+ Post New Thread
Results 1 to 7 of 7
IT News Thread, Inmate gets 18 months for thin client prison hack in Other News; Inmate gets 18 months for thin client prison hack A former prison inmate has been ordered to serve 18 months ...
  1. #1
    p858snake's Avatar
    Join Date
    Dec 2008
    Location
    Queensland
    Posts
    1,490
    Thank Post
    37
    Thanked 175 Times in 151 Posts
    Blog Entries
    2
    Rep Power
    51

    Inmate gets 18 months for thin client prison hack

    Inmate gets 18 months for thin client prison hack
    A former prison inmate has been ordered to serve 18 months for hacking the facility's computer network, stealing personal details of more than 1,100 of its employees and making them available to other inmates.

    Francis G. Janosko, 44, received the sentence earlier this week in federal court in Boston after pleading guilty to the hacking offenses in September.

    In 2006, Janosko hacked a thin client that was connected to a prison server to access the employee database for the Plymouth County Correctional Facility in Massachusetts, prosecutors alleged. After obtaining the names, addresses, dates of birth, social security numbers and telephone numbers of the employees, he made them accessible to other inmates.

    Although the machine was configured only to run a legal research program, the prisoner managed to use it to get free rein over a variety of unauthorized services. In addition to the employee database, Janosko was also able to access the internet to download videos and photographs of prison employees, inmates and aerial shots of the prison, according to court papers. The hacking took place between October 2006 and February 2007.

    Janosko was imprisoned in 2006 for a parole violation following a conviction on child pornography charges. He was convicted of harassing an underage girl and taking pictures of her in a public library the year before.
    Source: The Register

  2. #2

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Why in the world was the inmates network connected to the administration network even physically? duh!

  3. #3

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,754
    Thank Post
    3,265
    Thanked 1,052 Times in 973 Posts
    Rep Power
    365
    Quote Originally Posted by powdarrmonkey View Post
    Why in the world was the inmates network connected to the administration network even physically? duh!
    vlan's etc ?

  4. #4

    Join Date
    May 2007
    Location
    Hull, UK
    Posts
    256
    Thank Post
    6
    Thanked 13 Times in 13 Posts
    Rep Power
    17
    Quote Originally Posted by powdarrmonkey View Post
    Why in the world was the inmates network connected to the administration network even physically? duh!
    Why have the inmates even got a network! Especially one whos convicted of child pornography!

  5. #5

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,139
    Thank Post
    860
    Thanked 2,692 Times in 2,282 Posts
    Blog Entries
    9
    Rep Power
    771
    Quote Originally Posted by mac_shinobi View Post
    vlan's etc ?
    VLANs are not entirely secure, they rely on packet tagging which is usually done by the switch with varying levels of security. The issue is that this tagging is vunrable to corruption and spoofing if you know enough about it and the switch is not 100% secure (a feat that no software based system seems to be able to manage). For instance certain NIC drivers (eg HP Teaming stuff) allow creation of subinterfaces to assosiate with multiple VLANs if the switch allows it and depending of the switch software involved can be achived on ports not configured absoloutly correctly.

    Being a prison getting access to a trunk link is not as likely but these are very vunrable as simple packet injection of tagged frames will get right past almost all of the security measures.

    If they were going to insist on using a VLANed system in an environment like that at the very least they should have implemented full IPSEC encryption on all communication on the administration network. Its like a handful of group policies and really shows up the lack of care that was implemented when desigining a network in such a data sensitive location. They probably had the whole lot running on the same network segment with a single layer of 'security' (the thin client settings) and just relied on the inmates being unskilled at such things to keep them safe. Of course on this occation they ran up against a rather unlikely element, a highly skilled user

  6. #6

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by mac_shinobi View Post
    vlan's etc ?
    The only way to ensure total isolation is to unplug it

  7. #7

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,754
    Thank Post
    3,265
    Thanked 1,052 Times in 973 Posts
    Rep Power
    365
    Quote Originally Posted by SYNACK View Post
    VLANs are not entirely secure, they rely on packet tagging which is usually done by the switch with varying levels of security. The issue is that this tagging is vunrable to corruption and spoofing if you know enough about it and the switch is not 100% secure (a feat that no software based system seems to be able to manage). For instance certain NIC drivers (eg HP Teaming stuff) allow creation of subinterfaces to assosiate with multiple VLANs if the switch allows it and depending of the switch software involved can be achived on ports not configured absoloutly correctly.

    Being a prison getting access to a trunk link is not as likely but these are very vunrable as simple packet injection of tagged frames will get right past almost all of the security measures.

    If they were going to insist on using a VLANed system in an environment like that at the very least they should have implemented full IPSEC encryption on all communication on the administration network. Its like a handful of group policies and really shows up the lack of care that was implemented when desigining a network in such a data sensitive location. They probably had the whole lot running on the same network segment with a single layer of 'security' (the thin client settings) and just relied on the inmates being unskilled at such things to keep them safe. Of course on this occation they ran up against a rather unlikely element, a highly skilled user
    I've got all the ccna cbt nuggets to go through - got a very very very long road to go before I totally understand what you just posted above although if they used something like pf sense, m0n0wall or the likes ( smoothwall ) or even a hardware firewall they could have locked it down a lot more - I'm still learning a lot about everything so will get there eventually like a lazy susan lol

    Quote Originally Posted by powdarrmonkey View Post
    The only way to ensure total isolation is to unplug it
    Sounds good to me
    Last edited by mac_shinobi; 27th December 2009 at 08:57 AM.

SHARE:
+ Post New Thread

Similar Threads

  1. Thin Client Uses
    By darkmanx in forum Thin Client and Virtual Machines
    Replies: 19
    Last Post: 30th December 2009, 06:19 PM
  2. thin client
    By mjs_mjs in forum Thin Client and Virtual Machines
    Replies: 15
    Last Post: 25th November 2009, 09:17 AM
  3. 2X and Thin Client
    By bigjb in forum Thin Client and Virtual Machines
    Replies: 10
    Last Post: 4th April 2009, 08:54 AM
  4. Another thin client one.....
    By Lee_K_81 in forum Thin Client and Virtual Machines
    Replies: 13
    Last Post: 13th May 2008, 03:41 PM
  5. Thin CLient
    By sLiDeR in forum Network and Classroom Management
    Replies: 4
    Last Post: 1st April 2008, 06:11 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •