Tech savvy Ohio inmates hacked prison computer network to go snooping – report

Tech savvy Ohio inmates hacked prison computer network to go snooping – report
Two inmates at the Marion Correction Institutions hacked the prison computer network on two hidden computers and committed identify theft, tax fraud, and issued passes to visit other parts of the prison, according to An Ohio Inspector General’s report.

Forensic analysis on the computers two hard drives revealed inmates had access to password-cracking tools, virtual private network tools, and proxy tools.

The prison hackers used the tools to search for inmate information through the state’s Offender Tracking System, according to the report’s findings released on Tuesday.

The inmates submitted five credit card applications in the name of “Kyle Patrick,” an inmate, using his Social Security number and mailing address. The prisoners selected his name based on the length of his sentence.

Among the documents was a Bloomberg Business article on how a criminal with a valid Social Security number could commit tax refund fraud and have the refunds wired to debit cards. The investigation found that inmates were successful in only opening one credit card account but there were no details on whether the fraud took place.

Included with the cache was a textport conversation between one of the inmates and his mother, where the inmate, Adam Johnson, admitted to using the computer.

Also recovered was the issuance of passes for inmates to gain access to multiple areas within the prison, and unauthorized access to inmate records including disciplinary records, sentencing data and inmate locations.

The prisoners who planted the PCs “were unsupervised for extensive periods of time,” allowing them to hide the computers and run other wiring to connect to the prison’s computer network, the report said.

They also accessed web sites that included information on manufacturing drugs and homemade weapons. The hack came to light when employee Gene Brady received an alert about a former employee, whose user name and password had been lifted, attempting to bypass security controls.

The system set up by the inmates allowed them to access the prison network from any computer that prisoners were allowed to use as part of Ohio Penal Industries.

A search found two personal computers hidden on a plywood board in the ceiling above a closet in a training room connected to the prison’s network and not owned by the state.

The Ohio Department of Corrections told the office of Ohio Inspector General in August 2015 about the breech which prompted an investigation. During the investigation, inmate Adam Johnson, admitted he placed the two computers in the ceiling and acquired them from RET3, a company that collects outdate, or non-functioning computers from businesses, schools and organizations.

RET3 had a contract with the prison to use inmates to dissemble computers. The company donated 93 computers to the prison in 2013 to be used in the Lifeline program and the computer had a RET3 sticker on it.

Johnson told investigators the computers were built by another inmate. The inspector general called on the Department of Rehabilitation and Correction to determine if any employees should be disciplined, to tighten security over computers, prison Wi-Fi networks, and to ensure that all suspected crimes are reported to the appropriate authorities.

The report was sent to the Marion County prosecutor and Ohio Ethics Commission for review.

“We have already taken steps to address some areas of concern,” prisons spokeswoman JoEllen Smith told the Columbia Dispatch.

Smith said they've reviewed the reports and will take the necessary steps to prevent future hack attacks.

“It is of critical importance that we provide necessary safeguards in regards to the use of technology while still providing opportunities for offenders to participate in meaningful and rehabilitative programming,” added Smith.