Zhang, an electrical engineer in Boston, decided to post about trying to unlock his Justice Tech Solutions Securebook 5 on the social platform X. The thread went viral — also catching the attention of Washington corrections officials, who have used the device for college programming since 2020.

Of particular concern was an article about Zhang’s thread published on a hacker website that shared the default password for the underlying software that starts the laptop’s operating system, presenting what the Department of Corrections considered a security concern.

The department then announced Thursday, five days after Zhang’s viral post, that it would collect all secure laptops from incarcerated students statewide “to provide an immediate system update.” By Saturday, corrections staff had collected around 1,200 laptops, spokesperson Chris Wright said in an email.

Wright confirmed no one incarcerated in Washington prisons had attempted to unlock their devices but said the decision was “made out of an abundance of caution.” It wasn’t immediately clear whether other states whose corrections departments use Securebook 5 laptops have also pulled the devices.

Archived at https://ghostarchive.org/archive/LS3co

e; updated the title due to popular demand

  • LazaroFilm@lemmy.world
    link
    fedilink
    English
    arrow-up
    116
    arrow-down
    12
    ·
    8 months ago

    They didn’t lose their laptop. They got taken to be updated because of a security breach

    • AtmaJnana@lemmy.world
      link
      fedilink
      English
      arrow-up
      55
      arrow-down
      9
      ·
      8 months ago

      Intentionally inflammatory and misleading headlines on Lemmy? Pshaw. The hell you say.

      • ringwraithfish@startrek.website
        cake
        link
        fedilink
        English
        arrow-up
        30
        arrow-down
        4
        ·
        8 months ago

        Not a Lemmy issue. Click bait unfortunately works to drive views through all social media platforms.

        The thing I love is being able to click into the comments first to see the auto-generated summary. Prevents the site from getting my traffic.

        • Kissaki@feddit.de
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          3
          ·
          8 months ago

          The community could make rules on what is acceptable to post or not though. And disallow websites that regularly mislead.

          • Nilz@sopuli.xyz
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            3
            ·
            8 months ago

            And it should require copying the title from the article and not allow editorializing it (or only slightly).

      • pop@lemmy.ml
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        3
        ·
        8 months ago

        I never realize what responses like this add to the discussion.

        do you have any other community platform free from clickbaits? do you need a pat on the back cuz you think you’re immune to clickbaits? what’s the point?

    • PM_Your_Nudes_Please@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      ·
      8 months ago

      Calling it a security breach is a bit of a stretch, to be fair. The company that issued them never changed the default BIOS password, so inmates could gain admin control over them if they wanted. Changing default passwords is like the most basic Help Desk 1 training.

      I can almost guarantee that the company is owned by someone who also has direct ties to the prison’s leadership, and they spun up the corporation just to issue (and profit from) the laptops. Because there’s no way that an experienced IT team would allow 1200 laptops to walk out the door with default passwords.

      • LazaroFilm@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        4
        ·
        8 months ago

        Having root access to that computer means they can do a lot of throngs they aren’t supposed to. I fail to see this as anything but a security breach for this.

    • gAlienLifeform@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      6
      ·
      8 months ago

      They were taken for reasons that inmates had nothing to do with, they have not been replaced, and it’s unclear when they’ll be returned. Inmates who are enrolled in college courses are having to handwrite papers that are due soon.

      • kora@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        17
        arrow-down
        3
        ·
        8 months ago

        Its the us slavery system. The laptops will be returned whenever something happens to some prisoner(s) that gets successfully sold as tragic to the masses. I hope there is some young attractive white mother who was taking classes on the laptops and is about to finish her sentence, or else they’re gonna be waiting a while.

        • gAlienLifeform@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          13
          arrow-down
          5
          ·
          8 months ago

          Not victimizing all of the student inmates because the prison invested in a poorly designed system that could potentially be exploited when none of the students have attempted that exploit or were likely even aware of it

          • Pup Biru@aussie.zone
            link
            fedilink
            English
            arrow-up
            6
            arrow-down
            7
            ·
            8 months ago

            that’s not an alternative. i agree that’d be preferable, but given where the situation stands, what’s the concrete action to take to remedy the situation?

