Prisoners Build DIY Computers and Hack Prison Network

The Internet is everywhere. The latest anecdotal evidence of this is a story of prison inmates that build their own computer and connected it to the internet. Back in 2015, prisoners at the Marion Correctional Institution in Ohio built two computers from discarded parts which they transported 1,100 feet through prison grounds (even passing a security checkpoint) before hiding them in the ceiling of a training room. The information has just been made public after the release of the Inspector General’s report (PDF). This report is fascinating and worth your time to read.

This Ethernet router was located in a training room in the prison. Physical access is everything in computer security.

Prisoners managed to access the Ohio Department of Rehabilitation and Corrections network using login credentials of a retired prison employee who is currently working as a contract employee. The inmates plotted to steal the identity of another inmate and file tax returns under their name. They also gained access to internal records of other prisoners and checked out websites on how to manufacture drugs and DIY weapons, before prison officers were able to find the hidden computers. From the report:

The ODAS OIT analysis also revealed that malicious activity had been occurring within the ODRC inmate network. ODAS OIT reported, “…inmates appeared to have been conducting attacks against the ODRC network using proxy machines that were connected to the inmate and department networks.” Additionally, ODAS OIT reported, “It appears the Departmental Offender Tracking System (DOTS) portal was attacked and inmate passes were created. Findings of bitcoin wallets, stripe accounts, bank accounts, and credit card accounts point toward possible identity fraud, along with other possible cyber-crimes.”

The prisoners involved knew what they were doing. From the interview with the inmate it seems the computers were set up as a remote desktop bridge between internal computers they were allowed to use and the wider internet. They would use a computer on the inmate network and use a remote desktop to access the illicit computers. These were running Kali Linux and there’s a list of “malicious tools” found on the machines. It’s pretty much what you’d expect to find on a Kali install but the most amusing one listed in the report is “Hand-Crafted Software”.

This seems crazy, but prisoners have always been coming up with new ideas to get one over on the guards — like building DIY tattoo guns, When you have a lot of time on your hands and little responsibility, crazy ideas don’t seem so crazy after all.

79 thoughts on “Prisoners Build DIY Computers and Hack Prison Network

    1. FREE KEVIN!!! HAHA Talking of Kevin he does pretty well for himself these days as a security consultant and public speaker. I think he was probably the first hacker to flip the coin and use their notoriety to get companies onside using his services. It just seems in the grand scheme of things Kevin was a misguided teen with a lot of talent but no other outlet than hacking.

  1. Yeah that’s a hack, and a crack.

    Just as well they were petty criminals or things could have got a lot worse, like if they let outsiders into the networks via their machine.

  2. I am kind of surprised as I grew up in Marion. The criminal element then didn’t tend to be so technosavvy. It’s been more than a decade since I lived there though, so maybe things change.

  3. I am curious what would HADers would design as an ultimate net-enabled surreptitious prison communication machine.
    I am thinking some sort of pi-zero or HDMI stick and probably plug in to a TV or something assuming they do not epoxy the ports though that is terrible form a getting caught perspective so maybe one of these tiny serial displays would work, we were able to BBS back in the day with similar resolutions. Maybe hide the thing inside an approved MP3 player or something and get creative with wiring. Obviously a phone is the best for most purposes but the RF appearing on some sort of snooping or Stingray on startup even if there is an app on the phone to shut the modem down down, and also phones worthy of getting online are big enough and obvious enough to get caught. If you cant do rockblock or other satellite comms maybe a SLIP piggybacked onto powerline or maybe IR requiring a converter unit jacked into the network somehow without advertising itself. From the article they got caught using net login on an off day, perhaps net cache updating on permitted days/times and then using the surrepitious wired/wireless to access the latest and best cache from a mobile device.
    Not sure how much trouble power would be maybe you can just plug in, otherwise maybe inductive coupling to a power cables, AA batteries from the canteen, solar seems too big.

    OTOH abandoning digital tech, maybe a tiny CW QRP rig and a stolen ham callsign are enough, though then there is the problem of a long enough antenna wire and access to string it out and keep it in place, maybe a few 10s of meters unspooled magnet wire.

    The deal is any connection using any gadget you can keep hidden and working is better than none and hacking around the problem is a fun exercise.

    1. It depends on what you want to use it for. A lot of the stuff loaded on their system was for identity theft.
      I kind of get the clandestine communication and exploration of the local WAN. But they lost me at identity theft.

      1. Even then what specific software enables ident theft, Gimp/Photoshop for faking ID cards?
        I would imagine that is mostly browser based fraudulent requests for replacement documents etc.
        I am far more interested in the clandestine communications angle and am quite happy to divorce from what is probably a MSFT based tower case sized fraud machine reality of this one case.

    2. Much simpler. I have a JP4 tablet approved for prison use, courtesy of friend working for the manufacturer. It’s no racecar, but it’s capable enough to play media. There’s a couple buttons on the side and enough room inside to solder in a wireless module. A careful combination of button presses could switch to a Linux kernel on boot, or even get a recreation of the default firmware UI to run when a physical button is released, as a deadman switch.

      Silly me, I immediately posted on Reddit looking for advice on how to repurpose it since I didn’t know what JTAG was back then. Until I deleted my Reddit account, I got messages every few months regarding the post and offering to buy the tablet. Sketchy.

        1. I looted a Model M from a university lab catacomb. It’s imbued with darkness and enchanted with a Mouse of Nub.

          That’s got to be at least 4d6, with a passive Stun effect from the typing noise.

  4. Another example of why I am pro chain gangs and work camps for criminals serving 5 or more years.

    Give a criminal free time and free everything else, and you are just asking for trouble.

