Skip to main content

How a hacker’s mom broke into prison—and the warden’s computer

posted onMarch 2, 2020
by l33tdawg
Arstechnica
Credit: Arstechnica

John Strand breaks into things for a living. As a penetration tester, he gets hired by organizations to attack their defenses, helping reveal weaknesses before actual bad guys find them. Normally, Strand embarks on these missions himself or deploys one of his experienced colleagues at Black Hills Information Security. But in July 2014, prepping for a pen test of a South Dakota correctional facility, he took a decidedly different tack. He sent his mom.

In fairness, it was Rita Strand's idea. Then 58, she had signed on as chief financial officer of Black Hills the previous year after three decades in the food service industry. She was confident, given that professional experience, that she could pose as a state health inspector to gain access to the prison. All it would take was a fake badge and the right patter.

"She approached me one day and said 'You know, I want to break in somewhere," says Strand, who is sharing the experience this week at the RSA cybersecurity conference in San Francisco. "And it's my mom, so what am I supposed to say?" That's not as easy a call as it might sound. Penetration testers always say that you can get amazingly far with just a clipboard and some confidence, but a novice run at a state correctional facility is just plain daunting. And while pen testers are contractually permitted to break into a client's systems, if they're caught, tensions can escalate quickly. Two pen testers who broke into an Iowa courthouse as part of their job recently spent 12 hours in jail after a run-in with local authorities.

Source

Tags

Security Industry News

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th