Douglas Havard hacks jail's network where he's an inmate



  • Why waste money on honest (but probably expensive) IT professionals when you can get one of the inmates to do it for free? Sounds brillant, right?

    A UK prison computer system was left in lockdown after jail bosses gave a convicted cybercriminal the task of reprogramming it, the Sunday Mirror reports.

    Source: http://www.theregister.co.uk/2009/09/29/inmate_hacker/



  •  Hey, why not get them to change the locks too?

     



  • I presume they give murderers the task of sharpening their kitchen knives and cleaning their guns, and employ paedophiles to look after employees' children.


  • Discourse touched me in a no-no place

    @Wrongfellow said:

     Hey, why not get them to change the locks too?

    I assume you noticed this sentence hidden in TFA?:

    Another inmate at Ranby Prison recently managed to get a key cut that was capable of opening every door at the jail.



  • @NSCoder said:

    I presume they give murderers the task of sharpening their kitchen knives and cleaning their guns, and employ paedophiles to look after employees' children.
     

    I think next is well-built men in for beating people to death acting as prison guards. I mean they know how to keep people in line eh?



  • @TFA said:

    Another inmate at Ranby Prison recently managed to get a key cut that was capable of opening every door at the jail.

    Why is there a key that works on every door in a prison house? Did some retarded conversation happen?
    @Contractor said:
    ... So this key opens the door to the pantry, this one to the arm-

    @PHB said:
    Why do we have to have so many keys?

    @Contractor said:
    Because what happens if a prisoner gets the key to the bathrooms? Do you want him to have access to the armory and ammo closet too?

    @PHB said:
    What if he needs to get to those rooms, eh? He'd only have the key to the bathroom, and that'd be horrible.

    @Contractor said:
    Why don't I just make a key that opens fucking everything!?

    @PHB said:
    That's brillant!

    @Contractor said:
    ... I want that in writting.



  • Alas, the article is short on details. These details are needed to make a judgement. If the inmate hacked prison administration computers, the governors were stupid. If the computers were set aside for prisoner use, the inmate was a douchebag who ruined the system for his fellow inmates. Rehabilitating prisoners involves trusting them with something, such as not stabbing the prison farm animals. That the governors were confident he didn't access records suggests he never touched the admin computers. I'm going with the douchebag hypothesis.



  •  

    Douglas Havard hacks jail's network where he's an inmate

    If I was an inmate in a jail's network, I'd probably hack it too.

     



  • Lots of large institutions have keys that can open just one door or multiple doors, depending on how they're cut. Otherwise the guards would need to lug around a different key for each door.



  • @Lingerance said:

    Why is there a key that works on every door in a prison house? Did some retarded conversation happen?
    Uh, no?



  • @bstorer said:

    @Lingerance said:

    Why is there a key that works on every door in a prison house? Did some retarded conversation happen?
    Uh, no?


    Filed under: The Atlantic Ocean cannot stop curses, Master keys are pretty fucking common
    A sane individual would expect that in a secure environment there isn't a "golden ticket" or master key to everything.



  • @Lingerance said:

    @bstorer said:

    @Lingerance said:

    Why is there a key that works on every door in a prison house? Did some retarded conversation happen?
    Uh, no?

    Filed under: The Atlantic Ocean cannot stop curses, Master keys are pretty fucking common
    A sane individual would expect that in a secure environment there isn't a "golden ticket" or master key to everything.
    Just like it's insecure for root to have power over everything on a computer, right?  Having everyone control the site-wide master key is certainly a terrible security hole, but having one such key really isn't.  There's negligable difference in the security risk of having one master key compared to a set of keys, unless you store each key in that set in a different place.


  •  Phishing isn't a tricky, technical exploit. The real WTF is they confused a schemer with a geek

     I'm kind of offended actually.

     "Oh, you were arrested for pyramid selling on the internet? Well, then! You'll definitely be capable of coding a J2EE shower scheduler for us!"



  • @bstorer said:

    Just like it's insecure for root to have power over everything on a computer, right?  Having everyone control the site-wide master key is certainly a terrible security hole, but having one such key really isn't.  There's negligable difference in the security risk of having one master key compared to a set of keys, unless you store each key in that set in a different place.
    Not really. If a person had root on one machine it doesn't guarantee ey could get root on another, nor is there a one stop way to get root on any given system, unless the admin failled to take basic sec measures to heart (eg: one would need physical access and the root passowrd, or for network access a username that can get root and their password). In a network setup with the principle of least priviledge each admin would only have access to what they need, and the root password (or means to get the root password) would require multiple people, root shells could be gotten with sudo and have the shell specially configure to log each command and only given if necessary. Having a key that works on multiple locks isn't itself entirely bad, it could even work on multiple sites. However having one key that works on the entire site breaks that security mechanism completely should it ever fall into the wrong hands, it's easier to do more damage. In this case the prisonner could've freed every other prisoner, or just snuck out on eir own. Having to use a set of keys isn't all that difficult, and if there are enoguh keys on the keychain it will impede someone who doesn't know how to use it.



