Prisoner freed based on forged fax

[cquark]

From Bruce Scheier's blog:

In West Memphis District Court yesterday, Tristian Wilson was set to appear on the docket for a bond hearing on the charges. When he did not appear, Judge William "Pal" Rainey inquired about his release and found that a jail staff member released Wilson by the authority of a fax sent to the jail late Saturday night.
According to Assistant Chief Mike Allen, a fax was sent to the jail which stated "Upon decision between Judge Rainey and the West Memphis Police Department CID Division Tristian Wilson is to be released immediately on this date of October 30, 2004 with a waiver of all fines, bonds and settlements per Judge Rainey and Detective McDugle."

Jail Administrator Mickey Thornton said that these faxes are part of a normal routine for the jail when it comes to releasing prisoners, however, this fax was different.

Faxes are fascinating. They're treated like original documents, but lack any of the authentication mechanisms that we've developed for original documents: letterheads, watermarks, signatures. Most of the time there's no problem, but sometimes you can exploit people's innate trust in faxes to good effect.

 

[Train]

lol, crafty.


I always wondered why faxes could be given such weight. Just doesnt sound very secure.

 

[EagleKeeper]

Originally posted by: Train
lol, crafty.


I always wondered why faxes could be given such weight. Just doesnt sound very secure.

Faxes are considered to be a legal copy of the originating document.

 

[Train]

Originally posted by: EagleKeeper

Originally posted by: Train
lol, crafty.


I always wondered why faxes could be given such weight. Just doesnt sound very secure.

Faxes are considered to be a legal copy of the originating document.

I know, hence the concern. So what we have in the example above is a "legal copy" of a forgery.

 

[EagleKeeper]

Originally posted by: Train

Originally posted by: EagleKeeper

Originally posted by: Train
lol, crafty.


I always wondered why faxes could be given such weight. Just doesnt sound very secure.

Faxes are considered to be a legal copy of the originating document.

I know, hence the concern. So what we have in the example above is a "legal copy" of a forgery.

Correct.

If they continue to accept the fax, they had better know which machine it is coming from. Harder to spoof, but possible.

Or when a fax comes in from a valid number, just have some-one place a return call. More than likely, the person sending the "valid" fax will be at that number.

If an invalid person is at the valid number, then the system is SOL.