Hacking Faxes
Prisoner is freed from jail based on a forged fax:
In West Memphis District Court yesterday, Tristian Wilson was set to appear on the docket for a bond hearing on the charges. When he did not appear, Judge William “Pal” Rainey inquired about his release and found that a jail staff member released Wilson by the authority of a fax sent to the jail late Saturday night.
According to Assistant Chief Mike Allen, a fax was sent to the jail which stated “Upon decision between Judge Rainey and the West Memphis Police Department CID Division Tristian Wilson is to be released immediately on this date of October 30, 2004 with a waiver of all fines, bonds and settlements per Judge Rainey and Detective McDugle.”
Jail Administrator Mickey Thornton said that these faxes are part of a normal routine for the jail when it comes to releasing prisoners, however, this fax was different.
Faxes are fascinating. They’re treated like original documents, but lack any of the authentication mechanisms that we’ve developed for original documents: letterheads, watermarks, signatures. Most of the time there’s no problem, but sometimes you can exploit people’s innate trust in faxes to good effect.
malcomvetter • November 8, 2004 7:46 AM
It’s amazing how much the healthcare industry still relies upon faxes for distributing Protected Health Information (PHI). Not only is it a privacy issue, but could you imagine abuse of pharmaceuticals or medical procedures because of a social engineering attack? Yet, take away the fax today, and many healthcare organizations would be unable to conduct business.