    Shorter version: Master key is a factor of authentication, it is a physical object and can be misplaced. A set of zone keys could be together and still impede someone who isn't familliar with which key does what, especially if some of the locks are "tricky".



  • @Lingerance said:

    Not really. If a person had root on one machine it doesn't guarantee ey could get root on another, nor is there a one stop way to get root on any given system, unless the admin failled to take basic sec measures to heart (eg: one would need physical access and the root passowrd, or for network access a username that can get root and their password). In a network setup with the principle of least priviledge each admin would only have access to what they need, and the root password (or means to get the root password) would require multiple people, root shells could be gotten with sudo and have the shell specially configure to log each command and only given if necessary.
      This is a tedious aside that has nothing to do with the matter at hand.  I spoke only of root on a given system, not of an entire network.  You've altered the analogy in your attempt to invalidate what I've said, and thus missed the point completely.  However, while we're on the subject, there's no reason you can't have zoned masters.  There are many multilevel key systems available.

     @Lingerance said:

    Having a key that works on multiple locks isn't itself entirely bad, it could even work on multiple sites.
    Multiple sites?  It's a prison.  Please try and focus here.

    @Lingerance said:

    However having one key that works on the entire site breaks that security mechanism completely should it ever fall into the wrong hands, it's easier to do more damage.
    Easier, but not by much.  Losing any key in a prison is a serious problem, if only for the systematic breakdown it implies.  Yes, losing the master is more serious, which is why they are more closely guarded.  You don't just hand a copy to every guard, just as you wouldn't make every user a network admin.  The fact that you don't immediately take this fact for granted is troubling.  What other basic concepts are you ignoring in your pursuit of splitting hairs?

    @Lingerance said:

    In this case the prisonner could've freed every other prisoner, or just snuck out on eir own.
    Locks aren't the only security measure in place in a prison.  Why are you forcing me to go over basic concepts here?  Freeing every other prisoner requires a more significant breakdown than acquiring a master key.

    @Lingerance said:

    Having to use a set of keys isn't all that difficult,
    And you will probably find that guards have to do just that.  Again, nobody is suggesting that everyone be handed a master key.  That's why it's a master key: so that you can still have a bunch of subkeys to control access.

    @Lingerance said:

    if there are enoguh keys on the keychain it will impede someone who doesn't know how to use it.
    If the time it takes to go through a set of keys is even considered in your security design, you have already failed.  Luck of the draw shouldn't dictate whether or not a prisoner can escape.  There is, however, one case where such impediments are an issue: rapid response.  In that case, you'll definitely want a master key to move in as quickly as possible.

    @Lingerance said:


    Shorter version: Master key is a factor of authentication, it is a physical object and can be misplaced.
    Any key can be misplaced.@Lingerance said:
    A set of zone keys could be together and still impede someone who isn't familliar with which key does what
    Prison use zoned keys.  Nobody is suggesting that they don't.  Don't be stupid.@Lingerance said:
    especially if some of the locks are "tricky"
    WTF?  "Tricky" locks?  They're locks.  Key goes in, door opens, end of story.  I'm not even sure what the hell you mean by that.  Is there some sort of Sphinx lock of which I am unaware that asks you a riddle before it'll open?




  • @Lingerance said:

    A sane individual would expect that in a secure environment there isn't a "golden ticket" or master key to everything.

    Presumably they rely on the expectation that the master key isn't actually prominently marked "Master Key", anodised in gold and encrusted in precious jewels. It probably looks like a very ordinary key that opens a janitor's cupboard.

    However, if you throw it into a fire, then an inscription appears, in roman letters but <ethnic> language:

    One key to rule them all, one key to find them,
    One key to bring them all and in the darkness unbind them.

     



  • @Paddles said:

    but <ethnic> language
    That's racist.



  • @Lingerance said:

    Shorter version: Master key is a factor of authentication, it is a physical object and can be misplaced. A set of zone keys could be together and still impede someone who isn't familliar with which key does what, especially if some of the locks are "tricky".

    Ahh, security through obscurity.  I've heard it's a good idea, but I'd like your insights into leveraging it successfully.

