This Week in Cybercrime: Computer Glitch Opens Prison Doors?

Plus: Google soups up its bounty program, and the U.S. wins decryption battle

Advertisement

Florida prison officials are trying to figure out whether a computer glitch may be behind two recent, as yet unexplained incidents where all of the doors at a facility’s maximum-security wing opened simultaneously. In the latest occurrence, on 13 June, guards at the Turner Guilford Knight Correctional Center in Miami, Florida, had to rush to corral prisoners back into their cells after a “group release” button in the computerized system was triggered. The entire facility, including locks on cell doors, surveillance cameras, water and electricity, and other systems, has been automated. Anyone who gains full access to the network—whether from a touch-screen monitor in the guard tower, or from outside, via a security hole—can control any of these functions. Guards say they don’t know how it happened, and recently released surveillance footage does not pinpoint the source of the errant command.

Though prison officials are investigating whether a guard may have given the signal for the doors to open, it’s entirely possible that someone exploited a vulnerability in the electronic system, which was recently added as part of a $1.4 million security upgrade. Heh heh heh… upgrade.

After the first incident on 20 May, when all the doors were opened unexpectedly, technicians added a second step in the group release process in order to keep it from being "accidentally" triggered again. According to a Wired article,  “Any time a guard touches the release feature now, a prompt is supposed to appear onscreen asking the guard to confirm the intention to open all of the cell doors.” 

So what gives? The Miami–Dade County Police Department, which is investigating the incidents, says that on first glance the system’s computer logs indicate that an “operator error” had occurred. Curiously, though, the investigators aren’t sure what that means.

A police spokesman told Wired that “The software in the computer has only one kind of thing, operator error, and we don’t know what triggers that, so part of the inquiry is to find out what the software is saying.”

Perhaps it’s saying the prison needs to get a new security system.

New York Times Hackers Make a Comeback

The group of hackers that breached the New York Times’ computer network late last year had been silent for months since its exploits, tactics, and techniques were publicized in January. But security researchers say the group is back. And what’s more, they say, the cybercriminal collective has reinvented itself. FireEye researchers studying a recent attempt to break into the network of an organization focused on shaping economic policy found that the attack used updated versions of the Aumlib and Ixeshe programs—malware that has been widely used for targeted attacks. The researchers noted that the version of Ixeshe they spotted uses new network traffic patterns. They assume that the intent was to evade traditional network security systems. A FireEye blog post notes that the updates “are significant for both of the longstanding malware families; before this year, Aumlib had not changed since at least May 2011, and Ixeshe had not evolved since at least December 2011.”

The security researchers say they are intrigued by the changes because large, seemingly well-funded groups like this are usually loathe to make such dramatic changes. Why? “Akin to turning a battleship, retooling [the tactics and techniques] of large threat actors is formidable,” says the FireEye blog post. “Such a move requires recoding malware, updating infrastructure, and possibly retraining workers on new processes.” But the researchers continue searching for meaning in the updates; understanding what prompted them may provide clues pointing to how and when cybercriminals will switch up their tools and techniques in the future.

Google Gives Researchers More In¢entive to Report Its Vulnerabilities

Google just announced that it is once again sweetening the pot for its bug bounty programs, which have paid out more than $2 million since their inception. The lowest level reward offered under the bounty programs (one for Web properties such as Gmail and another for Chrome and Chrome OS) will now pay $5000—a massive jump from the $1000 researchers previously earned. The move comes after Google raised the bounty for cross-site scripting vulnerabilities in Google Web properties as well as for authentication bypasses to $7500 in June.

“We will continue to pay previously announced bonuses on top, such as those for providing a patch or finding an issue in a critical piece of open source software,” Chris Evans and Adam Mein of Google’s security team told the Kaspersky Lab Threatpost.

Google apparently understood early in the game what academics are reporting now: that such programs are much more cost effective than hiring full-time researchers to find the same bugs. Earlier this summer, researchers from the University of California at Berkeley published the results of a study drawing that same conclusion.

U.S. Gov’t Decrypts Hard Drives, Arrests Owner Based on Contents

Federal prosecutors believe Wisconsin child pornography suspect Jeffrey Feldman will voluntarily decrypt seven of the nine hard drives they seized after they were able to decrypt the other two. The contents of the two drives, which include thousands of pornographic images of children, allowed them to arrest Feldman on Tuesday. Why he would now volunteer information that would enable prosecutors to slap him with more charges is a mystery to everyone but the prosecutors in the case. “They are out of their mind,” Robin Shellow, Feldman’s attorney, told Wired this week. “We do not intend to decrypt.”

The government’s tug-of-war with Feldman, a computer scientist, began in January, after authorities raided his apartment because of the suspicion that he had downloaded child pornography from the e-Donkey file-sharing network. The problem, at least from the pursuers’ standpoint, was that they had the smoke but no gun, so to speak. He refused to cooperate in his prosecution, as is his right. At one point in the proceedings, a federal judge ordered Feldman to decrypt the drives, but then reversed his decision, leaving the case in limbo. But in a filing (.pdf) presented on Wednesday, a prosecutor on the case reasoned that Feldman may now have reason to change his mind. Maybe the government plans to offer a plea deal that is more attractive than the mandatory minimum sentences attached to the crimes with which he’s already been charged.

And In Other Cybercrime News…

Content recommendation service Outbrain suspended its service this morning after it became the victim of a cyberattack that caused links across its network to direct users to the website of the hacker group Syrian Electronic Army. Operators of the site say they regained control in less than 30 minutes, but that was long enough for companies such as The Washington Post to think their own networks had been hacked. Time and CNN were also reportedly affected. “The breach now seems to be secured and hackers blocked out, but we are keeping the service down for a little longer until we can be sure it’s safe to turn it back on securely,” Outbrain CEO Yaron Galai told Digiday.

Chinese hackers are using an automated tool to exploit known vulnerabilities in Apache Struts, in order to install backdoors on servers hosting applications developed with the framework.

Photo: Hans Neleman/Getty Images

The Computing Technology Newsletter

Biweekly newsletter about advances in hardware, software and systems.

About the Risk Factor blog

IEEE Spectrum’s risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.