dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1428
share rss forum feed


Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4

Convicted hacker attend IT class.. and hacks prison networks

DailyMail | 2 March 2013

quote:
One of Britain’s most notorious cyber criminals hacked into a prison computer system from inside jail – after he was allowed to join an IT class.

Nicholas Webber, 21, jailed for five years in 2011 for masterminding a multi-million-pound internet crime site, triggered the security scare during a lesson.

The prison, HMP Isis in South London, blamed his teacher, Michael Fox, who was employed by Kensington and Chelsea College. He was banned from the prison but the college cleared him of committing any security breaches at a disciplinary hearing last March.

However, he was made redundant when no alternative work could be found for him.

On Friday, Mr Fox, from Bromley, Kent, began a claim for unfair dismissal, arguing that it wasn’t his decision to put Webber, the son of a former member of Guernsey’s parliament, in his class. He says he had no idea he was a hacker.

At a hearing at Croydon Employment Tribunal, Mr Fox accused the college of not doing enough to find him another job. ‘The perceived problem was there was a tutor who had been excluded by the prison and charged with allowing a hacking expert to hack into the prison’s mainframe,’ he said.

In a statement, the college’s business development director, Shanie Jamieson, said: ‘He [Mr Fox] did not feel he had done anything wrong as the student concerned was in his view a convicted computer hacker and should not have been allowed in his classroom.’

Webber was only 17 when he created an internet forum for computer hackers with the potential to fleece up to £15million from individuals and firms.

A court was told he set up GhostMarket after leaving £24,000-a-year Bradfield College, Berkshire, where he got into trouble for deleting friends’ detention records from the school computer.

GhostMarket – dubbed a global ‘crimebook’ with 8,000 members worldwide – gave tips on how to create computer viruses, harvest credit card data and use it to pay for goods on eBay, as well as offering to sell details of 100,000 stolen credit cards.

Police have documented £473,000 losses from 3,500 of the cards, but estimate they could have been used to steal £15million.

Webber, of Southsea, Hampshire, who once boasted online that he was ‘probably the most wanted cyber criminal just now’, also used stolen details to buy computers, video games, iPhones and iPods worth £40,000, and to pay for stays in luxury hotels.
Source/full article: »www.dailymail.co.uk/news/article···tem.html
--
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyone’s going to think you’re a moron.
»bit.ly/V5mACB - How-To: Destroying a faulty keyboard


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

2 recommendations

The bulk of the blame should fall onto the prison IT staff. Why was there a connection from the training room to the prison internal network in the first place ? It probably was the most convenient way to hook the training computers up to the Internet. Convenience and security are often at odds with each other.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!

OZO
Premium
join:2003-01-17
kudos:2

1 recommendation

reply to Smokey Bear
Even in home environment it's advised to a have separate "guest" network with very limited functionality. Those IT guys, who allowed it to happen, are obviously clueless...
--
Keep it simple, it'll become complex by itself...


neochu

join:2008-12-12
Windsor, ON

1 recommendation

reply to leibold
said by leibold:

The bulk of the blame should fall onto the prison IT staff. Why was there a connection from the training room to the prison internal network in the first place ? It probably was the most convenient way to hook the training computers up to the Internet. Convenience and security are often at odds with each other.

And lack of reasonable risk assessments...


MxxCon

join:1999-11-19
Brooklyn, NY
reply to leibold
I think even bigger question is why are they still running mainframe? :/
--
[Sig removed by Administrator: signature can not exceed 20GB]


EGeezer
zichrona livracha
Premium
join:2002-08-04
Midwest
kudos:8
Reviews:
·Callcentric
said by MxxCon:

I think even bigger question is why are they still running mainframe? :/

I've heard people call the system case of their PCs a 'mainframe'. I wouldn't be surprised if the reporter or prison's P.R. spokesman meant the prison education network's server.
--
Buckle Up. It makes it harder for the aliens to suck you out of your car.

daveinpoway
Premium
join:2006-07-03
Poway, CA
kudos:2
Here's another article about this: »www.net-security.org/secworld.ph···ecurity)


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET
If the statement from the Prison Spokesperson is true (closed education network with no possible access to the Internet or other prison systems) why was the teacher of the training class fired ?

I also find the "at the time of this incident" part of the quote amusing. Does that mean they suspended those security measures and the prison education network is now wide open ?


The quote of the Prison Spokesperson first confirms that there was an incident and then goes on to claim that it would have been impossible. That doesn't give it much credibility.

Of course we don't have any details. Perhaps there was something that the IT teacher did that bridged the closed education network to the rest of the prison ?
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!