iPhone app iPad app Android phone app Android tablet app More

Gerry Smith
Gerald.Smith@huffingtonpost.com Become a fan of this reporter
GET UPDATES FROM Gerry
 

Security Flaw Could Let Hackers Help Inmates Break Out Of Prison

Prison Security Flaw

First Posted: 08/09/11 09:51 AM ET Updated: 10/09/11 06:12 AM ET

Inspiring
 Funny
 Obsolete
 Scary
 Must-Have
 Amazing
 Innovative
 Nerdy

LAS VEGAS – Inmates have tried many ways to break out of prison: chip away at concrete, overpower guards, tie bedsheets together.

Now, they may have a new tactic: hack into the computer system that controls prison doors.

At the DefCon hacker conference in Las Vegas this weekend, researchers showed how they found a security flaw that could allow prisoners to escape if hackers breach the prison's computer system.

The issue came to light by accident a few years ago when a prison warden called security engineer John Strauchs with an alarming problem: all of the cells on death row had mysteriously opened.

The cause was a random power surge, but it got Strauchs thinking.

“If that can happen by accident, what would happen if you did it deliberately?” asked Strauchs, who has designed prison door control systems.

Then a few years later, a powerful computer worm called “Stuxnet” disabled Iran’s nuclear centrifuges. The worm, which is considered the most sophisticated cyberweapon ever made, attacked a “programmable logic controller,” which is a computer that is also used in the nation’s high-security prisons.

For about $2,500, the researchers bought one of these computers, which are manufactured by Siemens, and tested them in a laboratory.

The researchers said they have not simulated an attack on a correctional facility to test the possible flaw, but they believe it is possible to launch a cyber prison break, in large part because prison guards are not taking basic cybersecurity measures.

During a tour of one U.S. prison, the researchers found a guard in the control room checking his email on a computer that communicates with the system operating the doors. If that guard clicked on a malicious link or attachment, he could trigger a prison break, researchers said.

"If the computer had been attacked, we could open up and close the cell doors," said Tiffany Rad, president of ELCnetworks. "Any time you have a security product, the people operating it need to understand why certain operating procedures are in place."

The researchers said they briefed the federal government on the possible security flaw and received approval to give their presentation this weekend at the hacker conference.

Chris Burke, a spokesman for the Federal Bureau of Prisons, said he was unaware of the researchers' findings.

"We would take anything like that seriously and be wiling to take a look at that," Burke said.

Strauchs also noted that prison guards "don't get paid very much" and could be bribed to hack the prison computer system. But he said the security flaw could be subdued by prison officers performing basic cyber hygiene, like not using computers to check email.

"If the prisons change their security procedures, they could probably fix the problem 98 percent on their own," he said.

FOLLOW HUFFPOST TECH

LAS VEGAS – Inmates have tried many ways to break out of prison: chip away at concrete, overpower guards, tie bedsheets together. Now, they may have a new tactic: hack into the computer system t...
LAS VEGAS – Inmates have tried many ways to break out of prison: chip away at concrete, overpower guards, tie bedsheets together. Now, they may have a new tactic: hack into the computer system t...
Read more from Huffington Post bloggers:
Michael Santos

Michael Santos: Prisoners Who Have Dreams

I applaud the new memorial in Washington D.C. honoring Dr. King. Yet, we -- as a nation -- still have a long way to go before we can say that we are living his noble dream.

 
 
  • Comments
  • 91
  • Pending Comments
  • 0
  • View FAQ
Comments are closed for this entry
View All
Favorites
Recency  | 
Popularity
Page: 1 2 3  Next ›  Last »  (3 total)
Noatec
1 Fans
11:21 AM on 08/10/2011
I was a correctional officer in a SHU unit of a level six state pen for 5 years.
On occasion our doors would just “ghost” open.
The problem:
The state gave the electrical contract for the new facility to the lowest bidder.
As soon as they got paid for their shoddy work, the company dissolved.
Permalink  |
Ayla McIntosh
19 Fans
10:55 AM on 08/10/2011
Guess it's time to go back to good old fashion locks.
Permalink  |
photo
Goose8
29 Fans
06:49 AM on 08/10/2011
Why would the prison security system be available online? It seems that if they made this a private network not attached to the Internet...there shouldn't be a problem.

