Remote hackers springing inmates from their jail cells — it sounds like a plot lifted from an old episode of “24” or “Prison Break.” But authorities are concerned by new research that claims such an attack is feasible.
Research presented at the Hacker Halted conference in Miami last month by John Strauchs, a consultant who’s designed security systems for state and federal prisons, showed how hackers could stage a jailbreak, sabotage a prison’s intercom system and closed-circuit television system and cause further chaos for federal authorities.
In an interview with the Washington Times last weekend, a spokesman from the Federal Bureau of Prisons, Chris Burke, told reporter Shaun Waterman the agency was “aware of this research and taking it very seriously.”
The research team tested their work in the basement of a Washington D.C.-area home for under $2,500 before discussing their research with authorities over the summer at CIA headquarters in Northern Virginia, according to the report.
Sean P. McGurk, formerly with the Department of Homeland Security, echoed the concern and verified that certain industrial control systems, while usually not connected to the Internet, were connected to the Internet in every one of the 400+ inspections DHS conducted after he assumed office. In some instances, the prison employees checked their e-mail on systems that connected to select control systems.
The appearance of the Stuxnet worm and, in the last month or so, Duqu, has focused attention and resources on the security of industrial control systems. The systems at federal prisons are vulnerable and could behave in a similar way, putting them at risk to an attack via USB stick or if a hole is found in an internet connection.
For the full story, head to the Washington Times.
*Homepage image via macinate‘s Flickr photostream