back to article Inmate gets 18 months for thin client prison hack

A former prison inmate has been ordered to serve 18 months for hacking the facility's computer network, stealing personal details of more than 1,100 of its employees and making them available to other inmates. Francis G. Janosko, 44, received the sentence earlier this week in federal court in Boston after pleading guilty to …

COMMENTS

This topic is closed for new posts.
  1. zedenne
    Dead Vulture

    more detail?

    would love to know the sophistication of his hack.

    was it just holding down the shift key when turning on the client or did it involve some cleverness?

  2. Neal 5

    I think the guy got it wrong.

    Aren't lags supposed to spend their time planning to break out, not in.?

  3. e-berlin.org
    Pint

    e-berlin.org

    Hah, nice move, Francis! Cheers!

    1. Ray0x6
      Unhappy

      Uhhh...

      Yes, he 'hacked' a prison service computer but knowing what I do about public service tech solutions, I very much doubt it was a tough job. Child pornography and harassing an underage girl, however, not quite such a nice move (and best not to advertise your business with those sorts of comments, eh Deneva?)

  4. SirTainleyBarking
    FAIL

    Who set this system up?

    Prison full of criminals? Who'da thought that?

    Prehaps the sys admin might have taken that into account?

  5. Anonymous Coward
    Anonymous Coward

    Add a few more years to his sentence

    Looks like a career criminal to me that needs to spend more time in prison than 18 months.

  6. Francis Boyle Silver badge

    Come on

    The inmates just wanted to send the employees a few Christmas cards.

    Seriously, considering the potential for harm I think he got off very lightly.

  7. Matthew 4
    FAIL

    Common Problem

    Like all Govt run/funded organisations, anything is always done on the cheap and this is the result - false economy.

  8. Tony Barnes

    Seems odd

    That they would have anything that inmates had access to hooked up to the internal network... Pretty bloody obvious security risk!

  9. Guus Leeuw
    IT Angle

    Why is it...

    ... that governments across the world create mostly "open" systems, and then blame everyone else for getting access to it?

    Why are they not going after the guys who are maintaining their prison servers / clients, and making sure those *idiots* go behind bars. That would server the IT community right, getting rid of nitwits.

    OK, the guy should not have paraded the details around, espec to prison folks, but hey, you can't blame him for getting access to poorly secured data...

    Guus

  10. Cliff

    I wonder what the hack was?

    I mean, in prison, no internet access, thin client, this is going to be a pretty crap 'hack' I expect - URL manipulation and network topology guessing?

    No, that was naughty, he oughtn't have done it, and he oughtn't've shared the results, but by golly it was a bit of mental stimulation at least. I admit I'd probably have done the same once I had realised I could in the smae position. And assuming people won't explore one of the few terrains available to them to explore is hardly responsible security for sensitive data.

  11. Mike007 Bronze badge

    I would

    TBH if i'm bored and happen to be sitting in front of a computer system, i tend to have a little poke around the network as well out of curiosity over how well set up it is...

    if someone was able to gain unauthorised access to sensitive data without having to authenticate, blame the network admins/software provider/whoever set up the system (and if they got someones password, blame the user whose password he got... as well as the idiots who allowed that password to work from inmate computers)

  12. kissingthecarpet
    FAIL

    You'd think

    that a prison system, accessed by inmates, would be locked down like a naughty gimp in a box, & the inmates would be on a separate network with powerless user accounts etc.

    But no.

    1. Anonymous Coward
      Flame

      Security is expensive

      There is a trade off:

      - Cheap, insecure system

      - Expensive, secure system

      People say "Oooh, my PC at home cost £299 from Tesco and I have £10/month broadband, why should a [prison/business/NHS/national identity database] system cost any more?". And it's very hard to sell people on the benefits of security - they say (perhaps correctly) "it's unlikely to be a problem".

      And if it _is_ a problem, then it's blamed on the "hacker", or the poor underfunded sysadmin. It's never the fault of the people in charge, who didn't provide funding for a secure system.

  13. Chris Malme

    More details

    A copy of the indictment can be found at http://www.securityprivacyandthelaw.com/uploads/file/Janosko%20Indictment.pdf and has a more detailed description.

    Among other things, a piece of paper was found in his cell containing a username and password to the prison management system.

    Because it was stated that the servers he accessed were "used in interstate and foreign communications", it became a felony offence.

  14. Joe Montana
    FAIL

    Locking down...

    You see a lot of dumb terminal or remote access setups where you just access a windows machine through rdp or citrix, and are only supposed to gain access to certain applications. I have never encountered a situation where it wasn't possible to easily run other programs... the windows interface and userland apps were never designed with any sort of security in mind, they were mostly inherited from the 9x series of windows and bolted on top of the nt kernel (which by itself had a pretty decent security model).

  15. Ferret
    Coffee/keyboard

    @ Why is it...

    If they fired the company in charge of network administration, they would probably have to hire the company in the number two position in the original bid who, naturally, would charge more money for their services.

    As it stands, said company will most likely fire some low-level tech from their staff, plug the security hole which was exploited, and keep rolling along - business as usual.

    Escape key 'cuz - well, what does anyone in a prison want to do?

  16. JShel
    FAIL

    Welcome to Mass.

    The IT contract either went to the nephew of someone at the prison, or the IT firm that has been bribing State Senators for contracts :)

  17. IceMage
    IT Angle

    Underfunded? Probably

    Most prisons are underfunded, it's no surprise that their network security model would be underfunded. I'd likely prefer that over, oh, I dunno, a massive prison breakout?

    Then again, all those prison workers gotta be pissed at their employer, because now they're liable if any kind of identity theft comes out of it, as it was their system that exposed them to risk. Let's see here... we can spend $100,000 on a secure network, or $5,000,000 cleaning up the mess because we didn't.

    It's hard to put that kind of perspective into upper management's heads. They always look at the short-term bottom line. When you try to sell them on a $5,000 printer that will last 10 years, they don't understand why you can't just go to office depot and get one that costs $40.

  18. Fred Flintstone Gold badge
    Thumb Up

    Excellent!

    18 more months to do a truly inhouse security survey. Thumbs up!

  19. Adam 38
    Badgers

    Computers?

    Why do inmates have access to any computers at all? Shouldn't it just be a telephone, toilet and bed? I thought the point of them going to prison is so that they could reflect on what theyve done.

  20. Anonymous Coward
    Joke

    Was it just a JailBook status update?

    - banged up

    - still banged up

    - the hairy guy winked at me in the shower block

    - !

  21. Count Ludwig
    Coat

    Prison governor denies responsibility

    Reuters: In a press conference yesterday, prison governor O. Pensesame denied responsibility for the gaffe and put the blame on a "small criminal element" that had "somehow got into into our prisons and is intent on causing trouble."

    Mine's the one with the file in the pocket.

  22. Anonymous Coward
    Big Brother

    Janosko parole violation

    > Janosko was imprisoned in 2006 for a parole violation following a conviction on child pornography charges ..

    Is there any verifiable citation for this or are they merely trashing his reputation on top of the hacking charge ?

    http://en.wikipedia.org/wiki/State_of_Connecticut_v._Julie_Amero

This topic is closed for new posts.