Go ahead and pay me the consultant's fee...I'll even take a reduced rate. :)
Permalink  |
HUFFPOST SUPER USER
Barry Clarke
Retired Air Traffic Control Aviation Meteorologist
359 Fans
01:11 AM on 08/10/2011
For about 20 cents on the dollar, there are foreign countries that will house our criminal elite. Most likely upon their return to the USA, if they make it out alive that is, they would be less likely to want and repeat the foreign process again.
Permalink  |
Stateville1991
51 Fans
12:32 AM on 08/10/2011
As a former Correctional Officer at Stateville, a Maximum-Security Pentitentiary in Joliet, IL., where the death penalty was administered, here are the FACTS! GENERAL POPULATION convicts are out all day long; and, are only 'locked-up' during 'count-checks' between shifts. After the count 'checks,' they are released again until the next count, until lights out. At Stateville, there was a 33' wall surrounding the 65 acres of cellhouses, with numerous towers manning those walls. At each tower there was a 12-Gauge and an M-14 with full clips. At specific towers called 'Sally-Ports,' there were also 'Deer-Slugs' for the 12-Gauge. These shells would take out an automobile engine or, an elephant! Additionally, if ANY convict did manage to get 'close to the wall' with a rope to 'go over' the wall, the Correctional Officer had to wait until the rope had attached to the top of the wall; and then have to wait until the convict 'TOUCHED THE ROPE' before FIRING! I just 'hated' those Administrative Directives regarding 'JUSTIFIABLE' reasons to fire! By the way, NO ONE ever got over the wall! So, stop worrying about 'Hackers,' and, worry more about the 'Wardens' who run these institutions and how they 'kiss the asses' of the Gangs who fight for domination within the prison system. Don't even get me going about the 'Ramadan Ritual,' and the extra 'perks' given to all of those 'peace-loving' Muslim convicts duriing their 'holy' days!
Permalink  |
photo
Mandy Pinto
8 Fans
01:04 AM on 08/10/2011
I was with you until you starting making fun on Muslims. Exactly why do you think its ok for Christians to have there holidays but not for Muslims to have there holy days? What makes any other religion better then another?
Permalink  |
Stateville1991
51 Fans
01:24 AM on 08/10/2011
Hi, Mandy....I don't really care if you were 'with me or not.' You haven't seen or witnessed what I have! Making 'fun of Muslims?' I want much, much, more than that!

Additionally, after 9/11; along with the 'EXTRA' privileges Muslim convicts receive in prison...once again, I really don't care if you agree with me or not. I was there, you were not!

Additionally, here is something else you probably won't agree with....God Bless America; and, to those brave Seals and Military personnel who were just recently murdered by the Taliban this week!

I'm just waiting for the 'official' military outrage why these men died; and, most interestingly enough, especially members of the Seal Team who took out Bin Laden in May.

Hmm....they died almost 3 months to the day of Bin Laden's passing....and, during the Ramadan Celebration!

Coincidence? Or, possibly 'Redemption, or a Deal' for Obama during this Ramadan Feast, for killing Bin Laden?

Do I hear mandantory pay-backs for Obama from the Taliban; or, 'Mea-Culpa's' for Obama's spiritual salvation?
Permalink  |
Stateville1991
51 Fans
01:53 AM on 08/10/2011
Hi, Mandy...

You asked me: 'What makes any other Religion better than the other?'

Answer: I don't recall in the 'History of the United States of America' that any: Catholics; Episcopalians; Lutherans; Protestants; Presbyterians; Methodists; Jewish; Mormans; Jehovah's Witnesses; Scientology; Wiccans; Atheists; Agnostics; Hindus; Buddhists; Anglicans; Devil-Worshippers; Scientology, etal...EVER:

LEVELED THE REAL ESTATE IN NEW YORK CITY; PENNSYLVANIA; AND WASHINGTON, D.C.

