Prison Inmates Used DIY Computers To Hack Prison Network

According to a report from the office of the Ohio State Inspector General, lack of supervision at the Marion Correctional Institution allowed inmates to hide two computers on a plywood board in the ceiling above a closet in a training room. Both computers were connected to the Ohio Department of Rehabilitation and Correction network. Although the computers were discovered back in 2015 by a prison employee, the incident has only now been made public after the release of the Inspector General's report.

It would seem that inmates were able to use discarded computer parts to build two PCs that were then hidden in the ceiling and connected to the prison network. The report says the incident is a result of a lack of supervision at the prison. State investigators concluded prison officials didn’t properly report finding the computers in 2015 and failed to report the incident to both the State Highway Patrol and the inspector general.

As stated in the report, an Ohio Department of Rehabilitation and Correction Operation Support employee received an alert reporting unauthorized network activity and log-in attempts using credentials belonging to a retired ODRC employee currently serving as a contract employee. Prison officials were able to trace the location of the rogue computers and remove them from the prison but not before inmates were able to get their hands on internal records of other inmates and access websites that had information about manufacturing drugs and makeshift weapons. The inmates even plotted to steal the identity of a fellow inmate and file tax returns under that inmate’s name.

Due to the failure to report suspected illegal activity, the Office of the Ohio Inspector General found reasonable cause to believe a "wrongful act or omission" occurred in this incident. The Marion County prosecutor's office and the Ohio Ethics Commission are expected to review the case to determine if any employees should receive disciplinary action.

The Ohio Office of the Inspector General is authorized by state law to investigate alleged wrongful acts or omissions committed by state officers or state employees involved in the management and operation of state agencies. We at the Inspector General’s Office recognize that the majority of state employees and public officials are hardworking, honest, and trustworthy individuals. However, we also believe that the responsibilities of this Office are critical in ensuring that state government and those doing or seeking to do business with the State of Ohio act with the highest of standards. It is the commitment of the Inspector General’s Office to fulfill its mission of safeguarding integrity in state government. We strive to restore trust in government by conducting impartial investigations in matters referred for investigation and offering objective conclusions based upon those investigations.

State officials say that Jason Bunting, warden of the prison at the time, has since resigned from his post at Marion and is now superintendent of the Northwest Ohio Development Center.

Even with the total lack of supervision, it's amazing that the inmates involved were smart enough to assemble two working computers from scraps, transport the computers 1,100 feet across prison grounds through at least one security check point, and travel up an elevator where they eventually hid the computers in the ceiling of a training room.

Judging by the list of software found on the computers, it would seem that at least one of the inmates involved is extremely tech savvy. The list of software found on the drives included:  Kali Linux, TrueCrypt, THC Hydra, OpenVPN, Wireshark, CC Proxy, Zed Attack Proxy, and numerous other malicious tools.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
9 comments
    Your comment
  • SR-71 Blackbird
    Pretty funny read this on the net , pathetic prison security.
    4
  • COLGeek
    Lucy! You've got some 'splaining to do!! (Channeling my inner Ricky Ricardo).

    Doesn't speak well of the IT/cyber staff.
    7
  • blazorthon
    That's an embarrassing lack of oversight.
    7