decent job, the chances of re-offending are high. If he has the means of getting and holding a decent job, the chances of re-offending are reduced (but not nil).
linquendum tondere
Ok, I wanted to link to a comment in a previous story here, where someone complained about everything being "cyber-" this and "cyber-" that, and that it makes you sound like it came from the 80s.
I answered, that he then might not like my new "CyberCyber Virtu@l e-Cloud Turbo CoolClick iNetExplorer 2000 XFX GTX - Ultimate Social Web 2.0 Gold Edition"... or something like that.
But strangely, the comment vanished from the face of the net. I searched Google, and even manually went trough all recent articles here containing "cyber". Especially "cybercyber". It's gone!
How can that happen? Anyone care to explain, or find it, even if it's OT? Because this is really strange...
Any sufficiently advanced intelligence is indistinguishable from stupidity.
An asshole who bombs the asshole who is bombing the Kurds while telling us that the reason he is bombing the asshole who is bombing the Kurds is because that asshole is bombing the Kurds is not such an asshole. OUR asshole, however, was an asshole who was bombing the asshole who was bombing the Kurds while lying out of his ass that the reason he is bombing the asshole who is bombing the Kurds is because the asshole who is bombing the Kurds is getting ready to bomb US, which he wasn't.
So the asshole was thinking if he told the truth he might not get to bomb and so he will lie to get his way. That asshole was supposed to work for us, by the way.
- For the complete works of Shakespeare: cat
How about the asshole who gave the asshole gassing the Kurds the gas in the first place?
Oh right, that would be Donald Rumsfeld who completed that deal during the Reagen administration, not Richard Cheney.
...should always have been done so under supervision and with logging...
I agree with the logging side, but if they give him Admin then all the log will contain is him locating and killing the logging script (This CAN be avoided, but I doubt that they would have gone through that much trouble even if they were logging). The supervision probably would have been pointless though. More than likely, it would be a trained guard standing over him watching him do EXACTLY what he did. And, if asked what he was doing, he'd explain that he was adjusting permissions so that everything would work. If they hired somebody to supervise that could accurately determine whether he was being malicious, they could probably just ask the supervisor to do the job.
Hell, if you ask me to supervise an inmate in a chem lab while he brews up aspirin and he's actually making nitroglycerin, I'd probably stand there and ignorantly watch him make nitroglycerin.
He's getting rather old, but he's a good mouse.
How about the asshole who gave the asshole gassing the Kurds the gas in the first place?
Oh right, that would be Donald Rumsfeld who completed that deal during the Reagen administration, not Richard Cheney.
I'm sorry when exactly do you think Regan took office? The Iraqi's were trying to kill all the Kurds since about 1960. Killing the Kurds and stealing their oilfields. So what if the gas was purchased and used later, the genocide attempt was going on for 20 years prior.
I just love it when the frothing-at-the-mouth liberals try to blame a single, US "official" for doing something EVEYRONE FUCKING KNOWS was the right thing to do, even if the reason was falsified.
"Be prepared, son. That's my motto. Be prepared." --Joe Hallenbeck
Comment removed based on user account deletion
in charge of the Federal Reserve
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
No way would that be a bad idea - That would be the PPV episode. I'd tune in just out of curiosity as to what the dessert would be - Sweet-bread sorbet? Liver mousse?
"The winner will get the privilege of having dinner tomorrow with me. The loser will also get to come, but I need you to arrive 4 hours early after bathing in Worcestershire for 3 hours."
He's getting rather old, but he's a good mouse.
Obviously the prison didn't have anyone IT saavy or they never would have relied on an inmate. As I understand it, he simply changed some admin passwords and set the bios password. When they couldn't figure out how to change things back, they refused to let the guy show them how to fix it and hire an outside consultant.
Wait a sec, have the goal posts moved again? It was about weapons of mass destruction, then it was about bringing democracy to masses yearning for it, then it was about protecting the Sunnis from the Shiite forces that we kind of, um, unleashed on them, and now it's payback for the Kurds?
I think the real motivation was to revive the corpse of Gilgamesh and create a new race of super-warriors, but that's just my theory.
We shot Iraqi people, We bombed Iraqi people, and we occupied their land.
We also at this point have likely reduced Kurdish autonomy for better cooperation with Turkey.
We didn't even hit Suddam with a bomb, so saying we bombed the asshole gassed the Kurds is absurd on the face of it.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
No no no, haven't you ever worked anywhere that you had Admin capabilities? The trick is to make yourself indespensible!
Oh, wait...
Seriously though, He probably didn't have access to their entire system. You can cripple a system for its intended use (by adding security restrictions to everything that you have access to) while still lacking acces to, for example, the prisoner info database.
There's no place I could be, since I've found Serenity...
All right, how will a guy whose main skills are computer related be able to pay back victims of identity theft? Would it be, by any chance, by holding a profitable job where he works with computers? Or do you want to go back to debt prisons where people are kept, at taxpayers expense and without profitable occupation, until they pay back the debt?
Debtor's prisons were stupid. Let me just say that much.
I know, you can't pay back if you don't have a profitable job. But just because you went to jail doesn't mean you shouldn't have that debt to pay. I'm not saying that they should stay in jail until they can pay it back. I'm saying they shouldn't "get out of debt free" simply because of jail time. That's not reparation.
In reality, most people will not be able to pay back the victims in their lifetime, let alone in the time after which we think is reasonable to stop punishing someone and let them move on with their lives.
