Irony: Inmate's hacking through jail computers comes to an end

[InfoSec News <isn () c4i org>]

Forwarded from: security curmudgeon <jericho () attrition org>

> From http://www.naplesnews.com/02/02/florida/d759107a.htm

"Inmate's hacking through jail computers comes to an end" 

Saturday, February 9, 2002
Associated Press

KEY WEST - An inmate was able to repeatedly hack into a jail computer
system, destroying files and going onto the Internet, even though
officials first caught him doing it last year.

Michael Tanzi's Web excursions ended, though, once officials snared
him during an online cat-and-mouse game.

Tanzi, a Massachusetts man charged with killing two women, had been
using the Monroe County Detention Center's computerized law library,
which consists of about 50 CD-ROMs that prisoners can tap into using
two steel-enclosed computer terminals in a basement room of the jail.

Last May, Tanzi discovered some law library software allowed him to
get on the Internet by gaining access to the sheriff's office computer
system, sheriff's spokeswoman Becky Herrin said.

"He went through our system to get through to the Internet, but he
only had access to a small area of our system as he went through,"
Herrin said.  "He didn't spend very much time doing that; he was
trying to get through to the Internet."

Computer technicians at the jail said they thought they had disabled
any back doors to the rest of the network.

Jail administrators hadn't installed a firewall because they thought
they had already safeguarded the system through other means, system
administrator Michael Grattan said.

Moments after he was nabbed surfing the Internet in May, Tanzi showed
deputies how he had managed to do it, according to a memo by Grattan.

Officials asked Tanzi to promise not to do it again, and Tanzi agreed,
according to the memo.

But within a month, Tanzi was back online.

On June 20, he deleted several text files, as well as downloading nude
images from the Internet, according to a June 21 incident report.

Among the items Tanzi obtained were employee identification numbers,
which are also on deputies' badges and paperwork around the jail.

But Jim Painter, the jail's director of information systems, said the
ID numbers could not be used to pull up personal information on jail
staff.

After the June incident, Painter intentionally permitted Tanzi back
onto the computer, he said this week.

Painter said he monitored Tanzi as he made his way onto the Internet.  
Tanzi tried to apply for a magazine subscription and began deleting
text files connected to the law library's computers. He re-logged into
the computer six to eight times after being repeatedly kicked off by
Painter, who was watching from remote.

When Tanzi finally realized Painter was on to him he began typing
expletives, according to Painter.

Jail administrators have since installed a $10,000 firewall, which
they say cannot be breached by inmates.

Tanzi, 24, is awaiting trial on a first-degree murder and other
charges in the April 2000 abduction and slaying of Janet Acosta, an
employee of The Miami Herald. Prosecutors in Massachusetts have also
charged Tanzi in the killing of Caroline Holder in Brockton, Mass.,
more two years ago.

Tanzi, who has been allowed back on the law library computer since the
firewall was installed, is scheduled to stand trial in Monroe County
on June 17.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.