Ohio Inspector General has reported that two of the Marion Correction Institution inmates have managed to hack prison’s computer network and commit series of crimes. The inmates used two hidden computers, and committed tax fraud, identity theft, and even managed to issue passes for visiting other parts of the prison.
After the investigation was conducted, it was discovered that the inmates managed to get access to VPN tools, proxy tools, and even password-cracking tools. Through the use of these tools, they hacked the state’s Offender Tracking System and used it to search for inmate information.
— FairTaxNancy (@SameOldNancy) April 12, 2017
Five credit card applications were submitted during the inmates’ hack. The name that they used for credit cards was “Kyle Patrick”, which is the name of one of the inmates. His mail address and Social Security number were used, and the prisoners have, apparently, chose his name because of the length of his sentence.
It would seem that the criminals were inspired to try this after reading an article on how criminals with valid Social Security could, theoretically, commit tax refund fraud. Upon further investigation, it’s been discovered that they actually managed to open one card, but there’s no information about whether or not the fraud was made.
Investigators have also discovered a conversation between Adam Johnson (one of the inmates), and his mother, in which Johnson admitted that he used the computer.
— RT America (@RT_America) March 27, 2017
It was discovered that the inmates issued passes that would help them gain access to other parts of the prison, including access to the inmate records. This includes sentencing data, inmate locations, and also disciplinary records.
The prisoners have, apparently, been unsupervised for a certain period of time, and on several occasions, which allowed them to run wiring, hide the computers and successfully connect to the prison’s network. After this, they’ve accessed several sites, among which were the ones with information on how to create homemade weapons and manufacture drugs. The hack was discovered when one of the employees received an alert about one of his former colleagues, whose online credentials were stolen, and who was, apparently, trying to bypass security controls.
The wiring was done in a way that allowed them access to prison network from any computer that they were allowed to use. Also, two personal computers were discovered hidden in a training room. The prisoner, Adam Johnson, admitted ownership and planting of both computers, which he acquired from a company called RET3, that collects old, non-functioning computers.
— RT America (@RT_America) February 16, 2017
The company had a contract with the prison, and it used inmates for dissembling old computers. They also donated over 90 computers to the prison back in 2013. Computers that the inmates used in a hack were assembled by another inmate. The Department of Rehabilitation and Correction was called to determine if employees are in need of being disciplined, in order to tighten the prison’s security.
The report about the situation was sent for reviewing to the Marion County prosecutor and Ohio Ethics Commission.
For now, the reports are being reviewed, and steps will be taken to prevent similar incidents in the future.