With Global Tel*Link all but announcing at the recent Corrections Technology Association Annual Meeting its intention to offer mobile services in prisons, now may be the time to consider the best technology architecture for such deployments for those prison administrators who see the potential benefits of a secure prison cell phone solution.
There are essentially two ways to provision wireless personal communication devices in a prison environment. In its presentation, Global Tel*Link stated that it has chosen to deploy service using WiFi to provide wireless connectivity. We think there are some significant operational challenges and, more importantly, serious security risks in this approach.
There are two main security risks, as highlighted by the recent news articles below. The first is the potential for intentional hacking of the system, either internally by tech savvy prisoners, or externally by those determined to defeat the security controls in order to gain or grant unfettered access to Global Tel*Link services. A very real challenge with the decision to deploy a prison WiFi network is external hackers “wardriving” the system from outside the prison facility.
The second risk is the unintentional granting of access to the internet due to incompetence, human error and service misconfiguration.
In either case, the deployment of a local access wireless network via WiFi means that a single security breach, password hack or incompetent admin may result in unsecured and unmonitored access to the outside world to all devices on the network.
In contrast, meshDETECT uses the traditional telco mobile network to provide secure voice and media services. Any breach, should it occur, is limited to a single device. If a device is hacked, a risk Global Tel*Link will also have to manage, one detainee may benefit; but no one can hack AT&T, Verizon, etc. in such a way to give all the meshDETECT mobile devices deployed in a prison unfettered access to the internet, or unmonitored calls to harass outside parties and plan crimes.
Technology choices in the deployment of a secure prison mobile access network service must focus on security, not profitability.
Military Cuts Guantanamo Bay WiFi After Alleged Threat by Anonymous
The Guantanamo Bay detention camp is losing all access to wireless internet and social networks due to hacking threats.
U.S. military officials have blocked access to wireless internet and social networks like Facebook and Twitter at Guantanamo Bay because it fears that international hacking group Anonymous will launch an attack to disrupt services at the naval base.
Anonymous launched a global online protest to mark the 100th day of the hunger strike by Guantanamo Bay prisoners. The detainees have been protesting their living conditions and indefinite detention at the base.
The U.S. military said it has been receiving online hacking threats amid the hunger strike, which were allegedly from Anonymous.
Prisoners Accessed Internet Through Faulty Computer Kiosks
Prisoners in privately run Mt Eden Corrections Facility were able to access the internet through faulty computer kiosks a security review of public sector computer systems has found.
The security breach was one of 12 “weak points” identified in Government Chief Information Officer Colin McDonald’s review of the security of 215 publicly accessible state sector agency IT systems released this morning.
Serco, the company which operates Mt Eden said that on November 26 last year, “an administrative error made it possible to open a web browser session” on kiosks provided to prisoners to allow them to “take responsibility for organizing their day-to-day lives and helps to develop literacy and numeracy skills”.
Serco’s Director of Operations Scott McNairn said the error “allowed for limited access to the internet, policed by a web filter which blocked access to inappropriate sites”.
“No email, social media or adult sites were accessed.”
The internet access was “limited” and “at no time was it possible to access any other systems or information”.
Serco has not said how long prisoners were able to access the internet for.
Mr McNairn said the company had improved security for the kiosks and was “confident” that the likelihood of further problems was “extremely low”.
Jailed Hacker Hacks Prison Network
It’s almost comical, but an incarcerated hacker has hacked into his prison’s computer network.
According to Naked Security (Sophos), Nicholas Webber, who operated the GhostMarket.Net cybercrime website, signed-up for the prison’s IT class. Webber, who was 18 at the time of his arrest for bank frauds and identity theft scams, apparently go onto the network but was unable to access personal information files.
The prison issued a statement to the Register: “At the time of this incident in 2011 the educational computer system at HMP Isis was a closed network. No access to personal information or wider access to the internet or other prison systems would have been possible.”
The incident, which occurred in 2011, only came to light because of a wrongful termination suit by the instructor leading the class.