Here’s a piece of advice for those running classes training prisoners about information technology.
It’s probably not a good idea to let notorious hackers join the course – or, if you do, to keep a very close eye on what they’re up to.
Teenager Nicholas Webber ran the infamous GhostMarket.Net cybercrime website, which sold stolen credit card details and offered tutorials to budding criminals about how to commit identity theft and online scams.
With 8,500 members, GhostMarket was the biggest criminal website ever uncovered by the British authorities.
It’s said that GhostMarket’s activities can be linked to frauds around the world which saw £8 million stolen from 65,000 bank accounts.
Media reports have detailed the playboy lifestyle enjoyed by Nicholas Webber, GhostMarket’s founder, who had only just turned 18 at the time of his arrest in October 2009.
Webber was sentenced to five years imprisonment in May 2011, and found himself at HM Prison Isis, a Category C male Young Offenders Institution, in South East London.
Normally you would expect (and hope) a hacker’s criminal career to end there, but sadly that wasn’t to be.
As the Daily Mail reports, Webber somehow managed to sign-up for the prison’s IT class, and from there managed to hack into the prison’s mainframe computer.
According to the report, a spokesman for the prison service has confirmed that Webber was involved in the hack, but has downplayed the significance of the hack:
"At the time of this incident in 2011 the educational computer system at HMP Isis was a closed network. No access to personal information or wider access to the internet or other prison systems would have been possible."
The story of the 2011 prison hack has only come to light now because Michael Fox, the IT class’s teacher, is claiming unfair dismissal. Fox says that it was not his decision to admit Webber to the class, and that he was not aware of Webber’s history of cybercrime.
Earlier this year, an official report claimed that HM Prison Isis was “bedevilled” by technological problems, including a breakdown in its biometric thumbprint security system.
Let’s hope that they didn’t ask Webber to help them fix that…
10 comments on “Jailed cybercriminal hacked into his own prison’s computer system after being put in IT class”
I've just got released from prison, and we had IT courses at the prisons I was at. Mainly Cisco courses, or basic IT. I was banned from computer access due to my crime, but was allowed supervised access to write CV's or letters in the library. The networks are very unsecure and the staff members used stupid passwords such as 123456789 because they didn't have the resources or staff to manage an IT infrastructure within the prison – lets face it, why would they need to.
In one prison you could boot into safe mode and create an admin account on the computer giving you access to the network. I alerted staff about this and it still wasn't fixed.
I wonder if prisons have golf courses?
I wonder if they have firing ranges.
I wonder if they have prisoners?
Spoken like someone that has no idea what it is actually like in prison.
Prisons are not just supposed to punish but also rehabilitate inmates..
What would you suggest?
Bread and water rations?
Inmates made to do press-ups in a pool of dog shit?
…No, of course we shouldn't do any of these thing to inmates/misunderstood little darlings. We don't live in a perfect world…
What a waste of money… in what world is a convicted criminal hired to manage or administer network resources?
Does nobody at Sophos moderate these comments? Some of them are a little tasteless.
I hear you. (I'd have preferred a word other than "dickhead" for example, absurdly evocative though it might be.)
But in this case I'll suggest that the comments are only "a little tasteless" and IMO sort-of reflect the somewhat divided attitude we often seem to see over cybercrookery: those who think it's not much of a crime, and those who want to get all mediaeval about it.