We tend to imagine hacking as affecting computers and servers, but those systems control many other devices. What would happen if malware infected a server managing the closed circuit television (CCTV) at a prison? That’s not a hypothetical — it actually happened.
Picture by Ian Waldie/Getty Images
Symantec detailed the incident at a launch of its expanded Security Operations Centre in Sydney. It didn’t name the prison involved or even confirm its location or the timeframe, but the event provides an interesting insight into how malware is a much broader problem than just individual infections that create botnets from consumer PCs, and how software updates remain a perennial challenge in staying secure.
According to Symantec’s briefing notes, its Managed Security Services (MSS) division detected an outbound connection attempt from the prison’s networks that was trying to reach an IP address often associated with the notorious Conficker worm. Initially, prison staff were incredulous; its systems were entirely isolated and didn’t allow for any web browsing. But that was the main systems. A separate Windows Server 2003 system was used to manage the prison CCTV system, and that system had remained unpatched because updates created interoperability problems with the cameras. As a result, those systems were maintained separately, and a contractor doing maintenance on the system had inadvertently introduced an infection via a USB drive.
Quite aside from being embarrassing, that could have created major legal dramas. If CCTV footage had been required as evidence — imagine one prisoner assaulted another — its legal admissibility would have been open to question given that the system had been hacked.
Following a quickly-arranged conference call, the prison finally recognised the issue, and moved to a more secure platform for its CCTV. The lesson for everyone else? Keeping an old system just to maintain existing hardware is asking for trouble.