Inmate Exposes Prison Employee Data Base
There’s an ongoing silent war between inmates and the personnel of the prison holding them. There have been quite a few movies on riots, guards having their families threatened and other such. And now this topic hits the endpoint security arena: a former inmate has hacked into a prison’s network and made the employee’s database available to his imprisonment colleagues.
The 42-year-old Francis G. Janosko accessed the names, addresses, dates of birth, social security numbers and telephone numbers of employees working for the Plymouth County Correctional Facility in Massachusetts, said the US District Court in Boston. Using a thin client connected to a prison server, Janosko exploited a bug in legal research software made available to inmates to gain access to the database.
Janosko then shared the private details with his felllow inmates and also managed access the Internet and to download videos and digital photographs of prison employees, inmates and aerial shots of the prison. The hacking took place between October 2006 and February 2007. He is currently charged with identity theft and intentional damage to a protected computer. If convicted, the maximum sentence is 12 years in prison and a fine of $250,000. He could additionally be forced to pay unspecified restitution.
