Five prisoners built two computers from recycled parts and hacked into the prison’s network

Posted on Posted in 2017 Business Opportunities For You, What's Trending Now

 

Five inmates from the Marion Correctional Institution (MCI) built two computers from spare parts, hid them in the ceiling of a training room closet, and used them to hack into the prison’s network.
 
Their actions were discovered in July 2015 (but the case has only just been made public), when the prison’s IT staff switched internal proxy servers from Microsoft to WebSense (now part of Forcepoint). These servers, designed to monitor and report suspicious traffic, immediately started reporting issues.

 

Local Marketing Hack 300 x 300

 

In the beginning, MCI admins received reports that the user account, belonging to a prison contractor, was exceeding daily traffic quotas. While other employees had also surpassed their daily traffic threshold, the problem was that these reports were coming in the days when that employee was off duty.
 
Things got weirder a few days later when admins received reports that the same employee was attempting to avoid the traffic monitoring proxies.
 
At this point, the prison’s IT staff decided to investigate further. Their suspicion that something was wrong was confirmed moments later when they traced back the traffic to a computer with the name “-lab9-“, a name inconsistent with the prison’s internal computer naming scheme. The prison staff started an investigation and tracked suspicious network traffic to port 16 of a switch located in the prison’s P3 training room.

Network hub located in MCI Training Room P3

When they got to the switch, IT staffers followed the network cable plugged into port 16 to a nearby closet, and up into the ceiling. Removing the ceiling tiles, prison employees found two fully-working computers, placed on two pieces of plywood.
 

Location in ceiling where the computers were found.

According to a report released this week by the Ohio Department of Rehabilitation and Correction’s (ODRC), the agency says it identified the five prisoners who built the PCs. The five inmates managed to build their two PCs because they were part of the prison’s Green Initiative program where they worked in trash management and electronics recycling.
 
A forensic analysis of the hard drives found in the two PCs found legitimate software, hacking tools, and traces of illegal activities. According to the Office of the Ohio Inspector General, the two hard drives contained:
• Searches of inmate information through the ODRC Departmental Offender Tracking System (DOTS).
• Accessing of inmate data via DOTS.
• The issuance of passes for inmates to gain access to multiple areas within MCI.
• A Bloomberg Business article on tax refund fraud.
• Submissions of five credit card applications in the name of other inmates (data they obtained from DOTS).
• Conversations with family members.
CC Proxy – a proxy server for Windows.
Cain – hacking tool for password recovery.
Zed Attack Proxy (ZAP) – vulnerability scanner.
Wireshark – network traffic packet analyzer.
NMap – network mapping and security auditing tool.
ZenMap – security scanner and GUI for NMap.
Webslayer – hacking tool for launching brute-force attacks
JanaServer – multi-platform proxy server.
Yoshi – email spamming tool.
AdvOr Tor Browser – a variation of the Tor Browser.
THC Hydra – password cracking tool.
Cavin – editor for encrypting and decrypting text.
Paros – Java-based proxy server and MitM tool.
3CXVoip Phone – free VOIP tool for Windows.
VirtualBox – virtual machine software with Kali Linux installed.
TrueCrypt – full-disk encryption tool.
CC Cleaner – tool for system optimization, privacy, and cleaning.
VideoLan – multimedia player
Clamwin – antivirus
phpBB – open-source forum software
SoftEther VPN
OpenVPN
Custom-crafted software
 
According to investigators, the inmates used these tools to capture network traffic, move laterally in the prison’s network, crack passwords for active user accounts, and use these accounts to access the prison’s network. They used this access to collect personal information for other inmates, apply for credit cards in the names of other inmates, and issued passes for other inmates.
 
Following the discovery of these tools and the inmates’ actions, the ODRC moved the suspects to other institutions in November 2015.
 
The Office of the Ohio Inspector General also found that MCI staffers were also at fault. First, for failing to supervise inmates (who built two frickin’ computers while in prison), and second, for failure to force employees to change passwords every 90 days.
 
The findings from this investigation have been forwarded to the Marion County Prosecutor’s Office and the Ohio Ethics Commission for consideration of any punishments.

 
 
 

Leave a Reply

Your email address will not be published. Required fields are marked *