Cyber security specialist weighs in on Madison County Jail security breach

HUNTSVILLE, Ala. (WAFF) - Security at the Madison County Jail breached for the second time in just over a year.

On Monday, the California security start-up company Verkada, which is used as a third party by the county jail, suffered a major breach.

Hackers had access to internet-connected security cameras across the country at places like Tesla factories, police stations, and jails.

The Madison County Jail is one of dozens of entities hit by this hacktivist group based in Switzerland.

The hackers said Verkada made it easy for them because they were able to access and download footage from thousands of security cameras across the country, including 330 from right here in Madison County.

The cyber security expert we spoke to said all it took was hackers getting access to one password from Verkada.

“The jail was pretty much at the mercy of the camera providers for this,” said Dr. Wesley McGrew a senior cyber security specialist with Martin Federal Consulting.

Bloomberg reports hackers were able to view live footage and audio of inmates and interviews between officers and suspects inside the jail.

“Not just security cameras watching inmates in their day to day life but also interviews that were carried out and a lot of it has personal information involved.” Bloomberg reports the cameras are hidden inside vents, thermostats, and defibrillators, to track inmates and correctional staff using facial recognition.

Madison County Sheriff Kevin Turner told us, “While we continue to evaluate this evolving situation, we are confident that this unauthorized release did not and will not impact the safety of staff or inmates in the Detention Facility or the general public. The Verkada issues are isolated to security cameras and there is no other impact to any other systems in the Detention Facility. When we were made aware of the issue the cameras were taken offline but are still able to be monitored inside the Detention Facility. We will continue to focus our efforts on the safety and security of our community which remains our first and foremost priority”.

“I am sure they have a very expensive incident response process going on right now to determine if the hackers left behind any back doors,” said Dr. McGrew.

It is not the first-time security at the county jail has been under fire. Last year we reported for several weeks on an IT issue—causing delays to booking and releasing inmates and murder trials.

“We have a lot of cyber security talent in town, so it is a shame to see organizations around here fall victim to these things or not be aware of the risks or trusting that sort of things to third parties.”

Doctor McGrew believes these types of incidents could have been avoided if someone on the county level would have asked questions before utilizing the third party. “Did we know ahead of time what their security protocols were? Did we know one account could view everything?”

The spokesperson for the jail said a team can still monitor the cameras inside the detention facility from the normal control room viewing stations.

We reached out to Madison County Chairman Dale Strong who would not comment on the breach.

We also left multiple messages with the county attorney who did not return our calls.

Copyright 2021 WAFF. All rights reserved.