Technology at the Federal Bureau of Prisons
by [Name Withheld]
Disclaimer: This article is for entertainment/educational purposes only. Any resemblance to actual persons, computers, locations and/or events is purely incidental. No computers were harmed in the writing of this article.
I'm nearing the end of a 210 month conspiracy sentence in federal prison and I thought I would let the readers know about the computer situation here. It should be similar at other institutions. For those of you who don't know, BOP stands for (Federal) Bureau of Prisons or, if you prefer, Backwards on Purpose.
As a side note, your magazine has been blacklisted here.
As with all of the other places I have been, it's allowed for a couple of years until the wrong person notices one of the covers and it scares them. They then get turned over to Computer Services, where it is summarily banned. Novel ideas and free-thinking individuals are what they fear the most. I have personally spoken to several of the officers who would have the authority to accept or reject it. Their only response as to why is to say, "It would violate the security and orderly operations of this facility." The funny thing is that a copy of an article will make it in, as will the books.
In the library are five workstations and one print station, each of which is connected to a switch and server in a small rack inside of a cage closed with a padlock. There is an access panel attached with screws. It's a good thing no one here has access to screwdrivers, right? This is in turn connected to a computer room located in the Administrative Corridor. From there it goes to the main server room in the Administration Complex at the main prison. The workstations are Pentium Dual CPU 2.2 GHz E2200 Dells with 1 GB of 800 MHz DDR2 running Windows XP.
This is one of the smaller camps in the BOP, so other locations may have more. Other prisons also have them in the housing units. Each one is secured inside of a steel case with a special, rubber coated, TRULINCS branded lock. There are openings for the normal KVM cables, Ethernet, and the power cords. There is no access to the power switch, but the cords are plugged into standard, six outlet power strips screwed to the bottoms of the tables. The computers automatically reboot in case of "power failures." The boot process begins at 5:45 am, seven days a week. The BIOS and setup menus can easily be accessed with a keystroke. There is a password, but...
The computers boot to a login screen where you must enter three numbers to gain access: your eight-digit inmate ID number; a nine-digit Personal Access Code (PAC number), and a four-digit PIN.
Our ID numbers are printed on the fronts of each and every piece of clothing issued by the BOP, while the PIN and PAC numbers are written on a piece of paper and given out during the mail call. If a person doesn't attend it, someone else, hopefully without malicious intent, will gather your mail and give it to you.
Normal hours of operation are from 6:00 am until 3:30 pm and then from 4:00 pm until 10:00 pm. If you try to login at an undesignated time, it displays a "TRULINCS is not currently available" message.
After three failed attempts to log in, your account is disabled until the administrator re-enables it, sometimes days later. DOS anyone? All keystrokes are captured by the program and do not get passed on to the OS - no three finger salutes, no Ctrl or Alt key combos, and no Windows key.
Another thing to notice is the number on the bottom right of the screen, now 52. I'm assuming it is the current version number as it is incremented during most of the scheduled outages.
Once you are logged into the system, the first screen that appears is the Warning/Responsibilities/Acknowledgment page. You are being monitored. This computer is to be used for authorized purposes only. Don't be bad... Yadda, yadda, yadda. You must "accept" this to continue.
TRULINCS
This computer system is known as Trust Fund Limited Inmate Computer System (TRULINCS).
While you're here, it is your bank, library, address book, and email provider. Once you have accepted the terms, the next screen appears.
You will see several buttons:
- Purchase TRU-Units
- Public Messaging
- Account Transactions
- Bulletin Board
- Contact List
- Law Library
- Manage Funds
- Music
- Prescription Refills
- Request to Staff
- Survey
Not all buttons are available on all computers. You can get more info from www.bop.gov/inmate_programs/trulincs_faq.jsp.
TRU-Units
TRU-Units are credits that can be purchased for five cents each in increments of 40, 100, 200, 300, and 600.
There are currently two pay services which use these: Public Messaging and Print.
E-mail costs one unit per minute and printing is three per page.
CorrLinks
Email is provided by a company named CorrLinks.
There is a four-step process to get a contact approved. First, the address is compared to a blacklist. For instance, I was not allowed to write to eyespymag.com about an issue with my subscription. If they are not on this list, they will receive an email from info@corrlinks.com, informing them that an inmate wishes to contact them.
It contains an eight-digit code, good for ten days, which they must use when setting up their account. A link takes them to the site. The site uses CAPTCHAs to discourage the use of bots.
