Ohio inmates at a medium-security prison assembled two functioning computers together in secret to connect to the network, according to the Ohio Office of the Inspector General. The computers, which were hidden in the ceiling, were connected to the Marion Correctional Institutions network and loaded with pornography, a Windows proxy server, VPN, VOIP and anti-virus software, the Tor browser, tools for hacking and email spamming, and Wireshark — an open-source packet analyzer. Five inmates were implicated in the event, which took place in 2015, and transferred to other facilities.
Image courtesy of Ohio Office of the Inspector General.
The report indicates that the inmates acquired the parts from a computer skills and electronics recycling program at the prison. They were caught when the IT department was alerted to a connected device using a contractor’s stolen credentials that had exceeded a daily internet usage threshold. The inmates hid the functional computers for approximately four months before they were discovered in an area off-limits to inmates above a training room closet. The search for them took three weeks, ending when authorities traced cable from a networking switch.
The computers were analyzed and found loaded with malicious software and questionable search history, including tax-refund fraud, inmate records, prison access, and homemade drugs, plastics, and explosives. Inmates also used the computer to apply for credit cards and call or text home.
According to the report, the inmates took two computers that should have been disassembled and placed hard drives in them. Then they installed a network card and transported them across the prison in secret, managing to hide them across a security checkpoint. The inmates also managed to hide a series of wire, cable, and power cords, allowing the devices to connect to the prison network. The inmates said that they were able to complete the computes due to lax security.
“Inmates were allowed unsupervised access to computers and computer parts,” the report concluded. “Inmates were allowed unsupervised access to vast areas of the institution and unsupervised time to build, transport, run computer cables, and hide the computers in the ceiling. Investigators determined [that] prisoners took advantage of the freedoms, programs, and lax security standards at MCI.”
“It surprised me that the inmates had the ability to not only connect these computers to the state’s network but had the ability to build these computers,” Ohio Inspector General, Randall J. Meyer, told ABC6. “They were able to travel through the institution more than 1,100 feet without being checked by security through several checkpoints, and not a single corrections staff member stopped them from transporting these computers into the administrative portion of the building. It’s almost as if it’s an episode of Hogan’s Heroes.”
Following the event, the Ohio Department of Rehabilitation and Correction said that it had taken steps to address some areas of concern. The department noted that the reports will be thoroughly reviewed and any additional steps necessary to prevent this type of activity will be taken.
Sources: Ohio Office of the Inspector General, Ars Technica, Abc6
Learn more about Electronic Products Magazine