    1. We’re veering off topic, but I would just throw out there that there’s a substantial difference between “keeping someone busy” and “grinding up their bodily machinery with hard physical labor,” as has been the historical meaning behind the practices you mention.

      1. Well there’s a great solution to that, don’t break the law. The fact of the matter is that anything over 5 years these days is a felony. Not just any felony, but usually manslaughter or worse. These people do not deserve the kindness of a society they acted to destroy.

        1. “Not just any felony, but usually manslaughter or worse. These people do not deserve the kindness of a society they acted to destroy.”

          10 Rillington place, an infamous incident occurred there involving a sexually motivated psychopathic back-street coat-hanger abortionist killing someones wife and the deceased wife’s partner got mistakenly hung… Sometimes the “LAW” gets it fatally wrong!

          I suppose.. at least you didn’t demand the return of hanging.

          1. According to the Federal Bureau of Prisons (bop.gov) only 3.1% of inmates are incarcerated for Homicide, Aggravated Assault and kidnapping. 46.6% are in prison for Drug related offensives, and most of those are nonviolent.

          2. @ Chirs J the US justice system is good at turning non violent people into violent excons.
            If anything it’s more an abortion of justice since it’s been hijacked by for profit interests and prosecutors looking to embellish their resume’s with teabag points.

        2. Leaving aside the wrongly convicted who already don’t break the law, only about half of incarcerated felons are violent offenders of any kind, and 90% of those committed robbery or assault. So perhaps 5% of felons committed manslaughter or worse.

          1. Reality is that in federal around 98% never experience a trial and the lawyer is only there to make a deal with the prosecutor. See https://en.wikipedia.org/wiki/Aaron_Swartz for just one example of normal overcharging intended to throw a whole pasta bowl of charges risking a major percentage of someones life for something like copying public domain information too quickly should the innocent be decidied guilty in a system where court is almost never the smartest option for the innocent who has been caught the gaze of the Eye of Sauron. 98% all it takes is the suspicion of a cop and prosecutor to send you to jail, better odds than even the tragic Nazi or Soviet ‘justice’ systems success rates at overcoming the objections of those suspected. Make no mistake this system is more about forwarding the careers of a few people than any notion of justice or even punishment.

      2. Having a bunch of convicts picking up litter, or some other scheme which gets things done for sod all cash is fine by me. Crime is not necessarily punished severly enough. But giving them all the crap that everyone else has to pay for is just adding salt to the wounds of victims.

        1. Please. My neighbor’s dog has been barking non-stop for the past 13 years. Every neighbor has complained, and police and animal control have been called several times. Nothing ever happens.

  5. I was expecting “After the prisoners got the computers running, they studied HackaDay articles to learn how to break the security….”

    Next time, it will be RPi One or a USB dongle type Linux system with WiFi that can be hidden in the usual prison hiding place. The prison method for recharging will be the real real triumph. HaD.io project to improve the world. A Linux computer that fits in a ‘plan’.

    1. “RPi One or a USB dongle type Linux system with WiFi that can be hidden in the usual prison hiding place”

      No dice, most prisons do regular cavity searches these days.

  6. So are Kali Linux, TrueCrypt and OpenVPN now considered “malicious” software? The government will now ban them because “Linux = free = hacked = used by hackers = criminals → found in prison computers”.

    1. >So are Kali Linux, TrueCrypt and OpenVPN now considered “malicious” software?
      of course TC is malicious, the NSA can’t look at your files. That’s why they killed it probably using a “national security letter”. No, i don’t have any proofs for this, but i’m convinced it’s the reality. :-/ As i said some time ago, today everybody that even just knows how to blink an LED with an Arduino is considered a dangerous hacker-terrorist-criminal. People have no clue about the real meaning of “hacker” and why such people are extremly important. Sad world.
      [/rant]

  7. The computer parts were pilfered from a Dept of Corrections computer recycling program run by a non profit I worked for in the past. I used to teach / train court community service guys/gals at the main location. While I’m not surprised these guys scrapped this kit together, it definitely took a guy with some savvy to get the net proxies up and running… for those knocking criminals and learning / rehabilitation programs, I have to say, I had a few students that never had great opportunities to learn the guts of computing…basically giving these guys a crash course A+ program and seeing them “get it” was pretty fulfilling…

  8. …. intelligence doesn’t get checked with your trial suit at the R&D when processing in to serve your sentence. I’ve met some of the brightest and most intelligent and creative thinkers yet while incarcerated. While Prisons are set up to mainly warehouse those our court system incarcerated for criminal activity, (some wrongly convicted) they often do their best to teach inmates to work and supply educational opportunities. I’ve seen what a work ethic and education can accomplish. Staff and Security are human also and when they lower their standards, violations in rules occur.

  9. I had to attend a disciplinary hearing for using a PC and printer to forge “ownership” documents for various commissary store items that required a “property slip” to verify ownership. A copy is also maintained by the prison when purchased legit but if you sale those items to other inmates which is against the rules then a forged document might get you by until they compare with the copy. here is a list of items to buy in Texas prisons. http://tdcj.state.tx.us/documents/finance/Commissary_Price_List_09-24-2014.pdf

  10. No surprise here. I had a problem with my girlfriends kid hacking his computer (getting around the firewall, getting admin privileges, etc). I called his schools IT guy to find out what they do and he told me you can’t prevent this kind of problem. The only solution was to monitor the computers and if they violate the rules they lose computer privileges. Remember, if they have physical access to the computer there is no way to secure it. All the info you need is out on the Internet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s