Francis G. Janosko, age 42, was charged in an Indictment with one count of intentional damage to a protected computer and one count of aggravated identity theft. Janosko was indicted on October 29, 2008 which was unsealed late yesterday afternoon following his arrest in North Carolina.
The Indictment alleges that while Janosko was an inmate at the Plymouth County Correctional Facility in Plymouth County, Massachusetts, the prison provided inmates a computer so they could research legal matters. To maintain computer and prison security, the prison attempted to restrict the inmates’ access to legal research and nothing else. As configured, the computer prevented inmates from accessing the Internet, e-mail, other computers on the prison's networks, or even other computer programs on the legal research computer.
The Indictment further alleges that despite these restrictions, Janosko figured out how to use the legal research computer for purposes other than legal research, by several methods including exploiting a previously-unknown idiosyncrasy in the legal research software. As a result, the Indictment alleges, between October 1, 2006 and February 7, 2007, Janosko configured the prison's computer network to provide himself, and other inmates, access to programs other than the legal research program, and to access and provide inmates access to a report that listed the names, dates of birth, Social Security numbers, home addresses and telephone numbers, and past employment history of over 1,100 current and former prison personnel. The Indictment alleges that Janosko also obtained the username and password to an important prison management computer program and attempted to log in to that program, fortunately without success before he was caught.
If convicted of the computer charge, Janosko faces up to 10 years of imprisonment, to be followed by up to 3 years supervised release, a fine of up to $250,000 or twice the gain or loss (whichever is greater) and restitution to Plymouth County, Massachusetts. If convicted of the identity theft charge, Janosko faces an additional mandatory 2 years of imprisonment and one year of supervised release.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.