[ISN] Irony: Inmate's hacking through jail computers comes to an end

From: InfoSec News (isnat_private)
Date: Thu Feb 14 2002 - 01:41:41 PST

  • Next message: InfoSec News: "[ISN] Microsoft's new 'compiler' program"

    Forwarded from: security curmudgeon <jerichoat_private>
    
    From http://www.naplesnews.com/02/02/florida/d759107a.htm
    
    "Inmate's hacking through jail computers comes to an end" 
    
    Saturday, February 9, 2002
    Associated Press
    
    KEY WEST - An inmate was able to repeatedly hack into a jail computer
    system, destroying files and going onto the Internet, even though
    officials first caught him doing it last year.
    
    Michael Tanzi's Web excursions ended, though, once officials snared
    him during an online cat-and-mouse game.
    
    Tanzi, a Massachusetts man charged with killing two women, had been
    using the Monroe County Detention Center's computerized law library,
    which consists of about 50 CD-ROMs that prisoners can tap into using
    two steel-enclosed computer terminals in a basement room of the jail.
    
    Last May, Tanzi discovered some law library software allowed him to
    get on the Internet by gaining access to the sheriff's office computer
    system, sheriff's spokeswoman Becky Herrin said.
    
    "He went through our system to get through to the Internet, but he
    only had access to a small area of our system as he went through,"
    Herrin said.  "He didn't spend very much time doing that; he was
    trying to get through to the Internet."
    
    Computer technicians at the jail said they thought they had disabled
    any back doors to the rest of the network.
    
    Jail administrators hadn't installed a firewall because they thought
    they had already safeguarded the system through other means, system
    administrator Michael Grattan said.
    
    Moments after he was nabbed surfing the Internet in May, Tanzi showed
    deputies how he had managed to do it, according to a memo by Grattan.
    
    Officials asked Tanzi to promise not to do it again, and Tanzi agreed,
    according to the memo.
    
    But within a month, Tanzi was back online.
    
    On June 20, he deleted several text files, as well as downloading nude
    images from the Internet, according to a June 21 incident report.
    
    Among the items Tanzi obtained were employee identification numbers,
    which are also on deputies' badges and paperwork around the jail.
    
    But Jim Painter, the jail's director of information systems, said the
    ID numbers could not be used to pull up personal information on jail
    staff.
    
    After the June incident, Painter intentionally permitted Tanzi back
    onto the computer, he said this week.
    
    Painter said he monitored Tanzi as he made his way onto the Internet.  
    Tanzi tried to apply for a magazine subscription and began deleting
    text files connected to the law library's computers. He re-logged into
    the computer six to eight times after being repeatedly kicked off by
    Painter, who was watching from remote.
    
    When Tanzi finally realized Painter was on to him he began typing
    expletives, according to Painter.
    
    Jail administrators have since installed a $10,000 firewall, which
    they say cannot be breached by inmates.
    
    Tanzi, 24, is awaiting trial on a first-degree murder and other
    charges in the April 2000 abduction and slaying of Janet Acosta, an
    employee of The Miami Herald. Prosecutors in Massachusetts have also
    charged Tanzi in the killing of Caroline Holder in Brockton, Mass.,
    more two years ago.
    
    Tanzi, who has been allowed back on the law library computer since the
    firewall was installed, is scheduled to stand trial in Monroe County
    on June 17.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Feb 14 2002 - 05:33:54 PST