How A Prison Had Its CCTV Hacked

We tend to imagine hacking as affecting computers and servers, but those systems control many other devices. What would happen if malware infected a server managing the closed circuit television (CCTV) at a prison? That's not a hypothetical — it actually happened.

Picture by Ian Waldie/Getty Images

Symantec detailed the incident at a launch of its expanded Security Operations Centre in Sydney. It didn't name the prison involved or even confirm its location or the timeframe, but the event provides an interesting insight into how malware is a much broader problem than just individual infections that create botnets from consumer PCs, and how software updates remain a perennial challenge in staying secure.

According to Symantec's briefing notes, its Managed Security Services (MSS) division detected an outbound connection attempt from the prison's networks that was trying to reach an IP address often associated with the notorious Conficker worm. Initially, prison staff were incredulous; its systems were entirely isolated and didn't allow for any web browsing. But that was the main systems. A separate Windows Server 2003 system was used to manage the prison CCTV system, and that system had remained unpatched because updates created interoperability problems with the cameras. As a result, those systems were maintained separately, and a contractor doing maintenance on the system had inadvertently introduced an infection via a USB drive.

Quite aside from being embarrassing, that could have created major legal dramas. If CCTV footage had been required as evidence — imagine one prisoner assaulted another — its legal admissibility would have been open to question given that the system had been hacked.

Following a quickly-arranged conference call, the prison finally recognised the issue, and moved to a more secure platform for its CCTV. The lesson for everyone else? Keeping an old system just to maintain existing hardware is asking for trouble.


Comments

    The amount of times I had to manage infrastructure that was antiquated and had exactly the same arguments ( such as we cant patch or do anything as it will break ) is incredibly common in my past roles.

    This is not a new problem, but rather of risk v security. I think we all agree which should be a priority, but most times its the Business that accepts the risk after being advised by IT of the potential problems.....

    "A separate Windows Server 2003 system was used to manage the prison CCTV system"

    Would that system really need to be connected to the internet?

      Sounds like the system and anything that needed access to it could have been on their own vlan. In fact, they may well have been - it doesn't mention that the 'outbound connection' was actually on a public line.

      If their systems are actually isolated, the conficker worm doesn't make a difference. It can't contact the outside world
      A friend of mine had to deal with this: conficker infection on a win2k server everybody had forgotten about, but it was running some live hospital systems. They just left it running for a few months until the replacement was ready since the worm couldn't cause any harm.

      This is embarrassing, yes. I'd be seriously re-evaluating the guy who decided to leave it running without updates as well as the contractor who plugged an infected thumbdrive into a live server...But it's not being hacked. it's an accidental un-targeted infection that didn't actually compromise the system. They had multiple layers of security in place, which picked up and dealt with the problem effectively.

      the lesson to take for this: Your network will be infected or compromised. Plan for it.

    @Socks Odd It would need to backup to somewhere remote possibly... as prison is not the safest data storage facility.

    Something even more scarier I heard about last year :

    Researchers have been able to compromised the SCADA systems and open/close cell doors, overload door mechanisms so they cannot be open/closed, and disable the internal communications systems.

    http://www.jupiterbroadcasting.com/13756/how-malware-makes-money-techsnap-31/

    The better DVR,s available watermark there video images, making tampering very hard. All these systems can be remotely accessed and maintained via local network or internet. Out of interest most DVR's are embeded linux devices.

      I dont think tampering was the reason for this being an issue. Its more along the lines of polluting the jury pool. If evidence had already been seen en masse, you could argue in court that no one could be unbiased.

Join the discussion!

Trending Stories Right Now