Forwarded from: security curmudgeon <jerichoat_private> From http://www.naplesnews.com/02/02/florida/d759107a.htm "Inmate's hacking through jail computers comes to an end" Saturday, February 9, 2002 Associated Press KEY WEST - An inmate was able to repeatedly hack into a jail computer system, destroying files and going onto the Internet, even though officials first caught him doing it last year. Michael Tanzi's Web excursions ended, though, once officials snared him during an online cat-and-mouse game. Tanzi, a Massachusetts man charged with killing two women, had been using the Monroe County Detention Center's computerized law library, which consists of about 50 CD-ROMs that prisoners can tap into using two steel-enclosed computer terminals in a basement room of the jail. Last May, Tanzi discovered some law library software allowed him to get on the Internet by gaining access to the sheriff's office computer system, sheriff's spokeswoman Becky Herrin said. "He went through our system to get through to the Internet, but he only had access to a small area of our system as he went through," Herrin said. "He didn't spend very much time doing that; he was trying to get through to the Internet." Computer technicians at the jail said they thought they had disabled any back doors to the rest of the network. Jail administrators hadn't installed a firewall because they thought they had already safeguarded the system through other means, system administrator Michael Grattan said. Moments after he was nabbed surfing the Internet in May, Tanzi showed deputies how he had managed to do it, according to a memo by Grattan. Officials asked Tanzi to promise not to do it again, and Tanzi agreed, according to the memo. But within a month, Tanzi was back online. On June 20, he deleted several text files, as well as downloading nude images from the Internet, according to a June 21 incident report. Among the items Tanzi obtained were employee identification numbers, which are also on deputies' badges and paperwork around the jail. But Jim Painter, the jail's director of information systems, said the ID numbers could not be used to pull up personal information on jail staff. After the June incident, Painter intentionally permitted Tanzi back onto the computer, he said this week. Painter said he monitored Tanzi as he made his way onto the Internet. Tanzi tried to apply for a magazine subscription and began deleting text files connected to the law library's computers. He re-logged into the computer six to eight times after being repeatedly kicked off by Painter, who was watching from remote. When Tanzi finally realized Painter was on to him he began typing expletives, according to Painter. Jail administrators have since installed a $10,000 firewall, which they say cannot be breached by inmates. Tanzi, 24, is awaiting trial on a first-degree murder and other charges in the April 2000 abduction and slaying of Janet Acosta, an employee of The Miami Herald. Prosecutors in Massachusetts have also charged Tanzi in the killing of Caroline Holder in Brockton, Mass., more two years ago. Tanzi, who has been allowed back on the law library computer since the firewall was installed, is scheduled to stand trial in Monroe County on June 17. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Feb 14 2002 - 05:33:54 PST