     

    bstorer did a good job of ripping your naive argument to shreds, but I'd just like to point out that having a single master key is not inherently more or less secure than a lot of things.  Even with your convoluted security setup I can just jam a shiv into a guard's neck, take his gun and make the other guards open all the doors for me at gunpoint.



  • @bstorer said:

    @Paddles said:

    but <ethnic> language
    That's racist.

    Nah, just bad use of the word 'ethnic'. It's a crap LOTR reference anyway.



  • @Flatline said:

    @bstorer said:

    @Paddles said:

    but <ethnic> language
    That's racist.

    Nah, just bad use of the word 'ethnic'. It's a crap LOTR reference anyway.

    Bad uses of the word 'ethnic' are racist, just like everything else that isn't me being given a large sum of money.



  • @bstorer said:

    I spoke only of root on a given system, not of an entire network.

    It's pretty simple to change your root password or your Administrator password. It's very difficult to change the master key.


  • @Lingerance said:

    A sane individual would expect that in a secure environment there isn't a "golden ticket" or master key to everything.

    You have a different definition of sane than I.

    I would say a sane individual would expect in any secure environment that the sane individual did not personally design, there is a master key to everything.  Further, in a prison, a sane individual would expect that prisoners are going to misappropriate it from time to time - or duplicate it.

    Now, an intelligent and thoughtful person who was having a prison constructed would insist upon not only having no master key made, but also having the keys use distinctly different designs, such that no master key is even *possible*.  The reason for this is simple: locksmiths sometimes break the law also; even occasionally to such a great extent that prison time is warranted.  Sadly, it is actually a profession which is likely to draw a slightly greater than normal share of miscreants.  Yes, it's difficult to make a master key from scratch - but it's also easier to make duplicate keys for all the doors if they all use the same blanks.



  • @bstorer said:

    Just like it's insecure for root to have power over everything on a computer, right?

    Exactly.  That's why secure computers *don't* have a root account which has power over everything.  (And they especially don't have an Administrator account with power over everything.)

    It is exceedingly annoying not to have such an account, but one learns to deal with it.  Fortunately, the computers I mostly deal with aren't so secure that they don't have any user accounts that can acquire all privileges (though not, of course, at once.)  And, as a developer, I don't really have that much in the way of rights on the others.

    And, if by storing the keys in different places, you mean different people's pockets, certainly.  For the backup copies of keys, I'd expect an actual security conscious facility would do it similarly to the backup keys for the secure computer cages at work: the keys are stored in safes with multiple locks required to open.  No one individual has all of the requisite keys.  Each safe only stores keys of types needed to open said safe.

    Is that an annoying hassle?  It certainly seems to be to me.  However, I wouldn't know from experience...  I'm a developer...



  • @tgape said:

    Exactly.  That's why secure computers *don't* have a root account which has power over everything.  (And they especially don't have an Administrator account with power over everything.

    [citation needed]

     

    @tgape said:

    It is exceedingly annoying not to have such an account, but one learns to deal with it.  Fortunately, the computers I mostly deal with aren't so secure that they don't have any user accounts that can acquire all privileges (though not, of course, at once.)  And, as a developer, I don't really have that much in the way of rights on the others.

    And, if by storing the keys in different places, you mean different people's pockets, certainly.  For the backup copies of keys, I'd expect an actual security conscious facility would do it similarly to the backup keys for the secure computer cages at work: the keys are stored in safes with multiple locks required to open.  No one individual has all of the requisite keys.  Each safe only stores keys of types needed to open said safe.

    Is that an annoying hassle?  It certainly seems to be to me.  However, I wouldn't know from experience...  I'm a developer...

    Your reasoning seems to be "I don't have root access so nobody needs it".  Of course, somebody has to have the authority to grant the privileges in the first place, install software upgrades, upgrade the kernel, modify configurations and access the hardware.  Any one of these could be abused to obtain some sort of root-like access.  Should everyone be root?  No.  Should you be root?  No.  Somebody has to be root, though.



  • @morbiuswilters said:

    @tgape said:

    Exactly.  That's why secure computers don't have a root account which has power over everything.  (And they especially don't have an Administrator account with power over everything.

    [citation needed]

    Right.  Looks like somebody hasn't been following computer security at all for the past eight years.  I admit, I stated that a bit overly provocatively.  The computers which I use at work *have* a root account.  It's just that their root accounts are very limited.

    @morbiuswilters said:

     

    @tgape said:

    It is exceedingly annoying not to have such an account, but one learns to deal with it.  Fortunately, the computers I mostly deal with aren't so secure that they don't have any user accounts that can acquire all privileges (though not, of course, at once.)  And, as a developer, I don't really have that much in the way of rights on the others.

