Fun With TDOC

by Anonymous

The Tennessee Department of Corrections (TDOC) has "upgraded" their little piece of the State's network.

Management Information Systems (MIS), the people responsible for the piece of crap I called TOMIS, was given the task.  TOMIS runs under UNIX as a clumsy interface with infuriatingly cryptic menu names and a pathetic online help menu.

As of November 1999, TOMIS users I said goodbye to their old Memorex Telex terminals and received MTX 1683 terminals.  This is because MIS and "The Powers That Be" didn't like the idea of having several PCs connected to TOMIS for the paper-pushers to do their memos and stuff on.

Their paranoia was well placed because the PC I used was equipped with QBasic and the client app for connecting to TOMIS (grin).  The prison staff are under-trained and barely computer literate.  Most staff had dumb terminals, so PC security has been largely overlooked.

Is the system "secure" now?  MIS laid a shitload of fiber, bought hundreds of MTX terminals (diskless), 15" color monitors, and printers.  Now TDOC staff have access to the State's Windows NT server!

Of course, they didn't do any real training and the staff are still clueless about how to do anything above the simplest tasks.  MIS didn't want to go through all the trouble of putting all the TOMIS stuff on the NT server, so you can either log onto TOMIS or the NT (but not both).

The NT provides access to MS Word, Excel, email, etc.  I didn't see anything all that exciting on it, but it's worth exploring because of all the subnets attached to it.

Due to the poor training, I was lucky enough to have the opportunity to spend several hours on the TOMIS and NT "helping" teach the staff I work for.  What incarcerated hacker would pass that kind of chance up?  After a short time I realized that one of the little MIS idiots forgot to set a configuration password on one of the terminals.

Under the watchful eye of clueless staff members, I was able to view and change anything I wanted.  Anyway, here's a little info for anyone who's interested in checking out one of the most pathetic systems I've ever seen.

Windows NT Server Domain Name: state.tn.us DNS Server: 170.142.82.150 Default Gateway: 170.142.48.129 TOMIS (UNIX) Domain Name: tn3270.state.tn.us

Warning:  TOMIS only runs batch processes (called "conversations" or "requestable reports") and any interactive process will stand out.

Login Procedure

1.)  Type IMS2 under State Map (hit Enter).

2.)  Type BPNUMBER (replace NUMBER with a valid user ID).

3.)  Tab down to Password field and enter password.

4.)  Type in the answer to the two personal questions.  There are two of them from a list of twenty.

5.)  You are now at the Main Menu.

Move your cursor to the lower-left hand corner of the screen next to Function and type in the conversation you want from the following list:

