How did an Ohio inmate get prison administrators' usernames and passwords?


#1

[Read the post]


#2

Inmates have access to computers, regular or otherwise? I suppose to teach computer skills? Probably shouldn’t be surprised by this, but it seems odd.


#3

In my (rather considerable) experience, you just look for about five minutes and you find them. Probably the warden had a printed out list on his desk when the inmate went in to mop the floor.


#4

Interesting… there was a 2600 article a couple of years ago detailing the prisoner-side of the computer systems in Ohio. Not trying to imply anything but…

(Yes, prisoners have very limited access to things like email in some states.)

ETA: Also, it’s not unheard of for prison officials to extract special expertise from inmates with the appropriate skills. It saves them money and slavery is legal in the United States, so long as you’re an inmate. Wouldn’t surprise me if someone had an inmate fix an important computer, but they probably will keep that hush-hush. SCOTUS has upheld the right of prisons to keep a lot of information secret.


#5

Following the loss of the horse, we are closing the barn door out of an abundance of caution.


#6

#7

actually some prisons use prisoners to work in call centers. for example–


#8

“We have no evidence that a data breach occurred at Lebanon or any other prison,” Smith said.

Actually, a list of usernames and passwords would be pretty firm evidence.


#9

I’ve done on-site repairs in a prison call center.


#10

Came to say this. I mean, it’s not just evidence, it’s a damned smoking gun.

The fact that an inmate, theoretically the least-privileged class of user in a prison system, possesses usernames and passwords belonging to others is intrinsically a breach.

EDIT: Words.


#11

That’s hilarious.


#12

Any way I’d like to congratulate the inmate on his parole hearing. The computer says it was successful.


#13

I’m no cyber security expert, but i’m guessing a simple keylogger maybe a hardware one.


#14

My guess is more along the lines of social engineering, or accessing the list as a poorly secured printout.

Keyloggers are possible but require significant skills (relatively) to use and especially in the hardware case some assistance from The Outside. In absence of deeper knowledge of the situation, I’d go for simplicity.


#15

This topic was automatically closed after 5 days. New replies are no longer allowed.