Prison computer systems possess vulnerabilities that could allow cell doors to be opened remotely — United States

Social Rupture
artculturework (at) riseup (dot) net

• what's it all about, comrade?
• submit content
Make Theory

Anarchist International
Anarchist Library
Applied Nonexistence
Break the Chains
Fire to the Prisons
Fires Never Extinguished
Institute for Experimental Freedom
Insurgent Desire
Situationist International
Socialism and/or Barbarism
Tiqqun Translations
Zine Library

Make Destroy

325 Collective (World News)
Act for Freedom Now (World News)
After the Greek Riots
Anarchist News
Angry News from Around the World
Bay of Rage
Bite Back News
Black Blog (Russia News)
Infoshop News
Puget Sound Anarchists
Signalfire (World News)
Social War Chicago
Suie & Cendres (Belgium)
Surf City Revolt (Santa Cruz, CA)
This Is Our Job (Spanish Communiques Translated)
War On Society (World News, Translated Communiques)
Vacant house occupied in rapidly gentrifying neighborhood — Seattle, WA On Saturday, November 19th, a group of about 60 people marched from the occupation at Seattle Central Community College in solidarity with Occupy Oakland and against the police repression and evictions of occupations across the country. At the beginning of the march, it was announced that a building would be taken over at the end of the march. The group moved through Capitol Hill chanting “Banks and landlords, we don’t need ‘em/ All we want is total freedom!” before plunging down 12th Avenue to the King County Juvenile Detention Center. The group stopped outside the main cell areas and made noise for the children and teenagers imprisoned inside. Marchers chanted “Our passion for freedom is stronger than their prisons,” and screamed that those on the inside would not be forgotten. After the noise demo, the group marched into the Central District, one of the most rapidly gentrifying neighborhoods in the country. The term ‘skid row’ was coined here at the beginning of the twentieth century. The Central District was 80% black in 1970. Now it is 15% black, with many new condo developments and apartments having sprung up within the last decade. As the march came closer to the soon-to-be-occupied building, the majority of passing drivers yelled and honked their horns in support. The group surrounded an abandoned building on 23rd and Alder, right across the street from Garfield High School. A banner reading “OCCUPY EVERYTHING - NO BANKS - NO LANDLORDS (A)” had been draped across the front façade. Someone opened the front door and everyone streamed inside, celebrating the occupation of this new space. People started redecorating with paint and other items while a group outside held an assembly to figure out what to do. At the time of this writing, people are still occupying the building. The current plan is to hold it until Sunday where a public re-furbishing of the building can take place. This building occupation comes on the heels of a recent announcement that the SCCC camp might be evicted in two weeks. It is another in a wave of building occupations brought on by the coordinated repression of #Occupy encampments in cities across the country. http://pugetsoundanarchists.org/node/1109

Vacant house occupied in rapidly gentrifying neighborhood — Seattle, WA

On Saturday, November 19th, a group of about 60 people marched from the occupation at Seattle Central Community College in solidarity with Occupy Oakland and against the police repression and evictions of occupations across the country. At the beginning of the march, it was announced that a building would be taken over at the end of the march.

The group moved through Capitol Hill chanting “Banks and landlords, we don’t need ‘em/ All we want is total freedom!” before plunging down 12th Avenue to the King County Juvenile Detention Center. The group stopped outside the main cell areas and made noise for the children and teenagers imprisoned inside. Marchers chanted “Our passion for freedom is stronger than their prisons,” and screamed that those on the inside would not be forgotten.

After the noise demo, the group marched into the Central District, one of the most rapidly gentrifying neighborhoods in the country. The term ‘skid row’ was coined here at the beginning of the twentieth century. The Central District was 80% black in 1970. Now it is 15% black, with many new condo developments and apartments having sprung up within the last decade. As the march came closer to the soon-to-be-occupied building, the majority of passing drivers yelled and honked their horns in support.

The group surrounded an abandoned building on 23rd and Alder, right across the street from Garfield High School. A banner reading “OCCUPY EVERYTHING - NO BANKS - NO LANDLORDS (A)” had been draped across the front façade. Someone opened the front door and everyone streamed inside, celebrating the occupation of this new space. People started redecorating with paint and other items while a group outside held an assembly to figure out what to do. At the time of this writing, people are still occupying the building. The current plan is to hold it until Sunday where a public re-furbishing of the building can take place.

This building occupation comes on the heels of a recent announcement that the SCCC camp might be evicted in two weeks. It is another in a wave of building occupations brought on by the coordinated repression of #Occupy encampments in cities across the country.