    And, if by storing the keys in different places, you mean different people's pockets, certainly.  For the backup copies of keys, I'd expect an actual security conscious facility would do it similarly to the backup keys for the secure computer cages at work: the keys are stored in safes with multiple locks required to open.  No one individual has all of the requisite keys.  Each safe only stores keys of types needed to open said safe.

    Is that an annoying hassle?  It certainly seems to be to me.  However, I wouldn't know from experience...  I'm a developer...

    Your reasoning seems to be "I don't have root access so nobody needs it".  Of course, somebody has to have the authority to grant the privileges in the first place, install software upgrades, upgrade the kernel, modify configurations and access the hardware.  Any one of these could be abused to obtain some sort of root-like access.  Should everyone be root?  No.  Should you be root?  No.  Somebody has to be root, though.

    You misunderstand me.  I have root.  It's just that root isn't as powerful as it is elsewhere.  One could even argue that the normal users are more privileged, as they can get certain privilege enhancements. Root can't, because it's not authorized to be able to get for any privileges it doesn't have at boot.  Of course, root can run a few programs, such as init, which themselves have assigned privileges.  But without access to edit files, that doesn't particularly go very far.  (I have root so I can restart processes in the same manner they start at boot.  Although, in Solaris 10, that ends up simply being access to send the processes signals.)

    Apparently, even Windows gets some of this action.  But I don't know how complete it is.

    I am curious, however: can you articulate why I shouldn't have full access privs on production hardware?



  • @tgape said:

    @morbiuswilters said:

    @tgape said:

    Exactly.  That's why secure computers *don't* have a root account which has power over everything.  (And they especially don't have an Administrator account with power over everything.

    [citation needed]

    Right.  Looks like somebody hasn't been following computer security at all for the past eight years.  I admit, I stated that a bit overly provocatively.  The computers which I use at work *have* a root account.  It's just that their root accounts are very limited.

    Your statement was that "secure computers don't have a root account" which is not proven by your citations.  What you have shown is that computers without a root account can be secure.  Plenty of secure computers have a root account.

     

    @tgape said:

    You misunderstand me.  I have root.  It's just that root isn't as powerful as it is elsewhere.  One could even argue that the normal users are more privileged, as they can get certain privilege enhancements. Root can't, because it's not authorized to be able to get for any privileges it doesn't have at boot.  Of course, root can run a few programs, such as init, which themselves have assigned privileges.  But without access to edit files, that doesn't particularly go very far.  (I have root so I can restart processes in the same manner they start at boot.  Although, in Solaris 10, that ends up simply being access to send the processes signals.)

    Apparently, even Windows gets some of this action.  But I don't know how complete it is.

    I am curious, however: can you articulate why I shouldn't have full access privs on production hardware?

    Fine, you have "root" access, it's just not like root access as the term would be defined, or even how you were using it.  You also haven't really addressed my point that there is still essentially a "master key" in that anyone with access to the hardware or kernel or system configuration can simply elevate themselves to root-like privileges.  I'm not arguing against role-based security, what I'm saying is that if you think there isn't a "master key" for your servers, you are sadly mistaken.  Clearly, it's not wise to give it to everybody but the argument was that having any kind of "master key" is stupid with my reply being that there is always a "master key" and that it is useful and necessary for there to be one.

     

    If you don't understand this, I don't think I would be comfortable with you having full access privs on production hardware.



  • @morbiuswilters said:

    @tgape said:

    @morbiuswilters said:

    @tgape said:

    Exactly.  That's why secure computers don't have a root account which has power over everything.  (And they especially don't have an Administrator account with power over everything.

    [citation needed]

    Right.  Looks like somebody hasn't been following computer security at all for the past eight years.  I admit, I stated that a bit overly provocatively.  The computers which I use at work *have* a root account.  It's just that their root accounts are very limited.

    Your statement was that "secure computers don't have a root account" which is not proven by your citations.  What you have shown is that computers without a root account can be secure.  Plenty of secure computers have a root account.

    Um,

    @tgape said:
    That's why secure computers *don't* have a root account which has power over everything.

    I did not put a period after the word 'account'.  I made a longer statement.  Apparently, it overflowed your buffer.  I will endeavor to type in shorter sentences. , Err, sorry... I will *try* to use shorter sentences.  And words.  For your benefit.  I thought I only needed to do that for BTK.

    @morbiuswilters said:

    @tgape said:

    I am curious, however: can you articulate why I shouldn't have full access privs on production hardware?

