Prison Inmates Used DIY Computers To Hack Prison Network
According to a report from the office of the Ohio State Inspector General, lack of supervision at the Marion Correctional Institution allowed inmates to hide two computers on a plywood board in the ceiling above a closet in a training room. Both computers were connected to the Ohio Department of Rehabilitation and Correction network. Although the computers were discovered back in 2015 by a prison employee, the incident has only now been made public after the release of the Inspector General's report.
It would seem that inmates were able to use discarded computer parts to build two PCs that were then hidden in the ceiling and connected to the prison network. The report says the incident is a result of a lack of supervision at the prison. State investigators concluded prison officials didn’t properly report finding the computers in 2015 and failed to report the incident to both the State Highway Patrol and the inspector general.
As stated in the report, an Ohio Department of Rehabilitation and Correction Operation Support employee received an alert reporting unauthorized network activity and log-in attempts using credentials belonging to a retired ODRC employee currently serving as a contract employee. Prison officials were able to trace the location of the rogue computers and remove them from the prison but not before inmates were able to get their hands on internal records of other inmates and access websites that had information about manufacturing drugs and makeshift weapons. The inmates even plotted to steal the identity of a fellow inmate and file tax returns under that inmate’s name.
Due to the failure to report suspected illegal activity, the Office of the Ohio Inspector General found reasonable cause to believe a "wrongful act or omission" occurred in this incident. The Marion County prosecutor's office and the Ohio Ethics Commission are expected to review the case to determine if any employees should receive disciplinary action.
The Ohio Office of the Inspector General is authorized by state law to investigate alleged wrongful acts or omissions committed by state officers or state employees involved in the management and operation of state agencies. We at the Inspector General’s Office recognize that the majority of state employees and public officials are hardworking, honest, and trustworthy individuals. However, we also believe that the responsibilities of this Office are critical in ensuring that state government and those doing or seeking to do business with the State of Ohio act with the highest of standards. It is the commitment of the Inspector General’s Office to fulfill its mission of safeguarding integrity in state government. We strive to restore trust in government by conducting impartial investigations in matters referred for investigation and offering objective conclusions based upon those investigations.
State officials say that Jason Bunting, warden of the prison at the time, has since resigned from his post at Marion and is now superintendent of the Northwest Ohio Development Center.
Even with the total lack of supervision, it's amazing that the inmates involved were smart enough to assemble two working computers from scraps, transport the computers 1,100 feet across prison grounds through at least one security check point, and travel up an elevator where they eventually hid the computers in the ceiling of a training room.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Judging by the list of software found on the computers, it would seem that at least one of the inmates involved is extremely tech savvy. The list of software found on the drives included: Kali Linux, TrueCrypt, THC Hydra, OpenVPN, Wireshark, CC Proxy, Zed Attack Proxy, and numerous other malicious tools.
-
COLGeek Lucy! You've got some 'splaining to do!! (Channeling my inner Ricky Ricardo).Reply
Doesn't speak well of the IT/cyber staff. -
clonazepam The only prison PC I ever worked on had had all of the parts epoxied in place. I can't believe they hadn't at least done that.Reply -
10tacle "Even with the total lack of supervision, it's amazing that the inmates involved were smart enough to assemble two working computers from scraps, transport the computers 1,100 feet across prison grounds through at least one security check point, and travel up an elevator where they eventually hid the computers in the ceiling of a training room."I know a guy who worked as a state penitentiary officer for a few years. Never, EVER underestimate what the human mind is capable of when confined and bored with a lot of free time. They can make lethal weapons out of seemingly nothing. Once an inmate made a blow gun out of toilet paper and cardboard that could break plexiglass in velocity - with pebbles picked up from the yard and formed into a bullet-like shape. You don't give them any opportunities.Reply
The fact that these inmates were given free access to PC parts that were not kept track of is beyond pathetic. It's almost as if the prison staff were intentionally aiding and abetting the inmates! I'd like to know what those two were in there for. I'm sure it's public information. -
COLGeek
I see what you did there. ;)19559945 said:No, no, no. That's not what we meant by "jailbreaking a device".
Nice. :lol:
-
Michael_453 Very impressive on the part of the inmates that were able to do this. Thinking that if they took that knowledge and determination and applied it towards something productive (legally productive) they could do very well. On the other hand, thinking that I would be very embarrassed if I were in charge of the inmates.Reply
My wife has a brother in a state penitentiary and they are allowing them (minimum security) to get i-pads to do skype and e-mail, etc.... I wonder how long that will last before some A-hole does something stupid and messes it up for everyone. -
ithurtswhenipee Not surprising. We don't know what these inmates are in for. They could have been skilled in IT from the start. Plus prison inmates can earn college degrees in prison with the training materials provided to them. From the report it seems that desspite the gross negligence of prison staff, they were not able to do much of anything before being caught. So kudos to the IT staff, supervision - not so much.Reply