http://pugetsoundanarchists.org/node/1109

• 22 November 2011 • 2 notes
Prison computer systems possess vulnerabilities that could allow cell doors to be opened remotely — United States Computer systems used to control federal prison facilities are riddled with vulnerabilities that might allow criminals to meddle with cell door opening mechanisms or shut down internal communications systems, according to security researchers. The vulnerabilities – which stem from flaws in industrial control systems and programmable logic controllers – were demonstrated by a team led by John Strauchs, who demonstrated the flaws at the recent Hacker Halted information security conference in Miami. Despite having no previous experience with SCADA (industrial control) kit, Strauchs and his colleagues were able to develop workable exploits, validated using a test rig that cost just $2,500 to construct in the basement of his research partner, Teague Newman. Strauchs’ daughter – attorney, professor and computer security researcher Tiffany Strauchs Rad – also contributed in the research. The resulting talk, SCADA And PLC Vulnerabilities In Correctional Facilities (abstract below), sounds absolutely gripping. On Christmas Eve, a call was made from a prison warden: all of the cells on death row popped open. Many prisons and jails use SCADA systems with PLCs to open and close doors. Not sure why or if it would happen, the warden called physical security design engineer, John Strauchs, to investigate. As a result of their Stuxnet research, Rad and Newman have discovered significant vulnerabilities in PLCs used in correctional facilities by being able to remotely flip the switches to “open” or “locked closed” on cell doors and gates. Using original and publically available exploits along with evaluating vulnerabilities in electronic and physical security designs, this talk will evaluate and demo SCADA systems and PLC vulnerabilities in correctional and government secured facilities while recommending solutions. The researchers have turned over a dossier on their findings to state and federal prison authorities, who have good reason to take its findings seriously. “We validated the researchers’ initial assertion … that they could remotely reprogram and manipulate [the ICS software and controllers],” Sean P McGurk, a former Department of Homeland Security cybersecurity director, told the Washington Times. Possible exploits include overloading the electrical system that controls prison doors, locking them permanently open, or crashing either CCTV or prison intercom systems. Strauchs began his project to investigate the security of industrial control systems in prisons after he was asked to investigate an incident during which all the cell doors on one (unnamed) prison’s death row spontaneously opened. The cause was eventually traced back to a random power surge, but the incident got Strauchs thinking and prompted him to have a closer look at the security of industrial control systems in prisons. Industrial control systems in prisons have no business being connected to the internet. Despite this, the team of researchers led by Strauchs discovered every prison system they looked at was connected to the internet one way or another. In some cases, for example, the internet connection was set up so that remote maintenance of the kit could be carried out without the need for contractors to visit the jail. In other cases networks used to enable prison staff to access the net were poorly segmented from SCADA control systems. Infected USB drives contaminated with a Stuxnet-style worm posed another, wholly unguarded infection vector. SCADA systems might be deprogrammed by malware of this type either accidentally or (more plausibly) by either bribing or blackmailing a prison guard. A targeted malware-infected email might also be used to introduce a SCADA worm into a prison environment. “You could open every cell door, and the system would be telling the control room they are all closed,” Strauchs, a former CIA operations officer, told the Washington Times. Anyone who got out of their cell this way would still have prison guards, dogs, guns and barbed wire to contend with if they hoped to escape. Strauchs said a more plausible scenario might be that the security weakness was exploited to slip assassins out of their cells in order to gain access to a targeted prisoner. http://www.theregister.co.uk/2011/11/08/scada_vulns_prison_jailbreak_risk/

Prison computer systems possess vulnerabilities that could allow cell doors to be opened remotely — United States

Computer systems used to control federal prison facilities are riddled with vulnerabilities that might allow criminals to meddle with cell door opening mechanisms or shut down internal communications systems, according to security researchers.

The vulnerabilities – which stem from flaws in industrial control systems and programmable logic controllers – were demonstrated by a team led by John Strauchs, who demonstrated the flaws at the recent Hacker Halted information security conference in Miami. Despite having no previous experience with SCADA (industrial control) kit, Strauchs and his colleagues were able to develop workable exploits, validated using a test rig that cost just $2,500 to construct in the basement of his research partner, Teague Newman. Strauchs’ daughter – attorney, professor and computer security researcher Tiffany Strauchs Rad – also contributed in the research.

The resulting talk, SCADA And PLC Vulnerabilities In Correctional Facilities (abstract below), sounds absolutely gripping.

On Christmas Eve, a call was made from a prison warden: all of the cells on death row popped open. Many prisons and jails use SCADA systems with PLCs to open and close doors. Not sure why or if it would happen, the warden called physical security design engineer, John Strauchs, to investigate. As a result of their Stuxnet research, Rad and Newman have discovered significant vulnerabilities in PLCs used in correctional facilities by being able to remotely flip the switches to “open” or “locked closed” on cell doors and gates. Using original and publically available exploits along with evaluating vulnerabilities in electronic and physical security designs, this talk will evaluate and demo SCADA systems and PLC vulnerabilities in correctional and government secured facilities while recommending solutions.

The researchers have turned over a dossier on their findings to state and federal prison authorities, who have good reason to take its findings seriously. “We validated the researchers’ initial assertion … that they could remotely reprogram and manipulate [the ICS software and controllers],” Sean P McGurk, a former Department of Homeland Security cybersecurity director, told the Washington Times.

Possible exploits include overloading the electrical system that controls prison doors, locking them permanently open, or crashing either CCTV or prison intercom systems.

Strauchs began his project to investigate the security of industrial control systems in prisons after he was asked to investigate an incident during which all the cell doors on one (unnamed) prison’s death row spontaneously opened. The cause was eventually traced back to a random power surge, but the incident got Strauchs thinking and prompted him to have a closer look at the security of industrial control systems in prisons.

Industrial control systems in prisons have no business being connected to the internet. Despite this, the team of researchers led by Strauchs discovered every prison system they looked at was connected to the internet one way or another.

In some cases, for example, the internet connection was set up so that remote maintenance of the kit could be carried out without the need for contractors to visit the jail. In other cases networks used to enable prison staff to access the net were poorly segmented from SCADA control systems. Infected USB drives contaminated with a Stuxnet-style worm posed another, wholly unguarded infection vector. SCADA systems might be deprogrammed by malware of this type either accidentally or (more plausibly) by either bribing or blackmailing a prison guard. A targeted malware-infected email might also be used to introduce a SCADA worm into a prison environment.

“You could open every cell door, and the system would be telling the control room they are all closed,” Strauchs, a former CIA operations officer, told the Washington Times.

Anyone who got out of their cell this way would still have prison guards, dogs, guns and barbed wire to contend with if they hoped to escape. Strauchs said a more plausible scenario might be that the security weakness was exploited to slip assassins out of their cells in order to gain access to a targeted prisoner.

http://www.theregister.co.uk/2011/11/08/scada_vulns_prison_jailbreak_risk/