Five prisoners in the United States managed to build two personal computers from parts hidden behind a plywood board in the ceiling of a closet of their detention center. The prisoners connected the PC’s to the Ohio Department of Rehabilitation and Correction’s (ODRC) network and abused their new found powers.
The actions by the prisoners caused the State of Ohio’s Office of the Inspector General to publish a 50-page report [PDF] about their investigations into the incident this week.
Ohio Inspector General forensic analysis determined the prisoners issued passes for inmates to gain access to multiple areas within the institution, and used the Departmental Offender Tracking System to steal the personal information of an inmate and apply for five credit cards.
Forensics also found “a large hacker’s toolkit with numerous malicious tools for possible attacks. These malicious tools included password-cracking tools, virtual private network (VPN) tools, network enumeration tools, hand-crafted software, numerous proxy tools, and other software used for various types of malicious activity.”
The prisoners had “self-signed certificates, Pidgin chat accounts, Tor sites, Tor geo exit nodes, ether soft, virtual phone, pornography, videos, VideoLan, and other various software.”
A ODRC technical team reports: “Inmates appeared to have been conducting attacks against the ODRC network using proxy machines that were connected to the inmate and department networks. It appears the Departmental Offender Tracking System portal was attacked and inmate passes were created. Findings of bitcoin wallets, stripe accounts, bank accounts, and credit card accounts point toward possible identity fraud, along with other possible cybercrimes.”
The Ohio Inspector General was tipped off to the actions of the prisoners after the ODRC IT team moved the Marion Correctional Institution from Microsoft proxy servers to Websense.
On July 3, 2015, Websense sent an email alert reporting that a computer on the ODRC network had exceeded daily internet usage threshold. More alerts were forthcoming, warning of “hacking” and 59 regarding “proxy avoidance.”
So, ODRC investigated. The login credentials by the computer were found to be illicit and a search for the computer itself ensued. The computer was found when ODRC employees identified the network switch the PC’s were connected into.
“I was following up on information received from OSC IT department,” an incident report stated. “I had been told there was a PC on our network that was being used to try and hack through the proxy servers. They narrowed the search area down to the switch in P3 and the PC was connected to port 16. I was able to follow the cable from the switch to a closet in the small training room. When I removed the ceiling tiles I found 2 PCs hidden in the ceiling on 2 pieces of plywood.”
The prisoners had gathered the computer parts from Marion’s Correction Institution’s RET3 program, which helps to rehabilitate prisoners by putting them to work breaking PCs into component parts so they can be recycled.
Five inmates were involved, and have since been separated in other correctional facilities, as detailed by the Inspector General report.
ODRC appreciates “the time the Inspector General’s office has taken to conduct these investigations and we have already taken steps to address some areas of concern. We will thoroughly review the reports and take any additional steps necessary to prevent these types of things from happening again.”
It added: “It is of critical importance that we provide necessary safeguards in regards to the use of technology while still providing opportunities for offenders to participate in meaningful and rehabilitative programming.”