Jailed cybercriminal hacked into his own prison's computer system after being put in IT class

Filed Under: Featured, Law & order

Here's a piece of advice for those running classes training prisoners about information technology.

It's probably not a good idea to let notorious hackers join the course - or, if you do, to keep a very close eye on what they're up to.

Teenager Nicholas Webber ran the infamous GhostMarket.Net cybercrime website, which sold stolen credit card details and offered tutorials to budding criminals about how to commit identity theft and online scams.

Nicholas Webber

With 8,500 members, GhostMarket was the biggest criminal website ever uncovered by the British authorities.

It's said that GhostMarket's activities can be linked to frauds around the world which saw £8 million stolen from 65,000 bank accounts.

Media reports have detailed the playboy lifestyle enjoyed by Nicholas Webber, GhostMarket's founder, who had only just turned 18 at the time of his arrest in October 2009.

Webber was sentenced to five years imprisonment in May 2011, and found himself at HM Prison Isis, a Category C male Young Offenders Institution, in South East London.

Cells at HM Prison Isis

Normally you would expect (and hope) a hacker's criminal career to end there, but sadly that wasn't to be.

As the Daily Mail reports, Webber somehow managed to sign-up for the prison's IT class, and from there managed to hack into the prison's mainframe computer.

According to the report, a spokesman for the prison service has confirmed that Webber was involved in the hack, but has downplayed the significance of the hack:

"At the time of this incident in 2011 the educational computer system at HMP Isis was a closed network. No access to personal information or wider access to the internet or other prison systems would have been possible."

The story of the 2011 prison hack has only come to light now because Michael Fox, the IT class's teacher, is claiming unfair dismissal. Fox says that it was not his decision to admit Webber to the class, and that he was not aware of Webber's history of cybercrime.

Earlier this year, an official report claimed that HM Prison Isis was "bedevilled" by technological problems, including a breakdown in its biometric thumbprint security system.

Let's hope that they didn't ask Webber to help them fix that...

, , , ,

You might like

10 Responses to Jailed cybercriminal hacked into his own prison's computer system after being put in IT class

  1. herzco · 546 days ago

    Geniuses.

  2. jamesjeffery · 546 days ago

    I've just got released from prison, and we had IT courses at the prisons I was at. Mainly Cisco courses, or basic IT. I was banned from computer access due to my crime, but was allowed supervised access to write CV's or letters in the library. The networks are very unsecure and the staff members used stupid passwords such as 123456789 because they didn't have the resources or staff to manage an IT infrastructure within the prison - lets face it, why would they need to.

    In one prison you could boot into safe mode and create an admin account on the computer giving you access to the network. I alerted staff about this and it still wasn't fixed.

  3. gmar · 546 days ago

    I wonder if prisons have golf courses?

    • zeuss · 546 days ago

      I wonder if they have firing ranges.

    • You're a dickhead · 545 days ago

      Spoken like someone that has no idea what it is actually like in prison.

      Prisons are not just supposed to punish but also rehabilitate inmates..

      What would you suggest?
      Public floggings?
      Bread and water rations?
      Inmates made to do press-ups in a pool of dog shit?

      • Mick A · 508 days ago

        ...No, of course we shouldn't do any of these thing to inmates/misunderstood little darlings. We don't live in a perfect world...

  4. What a waste of money... in what world is a convicted criminal hired to manage or administer network resources?

  5. Slightly surprised · 385 days ago

    Does nobody at Sophos moderate these comments? Some of them are a little tasteless.

    • Paul Ducklin · 384 days ago

      I hear you. (I'd have preferred a word other than "dickhead" for example, absurdly evocative though it might be.)

      But in this case I'll suggest that the comments are only "a little tasteless" and IMO sort-of reflect the somewhat divided attitude we often seem to see over cybercrookery: those who think it's not much of a crime, and those who want to get all mediaeval about it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.