Browse archive

Latest news

The CSO perspective on healthcare security and compliance

Jailed hacker designs device to thwart ATM card skimming

U.S. Congress has questions about Google Glass and privacy

Cyber espionage campaign uses professionally-made malware

Form-grabbing rootkit sold on underground forums

Large cyber espionage emanating from India

Over 45% of IT pros snitch on their colleagues

U.S. DOD decides iPhones and iPads can connect to its networks

Digital Government Strategy progress and challenges

Barracuda updates web application firewall

Thoughts on the need for anonymity

IT security jobs: What's in demand and how to meet it

Hacking charge stations for electric cars

Former inmate hacked prison computer to access prison management program

Posted on 10 November 2008.

A former inmate of the Plymouth County Correctional Facility in Plymouth, Massachusetts was arrested late yesterday in North Carolina, on an Indictment charging him with damage to the prison’s computer network and identity theft. The inmate is alleged to have obtained the password to a prison management program and to have made available to other inmates a report listing the names, dates of birth, Social Security numbers, home addresses and telephone numbers of over 1,100 current and former prison personnel.

Francis G. Janosko, age 42, was charged in an Indictment with one count of intentional damage to a protected computer and one count of aggravated identity theft. Janosko was indicted on October 29, 2008 which was unsealed late yesterday afternoon following his arrest in North Carolina.

The Indictment alleges that while Janosko was an inmate at the Plymouth County Correctional Facility in Plymouth County, Massachusetts, the prison provided inmates a computer so they could research legal matters. To maintain computer and prison security, the prison attempted to restrict the inmates’ access to legal research and nothing else. As configured, the computer prevented inmates from accessing the Internet, e-mail, other computers on the prison's networks, or even other computer programs on the legal research computer.

The Indictment further alleges that despite these restrictions, Janosko figured out how to use the legal research computer for purposes other than legal research, by several methods including exploiting a previously-unknown idiosyncrasy in the legal research software. As a result, the Indictment alleges, between October 1, 2006 and February 7, 2007, Janosko configured the prison's computer network to provide himself, and other inmates, access to programs other than the legal research program, and to access and provide inmates access to a report that listed the names, dates of birth, Social Security numbers, home addresses and telephone numbers, and past employment history of over 1,100 current and former prison personnel. The Indictment alleges that Janosko also obtained the username and password to an important prison management computer program and attempted to log in to that program, fortunately without success before he was caught.

If convicted of the computer charge, Janosko faces up to 10 years of imprisonment, to be followed by up to 3 years supervised release, a fine of up to $250,000 or twice the gain or loss (whichever is greater) and restitution to Plymouth County, Massachusetts. If convicted of the identity theft charge, Janosko faces an additional mandatory 2 years of imprisonment and one year of supervised release.