Once their account has been created, a notice appears on the TRULINCS screen in blue saying "You have new or approved contacts." The final step is to contact the person. Contact must be initiated by the inmate. After that, either party may write.
Each inmate's address is in the form xxxxxxxx@inmatemessage.com. Replace the Xs with the inmate ID number. The person must log into the site each time to check for messages from or to write to the inmate(s). There is a checkbox which can be clicked to have the site send an email notification to you each time you receive a message, but you still must login to read it. There is a 13,000 character limit. No HTML formatting or graphics are allowed, nor are attachments accepted. All messages over 60 days old are deleted, or so they say. You are allowed one hour before you are kicked off and must wait 30 minutes between logins.
Once logged in, you are free to enter and exit the email as often as you wish, until your hour is complete. Why is this important? From the time you click the "Public Messaging" button until you exit, you are being charged.
Whether reading, composing, or replying, it doesn't matter. But it charges only for full minutes used. Therefore, if one were to exit before their next full minute elapsed, that partial minute would be free (though one credit is automatically deducted as soon as you enter the Messaging Center).
There is no cutting, copying, or pasting allowed. More than one recipient can be selected from your contact list. There is also no forwarding, but there is a workaround. Select the message that you wish to forward and click reply. You can then choose a different name from your list.
There is an approximately one hour delay for both incoming and outgoing emails. They are held in a queue, keyword searched, and sent out in batches.
There are two printers: one for regular paper and another for labels, which are required on all outgoing correspondence. Both are located in cages, but the top is open so we can remove our printouts (or access any of the front panel buttons). The only thing the cages are good for is to block us from refilling the paper without calling a staff member with a key (unless one tilted it up in the overly large space and filled it that way).
The "Print" button is disabled on all of the machines except for the Print Station. When something is printed from one of the regular computers, it is placed into the Print Station's queue. You must then log into it and send it on to the printer.
Labels can be printed for free, up to a limit of five per day. Although, if one were so inclined, they could just use a typewriter and a blank label. Though not exact, they seem to pass inspection pretty well.
GoPrint
Previously, printing was done using a touchscreen, mouse, and card reader/writer which was attached to the server located in the unattended library, and used a program called GoPrint.
As with a lot of the full screen interfaces such as this one, there is a way to escape it. A quick double tap in the upper-left corner would bring up a window and login screen for the Print Manager.
If this was a new setup, I would guess admin/admin or something similar, but every IT guy knows the first thing one should do is to change all of the default passwords to more secure ones, especially in a place such as this, right? Wrong! A few pokes at the on-screen keyboard and voilà, the Administrative Panel, where one could change the price (lower, free, negative?), the number of copies, etc. Did I mention a card write? Saving the settings and exiting would drop you onto the Windows desktop logged in as the sysadmin. Enough said.
Credits were purchased at the commissary and stored on your ID card. Later, they switched over to a disposable prepaid card - $6.50 for 50 pages - which was also used in the copiers. To make a copy, you first had to insert the card. The reader would display the number of remaining credits and, if empty, eject it.
After the copy button was pressed and your print job complete, the credit was then subtracted. The keyword here is "then." If one were to eject their card prior to the completion of the job, free copies for everyone.
Several of the copiers' functions required a password and it was set, albeit a six digit numeric one. I won't even tell you what it was. If you can't guess it in under a minute, you really aren't trying.
Account Transactions/TRUFACS
Trust Fund Accounting and Commissary System (TRUFACS) is the name of the system that contains the inmate accounts.
The "Account Transactions" button allows one to view all of their transactions. This screen has four tabs: the first for your TRUFACS (commissary) account, the second for your TRUFONE and ITS credits, the third for your TRULINCS TRU-Units, and the final one for media.
It is not currently used here, but will contain a list of the songs we have purchased for our MP3 players, not yet available at all locations. Fraunhofer and Thomson will be smiling with a quarter million potential, new customers. Anyone heard of OGG?
The FBOP has gone biometric. To make purchases at the commissary, you must provide them with a thumbprint. The reader doesn't work very well and it sometimes takes several tries to accept it, and not always correctly.
Bulletin Board
This is where notices, announcements, schedules, call-outs, menus, etc. are posted.