            • gAlienLifeform@lemmy.worldOP
              link
              fedilink
              English
              arrow-up
              6
              arrow-down
              4
              ·
              8 months ago

              The devices should be returned to inmates immediately, prison administrators should then slap themselves in the face one time for implementing them poorly to begin with, slap themselves in the face several times for overreacting to a viral story without having any reason to believe there was an active or imminent problem with any of their inmates, and deliver a tooth-loosening punch to their own faces for thinking they could punish these inmates by taking away their education to cover their screw up.

              After that, hire a real IT person who knows what they’re doing by paying them decently allowing remote work and not drug testing, and then listen to them.

              • Pup Biru@aussie.zone
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                3
                ·
                8 months ago

                i don’t think you understand how IT works… there will always be vulnerabilities… even the NSA probably has vulnerabilities… when found, these vulnerabilities need to be patched. i’m sure they’ll get their devices back; they just need to implement a fix

                none of this is perfect, but shit happens and all we can aim to do is minimise the damage when it does happen

    • quindraco@lemm.ee
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      2
      ·
      8 months ago

      There was no security breach. Did you even read the summary, let alone the article? There wasn’t even an attempted breach.

      • LazaroFilm@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        7
        ·
        8 months ago

        There is a breach as he released the default password, but no one attempted to breach it, as in no one tried to use the default password on their computer. Did you even try to understand what you read?

        • Ajen@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          5
          ·
          8 months ago

          It’s a vulnerability, not a breach. As you pointed out, no one attempted to breach it.

  • Thann@lemmy.ml
    link
    fedilink
    English
    arrow-up
    38
    ·
    edit-2
    8 months ago

    Lol using a “master password” is the “security concern”

    Its going to get leaked again and they still won’t criticise company lol

    • ShepherdPie@midwest.social
      link
      fedilink
      English
      arrow-up
      15
      ·
      8 months ago

      These prison supply companies are typically owned by fellow prison guards who want to grift the state, which is why they won’t criticize them.

  • kn33@lemmy.world
    link
    fedilink
    English
    arrow-up
    28
    arrow-down
    2
    ·
    8 months ago

    I hope they use unique, random passwords for each device this time. Not that I’m rooting for Corrections, but this is educational time that’s being lost

    • tsonfeir@lemm.ee
      link
      fedilink
      English
      arrow-up
      26
      arrow-down
      3
      ·
      8 months ago

      You should be rooting for “corrections” rather than imprisonment.

  • redcalcium@lemmy.institute
    link
    fedilink
    English
    arrow-up
    18
    ·
    8 months ago

    Seems to be an overreaction. What are the prisoners gonna with the bios password? Install an alternate OS? But there is no usb port, and the prisoners can’t solder one themselves without, well, a soldering kit. Boot from network? But it may not have a wifi card.

  • NeoNachtwaechter@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    ·
    8 months ago

    Nice how they call it a “Securebook” when it has a static default password.

    I mean, shouldn’t they better call it a “High IQ System”?

    B-)

    • no_me_jodas@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      4
      ·
      8 months ago

      Good call, the OG title was terrible.

      An engineer bought a prison laptop on eBay. Then 1,200 incarcerated students lost their devices.

  • Frisbeedude@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    18
    ·
    8 months ago

    default password

    It’s 2024 and we still have news about these “security problems”?

    That Zhang guy can only hope not to go to jail anytime soon. Every prisoner who knew about that password wants to have “the talk” with him. Snitches get stitches…

    • gAlienLifeform@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      15
      arrow-down
      2
      ·
      8 months ago

      Every prisoner who knew about that password

      Meanwhile, back in reality

      Wright confirmed no one incarcerated in Washington prisons had attempted to unlock their devices but said the decision was “made out of an abundance of caution.”

    • KeriKitty (They(/It))@pawb.social
      link
      fedilink
      English
      arrow-up
      12
      ·
      8 months ago

      an article about Zhang’s thread published on a hacker website that shared the default password

      Maybe jumping directly to the “snitches get stitches” part before bothering to spot an actual snitch is a bad idea? “That Zhang guy” was trying to break the thing open, not tattle on others trying to do it.