Hm. So, the poor criminal stole too much and he can't pay it back? I'm not sure if I have much sympathy for him. Maybe he should have thought of that before he stole it? Unfortunately, our current legal system doesn't really provide much incentive to think about that kind of problem if you're caught. 6 years of jail for stealing a ton of money in credit cards doesn't seem to be much of a deterrent, and certainly didn't rehabilitate this guy too well...
As for "better the society in general," I don't have a problem with that except that his debt isn't to society in general... it's to his victims, is it not? I would think they should reap any possible reparation before society does...
Comment removed based on user account deletion
I mean, come on. The man must have known that he would get caught, which leads me to wonder if in fact he really did anything wrong.
Anybody here who wrote a program for a prison system would consider it irresponsible to NOT set passwords. But before you are given a chance to explain the very good reasons for what you've done, the big men with truncheons who are already watching you like a hawk assume the worst and start running around like Chicken Little with the sky falling.
That's my guess.
And chickens just LOVE it when the sky falls; it gives them a sense of purpose and an excuse to play 'hero'. Heck, I know a couple of cops, and they are good people, but their world view is very slanted due to regular exposure to the criminal element. Without a healthy means of grounding to the real world, their sense of reality can become wildly inaccurate. Add to that some over-enlarged ego, lots of fear, pack-mentality and a bit of down-home stupid, and you're looking at a system where innocence is not assumed and some really terrible things can -and do- happen.
I'm not saying the guy was mister pure-heart, but I bet the whole story isn't being represented here. --What with the hysteria that both police and the media typically spin themselves into over anything to do with computer 'hackers', I think this is entirely likely.
But it appears that many posters here aren't capable of remembering the patterns they see in the news wrt this kind of story. Hackers!
-FL
Maybe he decided that with the depression taking it's toll on the outside world and all that getting "LIFE" in prison was the best job stability he could hope for.
That was the most confusing asshole statement I ever read. I got lost after the 3rd asshole and all I gather from reading that is there are assholes killing assholes. Sounds like a win win situation to me.
Dark Helmet:
How many Assholes we got on this ship, any how?
Everyone:
Yo!
Dark Helmet:
I knew it. I'm surrounded by Assholes. *closes helmet* Keep firing, Assholes!
Yup that was my first reaction too. They let you on a box to install a prison-wide TV system so what do you do?
A. Install the system, get the props from your fellow inmates who know you are responsible for keeping their new toy running; get props from the authorities, increasing your chances of an early release; build enough trust that maybe in the future you'll be allowed somewhere near a box to do other fun stuff,
OR,
B. SNAFU the system, volunteer as the authorities' punching bag; blow your chances of an early release; and ensure you will not be allowed anywhere near anything more advanced than a transistor radio for the next 5 years?
Which just goes to show that intelligence doesn't immunise you against stupidity.
Better to be despised for too anxious apprehensions, than ruined by too confident a security. --Edmund Burke
I don't subscribe to the train of thought that the best security specialists are ex black-hats. Mainly because most black-hats are only out, open about it, because they have been caught. IMHO this doesn't make them good it just goes to show that they are rather poor at it. They did get caught right?
Though they would never admit it, I imagine that most of the best white-hats / security specialists I have known have likely wore a black-hat at some point in their past.
Just as I would state that the best computer scientists are those that grew up with a curiosity and interest in computing that cannot be extinguished one has to have the ability to put themselves in their opponent's mindset (the white-hat in the mind of the black-hat) or they won't be very successful.
I have done so much information / network security tasks combined with countless internal security audits (Sarbanes, etc) that I cannot connect to a network or walk into a new building without thinking about how one would theoretically subvert the systems in place. This doesn't mean I am acting on this knowledge but I would say it is a switch that gets turned on in the best security professionals that cannot be turned off. I'll meet someone at their office for the first time and find myself saying something like: "Physical security is terrible here, why would anyone waste time hacking into a network located in this facility when they could just walk right through the front door?" This is constructive criticism, though I shouldn't be giving away my knowledge as doing so reduces the perceived impression of the value of people in my profession.
I was working on Bank of America's firewall team, early in my career, and a potential candidate had made it past our teams rigorous technical screening and though maybe unknown to him he was going to be offered the job, as he had impressed us with his knowledge, and the meeting with our manager that turned into lunch with the team was just a formality. That was until during lunch when he openly stated "He had worn so man color hats, white, black, gray that he often gets confused on which he is currently wearing." We all looked at one another and sighed because we all knew such a statement had made him ineligible for the position. We were not upset that we might have hired a former black-hat but rather disappointed that he was so naive about the environment that he would openly state such a stupid declaration in front of us and our manager. If he were experienced enough to realize his mistake before making it he would have likely been a valuable member of that team.
It's like a television show called MasterMinds on the History channel that shows supposedly criminal master-minds, the details of their crimes, and the story of how they were eventually caught. I wouldn't call any of these people criminal master-minds. A show about criminal master-minds would not be that entertaining because they would say this is how it was concluded that a crime had been committed, if they could even determine that, and then they would explain how they don't know how the crime(s) were committed, and that the unknown suspects have yet to be identified. This is because a true criminal master-mind would have never been identified and the crime would be so unique as to defy description.
I tried to explain to a close-minded information security professor, during my Masters program, that going through detailed descriptions of known security exploits was a waste of time. I tried to no avail to explain that known (named) security exploits posed no threat, as they would have a countermeasure in place already and that the real risk was security exploits that have yet to be identified because their is no current countermeasure for them. I suggested that discussing the inherent security risks of deploying UDP on a network, for which I later wrote a research paper, or similar such topics would be a better use of our time. Rather than taking advice from a graduate student, the professor instead had us s
Encryption: I may not agree with what you say, but I will defend your right to encrypt it...