Slashdot Mirror
Cyber-criminal Left In Charge of Prison Computer Network
samzenpus writes "A 27-year-old man serving six years for stealing £6.5million using forged credit cards over the internet was recruited to help write code needed for the installation of an internal prison TV station. He was left unguarded with unfettered access to the system and produced results that anyone but prison officials could have guessed. He installed a series of passwords on all the machines, shutting down the entire prison computer system. A prison source said, 'It's unbelievable that a criminal convicted of cyber-crime was allowed uncontrolled access to the hard drive. He set up such an elaborate array of passwords it took a specialist company to get it working.'"
...hire these people for the FBI or something? At least that's how the movies go...
Slashdot is too nerdy for me.
Where's a "whatcouldpossiblygowrong" tag when you one?
Some cyber-criminal stole my 'need'!
Comment removed based on user account deletion
Chicken Coop, Inc. is proud to announce the promotion of Mr. Fox to the position of chief of security...
Civilized countries rehabilitate prisoners, and yes, that includes schooling them on what they will find in society once they've served their sentence.
The alternative, a punishment based system like in the US, causes those coming out of prison to be unemployable, and their only recourse is crime. Which is one of the main reasons why the recidivism rate and percent of the population in prison is much higher in the US than in other western countries.
Oddly enough, when I start googling for statistics to support your statement, I find things that say that there are fewer Drug offenders in prison that people convicted of Property crimes, and fewer of both those groups combined than people convicted of Violent crimes.
In other words, drug charges, major or minor, account for about 22% of the prison population in the USA.
Oh, and 55% of the prison population are in for violent crimes, and the remainder for property crimes.
"I do not agree with what you say, but I will defend to the death your right to say it"
And this felon had "no authority" over the prison computer system.
You don't need "authority", you just need access.
An asshole who bombs the asshole who is bombing the Kurds while telling us that the reason he is bombing the asshole who is bombing the Kurds is because that asshole is bombing the Kurds is not such an asshole. OUR asshole, however, was an asshole who was bombing the asshole who was bombing the Kurds while lying out of his ass that the reason he is bombing the asshole who is bombing the Kurds is because the asshole who is bombing the Kurds is getting ready to bomb US, which he wasn't.
So the asshole was thinking if he told the truth he might not get to bomb and so he will lie to get his way. That asshole was supposed to work for us, by the way.
- For the complete works of Shakespeare: cat
How about the asshole who gave the asshole gassing the Kurds the gas in the first place?
Oh right, that would be Donald Rumsfeld who completed that deal during the Reagen administration, not Richard Cheney.
...should always have been done so under supervision and with logging...
I agree with the logging side, but if they give him Admin then all the log will contain is him locating and killing the logging script (This CAN be avoided, but I doubt that they would have gone through that much trouble even if they were logging). The supervision probably would have been pointless though. More than likely, it would be a trained guard standing over him watching him do EXACTLY what he did. And, if asked what he was doing, he'd explain that he was adjusting permissions so that everything would work. If they hired somebody to supervise that could accurately determine whether he was being malicious, they could probably just ask the supervisor to do the job.
Hell, if you ask me to supervise an inmate in a chem lab while he brews up aspirin and he's actually making nitroglycerin, I'd probably stand there and ignorantly watch him make nitroglycerin.
He's getting rather old, but he's a good mouse.
Still, I think it is comparable to cubical life.
OK, that may be the most ignorant, presumptive thing I've read all day. I've seen prisons and I work in a cubicle. The two situations are nothing alike.
Prisoners get access to a gym and exercise yard...
He's getting rather old, but he's a good mouse.
Comment removed based on user account deletion
I mean, come on. The man must have known that he would get caught, which leads me to wonder if in fact he really did anything wrong.
Anybody here who wrote a program for a prison system would consider it irresponsible to NOT set passwords. But before you are given a chance to explain the very good reasons for what you've done, the big men with truncheons who are already watching you like a hawk assume the worst and start running around like Chicken Little with the sky falling.
That's my guess.
And chickens just LOVE it when the sky falls; it gives them a sense of purpose and an excuse to play 'hero'. Heck, I know a couple of cops, and they are good people, but their world view is very slanted due to regular exposure to the criminal element. Without a healthy means of grounding to the real world, their sense of reality can become wildly inaccurate. Add to that some over-enlarged ego, lots of fear, pack-mentality and a bit of down-home stupid, and you're looking at a system where innocence is not assumed and some really terrible things can -and do- happen.
I'm not saying the guy was mister pure-heart, but I bet the whole story isn't being represented here. --What with the hysteria that both police and the media typically spin themselves into over anything to do with computer 'hackers', I think this is entirely likely.
But it appears that many posters here aren't capable of remembering the patterns they see in the news wrt this kind of story. Hackers!
-FL
This isn't a government problem; it's private companies that won't hire ex-cons.
Do companies in the US have access to that kind of information? In the Netherlands, these records are private, but companies often will require a "declaration of no objection" from new hires for positions of trust. These are requested from the police, and the declaration (if issued) will state that the applicant has nothing in his record indicating a risk for the position he applies for. This to ensure a convicted embezzler doesn't get to work as an accountant again, or a child molester gets a job at a day care center, or a violent criminal a membership at a gun range, while keeping irrelevant facts on that record private.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
I'm not an expert on this as I've never been convicted of (or arrested for) a crime, so this is just from what I've heard and read. Most employment applications ask if you've ever been convicted of a crime (other than speeding/parking tickets), yes/no. Answering this falsely can mean immediate termination if they ever find out, and possibly even get you sued (not likely). However, for them to find out means they'd have to do a background check. I'm pretty sure conviction information is publicly available, and background checking agencies specialize in finding that stuff. Not all employers do background checks; government jobs requiring a clearance obviously do this, and certain other jobs too, but most probably don't. As an embedded software developer, I think I've only had two, one when I was doing an internship for a military contractor, and at my most recent job which is in the financial industry. I don't think the other jobs did any background checks, and mostly didn't even bother checking references either.
A quick Google search turned up some Yahoo! Answers questions about this topic, with totally different answers: 1) Honesty is the best policy, some employers will understand, etc., and 2) Honestly will keep you unemployed because no one will hire an ex-con when people with clean records are available.
It sounds like your system in the Netherlands is much better, since most jobs don't need to know your criminal record (of course, unless you're around children, or large sums of money). Of course, your system on narcotics is much better too so that doesn't surprise me. We still haven't learned the lessons of Prohibition after 80 years, though unfortunately most other countries are making the exact same mistake.