    Fine, you have "root" access, it's just not like root access as the term would be defined, or even how you were using it.  You also haven't really addressed my point that there is still essentially a "master key" in that anyone with access to the hardware or kernel or system configuration can simply elevate themselves to root-like privileges.  I'm not arguing against role-based security, what I'm saying is that if you think there isn't a "master key" for your servers, you are sadly mistaken.  Clearly, it's not wise to give it to everybody but the argument was that having any kind of "master key" is stupid with my reply being that there is always a "master key" and that it is useful and necessary for there to be one.

     

    If you don't understand this, I don't think I would be comfortable with you having full access privs on production hardware.

    First, I didn't ask why I didn't have root, but rather why I don't have first access privs.  And I'm glad you accept that it's not root as normally defined - that was my point above.

    I'm not saying there is definitively no master key - but several teams of security professionals have gone over our most secure systems, sought out master keys, and split every one they could find into two keys, which are doled out to two different groups.  One needs two keys to get to the physical servers, for example.  I can't defend all of the details of these systems, because I don't know them.  I think the point of the exercise is to ensure that none of the administrators is aware of a master key which they can personally use without risk of being caught.  Certainly, this is what we appear to have accomplished.

    Of course, there's always software bugs.  The privilege separation helps a lot there - most normally exploitable software bugs become fiendishly difficult or impossible to exploit with an effective privilege separation mechanism.  Of course, since that's been made by man, it surely has bugs, too.

    I think what we have accomplished is somewhat similar to what would be accomplished in a prison if the keys to each security zone were made with blanks unique to that zone (at least as far as that prison is concerned).  It could still be possible to make a single master key - but it would be fiendishly difficult to do so.  Having a different locksmith do each zone might also help.

    Of course, that's a level of expense that most, if not all, prison builders will not want to pay.



  • @tgape said:

    I think what we have accomplished is somewhat similar to what would be accomplished in a prison if the keys to each security zone were made with blanks unique to that zone (at least as far as that prison is concerned).  It could still be possible to make a single master key - but it would be fiendishly difficult to do so.  Having a different locksmith do each zone might also help.

    Of course, that's a level of expense that most, if not all, prison builders will not want to pay.

     

    You seem to be missing a very serious point.  Securing a server is not the same as securing a prison.  For the server, you don't want a single person to be able to get to it.  This is just like a nuclear weapons launch.  You don't want a single person to be able to launch nuclear weapons.   When securing a prison it is important that the warden or head gaurd or whatever has fast access to the entire prison in the event of an emercency.  This server/root access analogy has run it's course.  It's an interesting topic perhaps, but has little to do with master keys in a prison.



  • @alegr said:

    @bstorer said:

    I spoke only of root on a given system, not of an entire network.

    It's pretty simple to change your root password or your Administrator password. It's very difficult to change the master key.

    I must've missed this when it was first posted; I've only just noticed it while catching up on this thread. 

    While true, this comment doesn't even matter from a security standpoint.  It isn't really a condemnation of having a master key, it is a comdemnation of losing the master key.  But the thing is, the master key already has a much more important reason not to lose it: it's the master key.  In other words, even if it cost $5 and took ten minutes to rekey the prison, it wouldn't change the way the master key is treated, because it is still too valuable to lose.



  • @bstorer said:

    While true, this comment doesn't even matter from a security standpoint.  It isn't really a condemnation of having a master key, it is a comdemnation of losing the master key.  But the thing is, the master key already has a much more important reason not to lose it: it's the master key.  In other words, even if it cost $5 and took ten minutes to rekey the prison, it wouldn't change the way the master key is treated, because it is still too valuable to lose.

    @theregister said:

    Another inmate at Ranby Prison recently managed to get a key cut that was capable of opening every door at the jail.

    Did they lose the master key?  It doesn't sound like it.  Either an illicit copy was made, or someone was a skilled enough locksmith to make another master key in a less direct manner.  For example, I've heard of an instance where someone made a master key for some doors by getting impressions of several different non-master keys and calculating the differences.  I'd hope they'd be sophisticated enough when keying a prison to not leave that kind of a security hole, but I'd also hope they'd be sophisticated enough to not let any prisoners *near* the master key, let alone let them be alone with it long enough to take an impression.

    Also, I don't know if that was wordsmithing or accurate reporting, but it seems it'd be much simpler to say that another inmate managed to 'get a master key cut' or to 'copy the master key'.  Unless the Register author was concerned people wouldn't know what a master key was, it sounds to me like they were saying it wasn't an exact duplicate of the master key.


Log in to reply