14 DAY TRIAL // The administration of a UK prison was forced to call in specialized IT technicians in order to restore a computer system locked down by one of the inmates. The convicted cybercriminal responsible for causing the incident was apparently assigned to a programming project and was left unsupervised.
The Sunday Mirror reports that the Governor of Ranby Prison in Nottinghamshire, England learned the meaning of "don't let the fox guard the henhouse" the hard way. Set on creating an internal TV station for the prison, the prison manager sought the help of inmate Douglas Havard, 27, a convicted cybercrook.
A US national, Havard is currently serving a six-year prison sentence for his role in a phishing and credit card operation that netted over $10 million. The fraudster was sent to jail in 2005 after a National Hi-Tech Crime Unit investigation concluded that he was making fraudulent online purchases in UK on behalf of an Eastern European cybercriminal gang.
In order to put his "talents" to good use, Harvard was given the task of developing a special computer program required to achieve the governor's goal. However, profiting that at one point he remained unsupervised, the inmate set up an elaborate series of passwords and locks on the prison's computer system.
As a result, the prison was forced to pay a specialized company to clean up the system and restore normal functionality. Havard’s motives remain unclear, but the stunt earned him some time in segregation as punishment.
A Ranby Prison spokesperson told The Sunday Mirror that prisoners are not normally allowed unsupervised access to computers. And if it’s any comfort, they also pointed out that "the prisoner was not able to access records of any other prisoners."
This incident raises some serious questions about the risks involved when criminals are given the opportunity to work in the same field where they performed previous crimes, which is what the MI5 is apparently doing. Last week, we reported on a number of teenage hackers hired to work at the new Cyber Security Operations Centre, a move that enraged some security professionals.
"It is entirely unacceptable that our security services and our government are broadcasting the message that the only qualification necessary for a job in MI5 is being a hacker (one bad enough to have got caught). People who have been found to have broken the law should not be allowed to profit from their misdeeds especially by way of an employment offer in the very field of their criminal activities," Rik Ferguson, solutions architect at antivirus vendor Trend Micro, commented at the time.