Research reveals prisons at risk from cyber attacks

By Lee Kaelin on November 7, 2011, 9:30 AM

Federal authorities are concerned after research has revealed that U.S. prisons are vulnerable to computer hackers, who could even be able to remotely open cell doors to aid jailbreaks. In a statement to the Washington Times, spokesman Chris Burke said the Federal Bureau of Prisons is "aware of this research and taking it very seriously."

The security systems in most prisons run using special computer equipment that utilizes industrial control systems (ICS) -- the same systems employed to control power plants, water treatment facilities and other critical infrastructure. ICS were in use in the Iranian nuclear power plant facility that was sabotaged successfully by the Stuxnet worm last year.

"You could open every cell door, and the system would be telling the control room they are all closed," said John Strauchs, a former CIA officer when speaking at the recent Miami Hacker Halted convention recently. He provided assistance in a cyber attack on the simulated prison computer systems as part of the research.

Strauchs, who is now a consultant aiding in the design of security systems for state and federal prisons, said it was even possible to destroy doors by overloading the electrical systems that control them, as well as crashing CCTV systems or shutting down prison-wide secure communications when attacking the security control systems that prisons employ.

Sean McGurk, who headed the Department of Homeland Security's efforts to secure the ICS said the department had looked into the claims and had "validated the researchers' initial assertion that they could remotely reprogram and manipulate" the software controllers running in the system.

Further investigations revealed that prison workers were actually using the secure systems to check personal emails, directly exposing them to potential hackers. In over 400 site inspections, researchers found every single facility had their systems connected to internet enabled networks. That said, Strauchs believes the mostly likely vector would be to bribe a prison guard to insert a USB drive with malicious programming, which could be ever harder to stop.




User Comments: 5

Got something to say? Post a comment
amstech amstech, TechSpot Enthusiast, said:

All computer code is transparent.

Only real techies know this to be true.

All software can be infiltrated if you can reach it. One way or another.

ETF Soldier ETF Soldier said:

I think this article should be removed, as it makes whoever reads it aware of this.

Guest said:

@ETFSoldier: The article is based on a Washington Times article, so it's too late.

It seems that these networks are not suposed to be connected to the internet, however due to ignorance or to make things easier for techs, connections were made. Break the connection and isolate the network and you make things much harder to hack.

Guest said:

why in the hell are local security systems accessable to wider reaching networks or even to the internet?

if these damn systems were kept apart these types of threats would not be possible!

Mindwraith said:

Guest said:

why in the hell are local security systems accessable to wider reaching networks or even to the internet?

if these damn systems were kept apart these types of threats would not be possible!

well the 'bribing the security guard to use an infected USB' could still work even if the system was disconnected from the internet

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.