Therein, lies the 'Difference' Mandy....GET IT? (Did you notice that Muslims/Islam did not appear on this list)?
Permalink  |
photo
Ben Carnes
By our actions, we create our destiny.
359 Fans
 
02:27 PM on 08/10/2011
I would not go so far as to blame religion, especially when human can distort interpretations to fit their self-interest. Ghandi said, "I like your Christ, but I do not like your Christians, they are so unlike your Christ.
Paul Harvey once quoted Will Rogers as saying "If you ever want to see the scums of the earth - go to a prison... during shift change. Does that comment include all prison guards? No, any intelligent person will tell you that there are rotten apples in every barrel. We just cannot blindly lump all into a category, no more than a state agency, such as a corrections department can ban religious practices in any of its facilities without justifying a lawsuit it cannot win.
Permalink  |
photo
bhamnikwa
85 Fans
12:17 AM on 08/10/2011
May just be the answer to solve the problem of putting non violent offenders in jail in the first place.
It doesn't say much when your not the most economically sound Country in the World, yet you have the highest population of your citizens in jail than any other Country.
Permalink  |
photo
HUFFPOST SUPER USER
JoanneRM
341 Fans
12:14 AM on 08/10/2011
They could provide a computer for guards to use during quite periods at night. My sister has a step grand daughter who is a guard in a prison during the day. There is no down time then. But perhaps at night they do.
Permalink  |
photo
Mandy Pinto
8 Fans
01:06 AM on 08/10/2011
There at work, why would they give them computers to play on when they should be working
Permalink  |
photo
littlebrowngirl
Brevity is the soul of wit - Shakespeare
1250 Fans
11:09 PM on 08/09/2011
Shawshank 2.0.
Permalink  |
photo
360Dunk
Feeder of slot machines
699 Fans
10:56 PM on 08/09/2011
Now if the hackers could just direct their efforts toward Italy and release Amanda Knox.....
Permalink  |
This user has chosen to opt out of the Badges program
thm4usa
99 Fans
10:10 PM on 08/09/2011
There is now and always will be hacking on the Internet! While someone is being paid to prevent hacking, someone is being paid to learn how to exploit the network. Some people will even seek to exploit the network just because of the challenge. Other governments seek to exploit the Internet seeking advantages over other governments!
Permalink  |
HUFFPOST SUPER USER
Ty2010
93 Fans
09:22 PM on 08/09/2011
Secure systems and unsecured systems are supposed to be separate, just like in the military they were supposed to be separate.
Permalink  |
photo
HUFFPOST SUPER USER
Charles Queen
I am a disabled nam vet
158 Fans
 
09:15 PM on 08/09/2011
One would have thought about soeme thing like this happening long ago considering hcking has been going on for such a long time now.I would think that authority's would already be working on some sort of a back up system to keep the ceels from being opened by hackers.I think though that it's pretty pathetic of hackers to even consider doing some thing as henious as this is
Permalink  |
peptides01
3 Fans
08:22 PM on 08/09/2011
and some just wouldnt leave if the door was open
Permalink  |
photo
HUFFPOST SUPER USER
PaulAdams
15 Fans
08:14 PM on 08/09/2011
Considering the vast majority of people in prison are victims of the police state and victims of the war on drugs, I would say that maybe somebody should go ahead and give it a try. Then we can go recapture the 30% of inmates that deserve to be there.
Permalink  |
This user has chosen to opt out of the Badges program
photo
HomeGrower
Independent - so both sides hate me
413 Fans
08:39 PM on 08/09/2011
We'll let them go in your backyard.
Permalink  |
Stateville1991
51 Fans
12:54 AM on 08/10/2011
Hey, Paul....

Hmm...I assure you, Max-Joints do not 'house' your so-called 'victims' of a 'police or war on drugs' state.

Try walking the galleries or the 'Flag' in the General Population cellhouse in a Max-Joint. You won't find too many 'pot-smoking, DUI victims there, (like yourself)! LOL!

You must be confused with the difference between: a County, or City prison jail! Trust me, otherwise, you would be singing a different tune.

FYI, the MSNBC show 'LOCK-UP' only portrays convicts in Protective Custody or Segregation. You would REALLY be impressed if: They showed the everyday life of convicts in General Population!

The only problem with filming this would be: The Correctional Facility would never allow it; the filming crew would be scared to death; and, the convicts would enjoy it too much!
Permalink  |
photo
Strauchs
0 Fans
07:49 PM on 08/09/2011
There should be a You-Tube of our presentation at Defcon for the prison hack, which will include the demo. I'll post the link when it is avilable.
Permalink  |
Page: 1 2 3  Next ›  Last »  (3 total)