Prison Call Hack an Inside Job

Monday, November 16, 2015 @ 05:11 PM gHale

Outside hacks get the most ink because the numbers are often spectacular, something along the lines of massive amount of names, or information stolen. But as is often the case, outside attacks are not as prevalent as a rogue inside agent.

That is exactly the case 70 million inmate calls ended up exposed. Securus Technologies, the Dallas-based prison technology firm that provides phone service to incarcerated people around the country, said its system did not fall to an outside attacker, but rather an internal employee with access to the phone calls.

Unsupported ICS: Not an Easy Upgrade
Remedy to Fix Unsupported PKS Hole
Age of New and Different
German Steel Mill Attack: Inside Job

“At this preliminary stage, evidence suggests that an individual or individuals with authorized access to a limited set of records may have used that access to inappropriately share those records,” company officials said.

On Wednesday, the news site the Intercept published a report an “anonymous hacker” had handed over 70 million recorded prison phone conversations from the servers of Securus. Because many of the recordings included conversations with attorneys, one civil rights lawyer dubbed the leak “the most massive breach of the attorney-client privilege in modern U.S. history.”

Securus Technologies did not comment for Wednesday’s report.

“Securus is contacting law enforcement agencies in the investigation into media reports that inmate call records were leaked online,” the company said Thursday. “Although this investigation is ongoing, we have seen no evidence that records were shared as a result of a technology breach or hack into our systems.”

Securus Chief Executive Rick Smith did not reply to a request for comment.

Nearly all jails and prisons in the U.S. contract with private phone companies to give incarcerated people a way to keep in touch with family and friends. One of the reasons these calls tend to be so expensive, the companies said, is because all calls end up recorded and stored on private servers, which require a massive amount of online storage and protection.

With 2.2 million individuals behind bars in the country, billions of minutes of calls end up stored each year.

Law enforcement officials said recording an inmate’s call is an essential tool. Police, for instance, use the call recordings to carry out investigations. They also hire extra personnel to monitor the calls to make sure people aren’t coordinating criminal activity with associates outside prison walls.

The most troubling part of Wednesday’s report, however, was not just that the phone recordings ended up breached — it was that 14,000 of the calls were apparently recordings made between attorneys and their clients, a clear violation of their constitutional rights.

Securus has not outright denied attorney calls ended up recorded, but instead claimed their technology includes “multiple safeguards” to make sure that attorney calls do not end up recorded. “It is very important to note that we have found absolutely no evidence of attorney-client calls that were recorded without the knowledge and consent of those parties,” the company said.

In recent months, the company has gone to great lengths to tout its security and technological prowess. In May, for instance, the company opened a 10,000-square-foot “high tech facility” to showcase the company’s products.

But there have been troubling signs that the company’s data facilities were not secure and reliable. In June, a “round of bad weather” knocked out the cooling systems at the company’s data management center, shutting off phone access to millions of prisoners and their families for several hours.