Feeds

Inmate hacker locks down jail computers

Chaos reigns after cybercrook given programming project

Beginner's guide to SSL certificates

A UK prison computer system was left in lockdown after jail bosses gave a convicted cybercriminal the task of reprogramming it, the Sunday Mirror reports.

Douglas Havard, 27, an inmate at Ranby Prison, Nottinghamshire, was asked to take over a project to create an internal TV station using the jail's computer network. Havard is half-way through a six year term over his involvement in a £6.5m hacking and phishing scam (more details here), something the prison governors must have reckoned gave him the requisite computer programming skills.

Havard, originally from the US, was jailed in 2005 after he was convicted for running the UK end of an international phishing scam estimated to have netted up to £6.5m. The American and partner in crime Lee Elwood, 25, were jailed after pleading guilty to conspiracy to defraud and conspiracy to launder money.

Data dumps of compromised credit card and bank account details were sent over from Russia to Havard, who used this information to fraudulently purchase goods online. These goods were then sold in online auctions by UK-based affiliates with the proceeds, less Havard's cut, sent back to Russia. The duo were involved in credit card counterfeiting and active on underground websites such as carderplanet and shadowcrew, according to investigators.

Havard and Elwood were arrested following a National Hi-Tech Crime Unit (NHTCU) investigation into eastern European phishing fraudsters.

After he was reportedly left unsupervised during the prison programming project, Havard spent his time altering system passwords so that everyone else was locked out. Prison bosses had to hire external consultants to sort out the resulting mess. Meanwhile Havard was put into segregation as punishment.

Another inmate at Ranby Prison recently managed to get a key cut that was capable of opening every door at the jail.

A Prison Service spokesman told the Sunday Mirror that the computer breach at Ranby was under investigation. He denied that lags were given unsupervised access and added: "The prisoner was not able to access records of any other prisoners." ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.