The hacker told me how he hacked the prison with the help of stick and his mother

In 2014, a specialist on cyber security John strand was hired to test one of the American prisons for vulnerabilities. However, instead of the expert sent his mother and elderly woman, not having the appropriate experience and skills, still managed to hack into a computer system.

strand is the founder of Black Hills Information Security, which deals intestate, or security audits. In the framework of pentelow engineers help companies to identify weaknesses in the systems of information protection before they will discover the real criminals. At the same time that the hacking attempt was very close to the real scenario, the employees of the client company don’t even know about the impending test.

In July 2014, the strand was to test security prison in South Dakota. However, the desire to participate in pentest unexpectedly expressed his mother, 58-year-old Rita strand. In that year, American became the financial Director of the Black Hills, and before that, almost 30 years worked in the sphere of public catering.

the Work of specialists associated with high risk, writes Wired. Under the contract, the professional is authorized to enter the territory of organizations, but they can hold the police to ascertain the circumstances. Despite this, the strand agreed with the idea of the mother and sent her to prison.

having No technical knowledge, Rita strand were to impersonate a health inspector to enter the territory of enterprises without arousing suspicion from the guards, and to connect to any device that it can find the so-called ducks (Rubber Ducky) – USB stick with malicious code.

surprisingly, everything went very smoothly: Rita strand were allowed inside the building under a fake name badge of the staff and even took the smartphone to which she subsequently photographed the access point and the physical security of the prison. Pretending to look for expired food, check the cleanliness of the floor and the temperature in refrigerators, American is free to explore the jobs of employees and relaxation areas. Moreover, she managed to get into the server room under the pretext of checking for the presence of mold and insects.

At this time, the Black Hills was sitting in a cafe in the neighborhood and received information from “USB-ducks”. The main success of the strand acknowledged that she was able to convince the warden to start a Microsoft Word document infected with a macro. When he opened the file, the hackers gained full access to his computer.

strand said at the RSA conference in 2020 in San Francisco, that’s the only pentest, which was featured his mother – in 2016 she died from pancreatic cancer. In what kind of prison has penetrated American, was not disclosed, but since then, the institution was closed.

Text: To.Hi-tech