LCD2: Visitor Status LCD3: Staff Assignments LCD4: Institution Travel LCDA: Standards LCDB: Fee Types LCDC: Treatment Programs LCDD: Criminal Justice Person LCDE: Staff LCDF: Plan of Service LCDG: Contact Notes LCDH: Travel LCDI: Offender Fee Inquiry LCDJ: Revocation Warrants LCDK: Transfer in Request LCDN: Family/Contacts LCDQ: Fee Payments LCDR: Fee Exemption LCDU: Offender Fees LCDV: Offender Receipts LCDW: Work Site Assignment LCDX: Work Site Referral LCDY: Work Site Report LCDZ: Work Site Application LCLA: Offender Attributes LCLB: Offender Aliases LCLC: Offender Employment LCLD: Offender Treatment LCLE: Offender Education LCLF: Offender Findings LCLG: Offender Orientation LCLH: Institution Transfer Request LCLJ: PSI Referrals LCLK: PSI Text LCLL: Offender Debts and Assets LCLM: PSI Victims LCLN: Classification LCLP: Classification Test Results LCLR: Criminal History LCLS: Assignments Due LCLT: CAF Weights LCLV: CAF Score LCMA: Commissary Item LCMB: Commissary Purchase LHSB: Accident LHSE: Health Assessment LHST: Limited Activity Notice LHSV: Health History LIBA: Incompatibles LIBD: Segregation LIBE: Future Disciplinary Hearing LIBF: Grievance LIBJ: Incidents LIBK: Disciplinary LIBL: Disciplinary Decision LIBM: Board/Committee Members LIBN: Offender Property LIBO: Offender Property Arrival LIBP: Offender Claim LIBQ: Cell Search Request LIBR: Cell Search Results LIBS: Drug Audit Results LIBT: Property Audit Findings LIMC: RQST Cell/Bed Assignment LIMD: Arrival/Departure LIMF: Offender Cell Change LIMG: Chain Schedule LIMH: Dead Offender LIMJ: Escape Transfer LIMK: Escape LIMM: Visitor History LIMN: Current Visitors LIMQ: Count Room LIMR: Pop Counts LIMS: Site LIMT: Admit Request LIMV: Non-Rider LIMW: Schedules LJEA: Offender Pay LJEB: Education Test Results LJEC: Program Notes LJED: Job/Class Assignment LJEE: Job/Class Termination LJEF: Job Audit LJEG: Work Permit LJEJ: Register Placement LJEK: Job Set Up LJEL: Position Request LJEM: Job Position ID LJEN: Offender Attendance LJEP: Pay Policy LJER: Class Section LJES: Special Education Referral LJET: Job/Class Inquiry LJEV: Class Set Up LOEB: Diet Order LOEC: Drug Order LOED: Radiology Order LOEE: Laboratory Order LOEJ: Radiology Results LOEK: Laboratory Results LOEL: Services Provided LPDA: Board Action LPDB: Parole/Committee Recommendation LPDD: Interested Party/Comments LPDE: Parole Predictor LPDF: Proposed Plan LPDG: SAIU Findings LPDH: Probation Petitions Filed LPDJ: Hearing Subpoena Request LPDL: ISC Requesting Courtesy LPDM: Other State Recommendation LPDN: Parole Staff Action LPDP: Eligibility Docket LSSA: TOMIS User ID LSSB: Security Alert LSSC: Access Revocation LSSD: Security Conversations Accessed LSTA: Dead/Delinquent/Street Time LSTB: Offender Credits LSTF: Offense Statutes LSTJ: Judgment Order LSTM: Credit Law Waiver LSTP: ISC Sentences LSTQ: Tennessee Sentences LSTR: Sentence Actions LSTS: Detainer LSTT: Diversion LSTV: SMS Offender Credits LSWA: E-mail LSWB: Report Request LSWC: Report Set Up LSWD: TOMIS ID Add LSWE: Phonetic Compare LSWF: User Procedures LSWG: Forms Maintenance Painter LSWH: Restore Offender LSWK: Terminal Printer LSWL: TOMIS ID Maintenance LSWN: Name Search Compare LTFB: Trust Fund Organization LTFC: Payroll Release Request LTFE: Trust Fund Transactions LTFH: Trust Fund Obligations

If you choose a conversation that requires a Site ID, here are a few to get you started:

BPCO: Board of Parole Central Office CENT: TDOC Central Probation Office CNRC: Central Records DCCO: TDOC Central Office CNV: Conversion EIC: Escape Information Center

Need Help Using TOMIS?

The TOMIS Hotline (a.k.a. System Development Services) can be reached between 8:00 a.m. and 4:30 p.m, (Central Time) Monday thru Friday.

If you don't like dealing with personnel who might be sitting at a terminal trying to figure out who you are, then just call their on-call people!  They aren't at a terminal, but are very willing to give out info to anyone who has their page number.

Call 1-800-841-7243 between 10:00 p.m. and 12:00 a.m., Monday through Friday.  On Saturday and Sunday, it's 7:00 a.m. to 4:00 p.m.  Another interesting place to look for information is the Data Center.  TOMIS users call this number when reporting equipment malfunctions.

• System Development Services:  615-741-1000
• The Data Center:  615-741-1001

If you're reading this article and thinking, "Hey, I could hack TOMIS and change prisoner release dates and they'll let them out!" you're dead wrong.  Central Records checks each inmate's paper file before releasing them.

Hacking isn't about short circuiting "justice" anyway, is it?