Ohio Inmates Built and Secretly Used PCs for Years
According to a recent report from the Ohio State Inspector General, five prisoners built two computers while in prison. Without additional information, that fact alone painted a poor picture of the entire situation. Five prisoners, while incarcerated in the a branch of the Ohio Department of Rehabilitation and Corrections prison system, built two PCs from Illegally obtained parts, hid the machines in the plywood of a closet ceiling, and then talked into the ODRCâs internet connection. They accomplished this unbeknownst to prison staff, and, in part, due to a state program with poor management, the report explained.
ODRC’s IT team moved the Microsoft proxy servers at the Marion Correctional Institutionâthe facility in the spotlightâto Websense servers. Websense alerted the ODRC’s Operation Support Center (OSC) that suspicious activity occurred from an IP address on the network. At first, on July 3, 2015, Websense emailed the OSC team regarding an IP address that exceeded a daily network usage threshold. The emails then grew into something far more suspicious, according to the Websense support team.
These further emails alerted the appropriate IT department seven hacking attempts and 59 proxy avoidance attempts. The Department of Corrections employees began searching for the rogue computer. Login credentials used in the computer access activity, according to the authorities, showed signs of illicit behavior. I.e., the inmates faked the credentials of possibly stole them from an inmate or employee with such access.
An IT employee traced the physical location of the computers; the report claimed the employee found the network switch where the inmates connected the unauthorized computers connected to the internet.
âOn the above date and time I was following up on information received from OSC IT department. I had been told there was a PC on our network that was being used to try and hack through the proxy servers. They narrowed the search area down to the switch in P3 and the PC was connected to port 16. I was able to follow the cable from the switch to a closet in the small training room. When I removed the ceiling tiles I found 2 PCs hidden in the ceiling on 2 pieces of plywood.â
Authorities discovered that the illegal computers consisted of âcobbled togetherâ parts from the Marion Correctional Institution’s RET3 program. The program ârehabilitated inmatesâ by setting up a recycling program for both old PCs and PCs with new enough parts for use when combined with other computer parts.
Forensic reports from two separate forensic IT, teams examined the machines and found a host of incriminating evidence against the inmates responsible. For starters, access to the ODRC network allowed the creation of passes that have access to various restricted areas of the facility. That and team discovered that the rogue computer users accessed the DOC system and stole identities from the system’s collection of personal information on inmates and felons across the United States. The so-called âcomputer hackersâ successfully opened five credit cards under other the identities of other felons.
The second forensic team found additional information that indicated the group consists of at least one hacker. They found âa large hacker’s toolkit with numerous malicious tools for possible attacks. These malicious tools included password-cracking tools, virtual private network (VPN) tools, network enumeration tools, hand-crafted software, numerous proxy tools, and other software used for various types of malicious activity.”
Tor made an appearance as well; the team found âTor sites,â Tor exit nodes, various types of pornography, and extensive evidence on the hacking that occurred on the prisons network.
According to the report:
“Inmates appeared to have been conducting attacks against the ODRC network using proxy machines that were connected to the inmate and department networks. It appears the Departmental Offender Tracking System portal was attacked and inmate passes were created. Findings of bitcoin wallets, stripe accounts, bank accounts, and credit card accounts point toward possible identity fraud, along with other possible cybercrimes.”
Authorities tracked down five inmates responsible for the crime. In the United States prison system, word travels fast. If even a single entity outside the group of five knew of the venture, the odds of discovery increased tremendously. And if that one person slipped up and told anyone else, the would be over. In order for the crew to run an operation this size, strict discipline was beyond essential.
The Inspector General’s report not only explained the investigation, step-by-step, but also found correctional officers guilty of nearly as many infections as the inmates themselves. âWe will thoroughly review the reports and take any additional steps necessary to prevent these types of things from happening again,â the document explained in closing.