Inmate Gets 18 Months for Hacking Prison Computer

[security curmudgeon <jericho () attrition org>]

[I hope the information becomes public about which "legal research
  software" it was. - jericho]


http://www.computerworld.com/s/article/9142628/Inmate_gets_18_months_for_hacking_prison_computer

Inmate Gets 18 Months for Hacking Prison Computer
By Robert McMillan
December 22, 2009 07:28 PM ET

[..]

In 2006, Janosko managed to circumvent computer controls and use the 
machine to send e-mail and cull data on more than 1,100 Plymouth County 
prison employees. He gained access to sensitive information such as their 
dates of birth, Social Security Numbers, telephone numbers, home addresses 
and employment records.

[..]

However, Janosko found a way of "exploiting an idiosyncrasy in the legal 
research software" so he could access other programs via the terminal.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php