Call-outs are lists of inmates names and numbers telling where they need to go at a certain time, and their bunk numbers. Identity theft and regular theft are just two of the concerns here. One thing of note that I encountered here is the TRULINCS Training Manual. In its explanation of how to use the Bulletin Board, there is a screenshot of a document not normally available for our perusal - an instruction manual for a Citel IP Phone C4110. Interesting.
Contact List
Here is where we add our contacts.
Every person with whom you wish to communicate, whether by email, snail mail, or telephone must be listed. The required fields include: the first and last names, relation (family, friend, clergy, business, etc.), country, ZIP Code (which automatically fills in the city and state fields), and address. The street is chosen from a drop-down populated with all available choices.
Additional fields include telephone number, email address, re: and comment. None of these are verified in any way whatsoever.
Certain addresses are not allowed, such as the address of the institution. They don't want us to waste labels by printing return addresses for the envelopes, or to give to our families to use to write to us. If you need a label with a banned address, there is a checkbox next to the street field that says "My street does not appear in the list."
If you check it, it adds another drop-down where you can select a letter to narrow your selection down. Choose any one. It doesn't matter. Another checkbox will appear saying "My street still doesn't appear in the list." Check it and you can type in any address you desire, even if it was the one that wasn't allowed before.
Law Library
Two of the computers are designated Electronic Law Library (ELL) computers.
These allow local access to the LexisNexis database, updated every month or so, where we can research legal matters. We used to also have American Jurisprudence (AmJur), but it has been removed. It was by far the most phun of the two.
It allowed "bookmarks" to be placed in the files. These were intended to be a link to a text file where you were taking notes or pictures of evidence or audio that would be opened in the proper viewer. Can you see where this is going? What would happen if an executable were linked to the program? Possibilities were endless.
One could also go to the "File Open" menu and browse for other "books" to open.
An interesting place to search was the "Users" folder. This is when we still had Windows logins rather than TRULINCS. Our usernames were our inmate ID numbers and the default password was: test@1234567
Most people never used their accounts and could easily have been pwned. The users folder contained the numbers of every inmate who was able to use the system. But there was one that really stuck out: 77777777
What could the password be? It turned out that this was an account created by the sysadmin that he could copy whenever a new arrival came and needed an account. There were also others called test and printl. Take a guess at their passwords. Go ahead, I'll wait. I haven't really used LexisNexis enough to say much about it.
Manage Funds
This button allows you to send money to one of your contacts, or set some aside for your release. The checks go out in a week or two and look like normal government checks. I'm sure you can see the potential for trouble here.
Miscellaneous
The remaining four buttons are grayed out and aren't being used yet.
"Music" will allow us to purchase songs, supposedly from walmart.com, but that has yet to be confirmed.
"Prescription Refills," "Request to Staff," and "Survey" need no explanation.
TRUFONE/ITS
The Inmate Telephone System deserves an article unto itself, but I'll cover it briefly here.
The phones are Set Tel Inmate V7006 GBK black boxes made by Wintel. They are pretty basic looking. The current ones are black. The blue ones were removed a year or so ago.
There is a red plaque mounted in the upper-left corner of the booth that warns you that you are being monitored. The monitoring is done by the staff. They have the ability to log into any of the staff computers and pull up a recording of the calls. There may also be a computer listening for keywords to flag the call for staff review. A big flag is speaking a foreign language besides Spanish. Each phone has a small metal plate riveted to the upper-right of the box containing a four-digit number, numbered sequentially.
The current version of ITS uses voice recognition.
To initially record your voice you must dial 111 and then your PAC number. You are asked to repeat your name three times, then it is played back for you. To hear it again, dial 112 followed by your PAC number. 113 and your PAC number allows you to transfer money from your TRULINCS to your TRUFONE account.
An interesting number to dial is 116. It reads off two numbers, then hangs up. The first number is the same on all of the phones here. The second one is different on each phone, but they are in sequence with the numbers on the plates, though not the same.
To place a call, local or long distance, just dial the ten digit number. For collect calls, you must first dial 0. For international callers, you must dial 011, then the number. Of course, each of these must be followed by your PAC number and saying your name. Prices for local calls are seven cents, long distance 23 cents, and international is around a dollar.
Conclusion
The FBOP should rethink their password policies or actually follow them.
They should rethink their IT department hiring policies - being able to walk and chew tobacco at the same time does not a good employee make.
Security by obscurity does not work with inquisitive minds. There are many things that should be changed and some that have.
Though our bodies may not be free, our minds are - free to learn, to explore, to resist.
Hack the world!