Longreads Needs Your Help

During our Winter Member Drive, we are hoping to raise $50,000 in funding for new journalism and storytelling.

If you support our mission, please contribute today: Make a contribution

Your support means more top‑notch journalism and storytelling.

Make a contribution

How a Mom Penetrated the Pen to Hack the Warden’s Computer

Getty Images

John Strand didn’t think it was a great idea to allow his mom to attempt to break in to a South Dakota prison as part of a “penetration” or “pen” test of their security systems. But as Lily Hay Newman reports at Wired, Rita Strand, age 58, insisted. Armed only with a fake badge and some confidence, she posed as a health inspector doing a surprise inspection and managed to gain access — unaccompanied! — throughout the facility where she planted “rubber duckies” (USB sticks with code used to compromise computer security systems) on several computers, including the one belonging to the warden.

“She takes off, and I’m thinking in the back of my head that this is a really bad idea,” Strand says. “She has no pen testing experience. No IT hacking experience. I had said, ‘Mom, if this gets bad you need to pick up the phone and call me immediately.'”

Pen testers usually try to get in and out of a facility as quickly as possible to avoid arousing suspicion. But after 45 minutes of waiting, there was no sign of Rita.

“It gets to be about an hour, and I’m panicking,” he says. “And I’m thinking I should have thought it through, because we all went in the same car so I’m out in the middle of nowhere at a pie shop with no way to get to her.”

Suddenly, the Black Hills laptops began blinking with activity. Rita had done it. The USB drives she had planted were creating so-called web shells, which gave the team at the café access to various computers and servers inside the prison. Strand remembers one colleague yelling out: “Your mom’s OK!”

In fact, Rita had encountered no resistance at all inside the prison. She told the guards at the entrance that she was conducting a surprise health inspection and they not only allowed her in, but let her keep her cell phone, with which she recorded the entire operation. In the facility’s kitchen, she checked the temperatures in refrigerators and freezers, pretended to swab for bacteria on the floors and counters, looked for expired food, and took photos.

But Rita also asked to see employee work areas and break areas, the prison’s network operations center, and even the server room—all allegedly to check for insect infestations, humidity levels, and mold. No one said no. She was even allowed to roam the prison alone, giving her ample time to take photos and plant her Rubber Duckies.

Read the story