Prison laptop scandal: How the computers were hacked
Once they were in, the plotters could work late into the night
The welcome screen on the prison laptop was simple to navigate. Prison officials clicked on the dog icon, inmates clicked on the cat. Clicking on the dog – and entering the password – allowed access to a section with administrator privileges and access to the internet. The cat was a gateway to little more than a basic word processor.
Unlocking the “dog” was key to the plotters’ attempts to use the computer to smuggle drugs. Using an east European hacker inside the prison, the gang obtained a coded pen drive that was smuggled into the prison by a visitor.
When inserted while the computer was booting up, the pen drive was able to detect the password required to unlock the administrator privileges. The ruse revealed that the authorities were using rudimentary passwords to protect their machines: the lapel numbers of prison officers.
Once they were in, the plotters could work late into the night. Any checks by guards would reveal an inmate working on a legitimately obtained laptop on their case.
“It’s extremely difficult to lock devices down if you have physical access to a machine. In that case all bets are off,” said Don Smith, a security expert and Technology Director at Dell SecureWorks. “It’s highly likely that a determined adversary would find a way on to a system.”
Inmates are allowed to have computers to prepare for their legal cases under article six of the Convention on Human Rights – which protects the right to a fair trial. Government guidance states that if the eligibility criteria are met, inmates could be supplied with a laptop and photocopies of legally privileged papers.
The National Offender Management Service said that laptops were given to inmates for three months, but could be supplied for longer on request.
Under the regime at Wandsworth around 2010-13, laptops were usually issued following a request by family or the inmate’s solicitor and vetting by prison officials. They were sometimes withdrawn after some 28 days for a couple of days of checks, before being returned to the inmates.
In practice, they were rarely withdrawn but the plotters were believed to have fixed the computers to return to factory settings in the days before the anticipated seizure.