The inmate is hacking the asylum
Incident Date: January 2005
Incident Location: Greeley CO USA
A combination of poor password and access control practices allowed an inmate from the Weld County Jail in Greeley Colorado to browse through financial and personnel records of more than 900 county workers. Officials reported January 11, 2005 that they had charged the inmate, Alfred Loader, with one felony and one misdemeanor count of computer theft for allegedly accessing and printing some of the records.
A misconfiguration on the county server permitted data access to anyone with a valid username and a connection to the county network. Improper controls also allowed user accounts to have passwords that were blank or that matched the user account name. Mr. Loader apparently found one of these user accounts while on a computer in the jailís law library. With this access, Mr. Loader was able to access both the county server and the Internet, both of which should have been off limits to inmates.
Affiliated Computer Systems Inc. (ACS), the company that maintains the countyís computers, was blamed for the incident. A county employee discovered and reported the serverís access control problem earlier in 2004. ACS personnel apparently failed to properly implement controls when the system was installed and efforts to correct the problem missed the account used by Mr. Loader.
An investigator in this case reported that they were not aware of any abuses of the data found on the server. Mr. Loader claims that he was just bored and wanted to improve his computer skills, not carry out any further crimes.
Title: Inmate charged in hacking
Author: Rebecca Waddingham
Publication: Greeley Tribune
Publication Location: Greeley CO USA
Publication URL: http://www.greeleytrib.com/apps/pbcs.dll/article?AID=/20050112/NEWS/101120049&rs=2
Do you have additional information to contribute regarding this story? If so, please email email@example.com with the details and source.