The Internet is everywhere. The latest anecdotal evidence of this is a story of prison inmates that build their own computer and connected it to the internet. Back in 2015, prisoners at the Marion Correctional Institution in Ohio built two computers from discarded parts which they transported 1,100 feet through prison grounds (even passing a security checkpoint) before hiding them in the ceiling of a training room. The information has just been made public after the release of the Inspector General’s report (PDF). This report is fascinating and worth your time to read.
Prisoners managed to access the Ohio Department of Rehabilitation and Corrections network using login credentials of a retired prison employee who is currently working as a contract employee. The inmates plotted to steal the identity of another inmate and file tax returns under their name. They also gained access to internal records of other prisoners and checked out websites on how to manufacture drugs and DIY weapons, before prison officers were able to find the hidden computers. From the report:
The ODAS OIT analysis also revealed that malicious activity had been occurring within the ODRC inmate network. ODAS OIT reported, “…inmates appeared to have been conducting attacks against the ODRC network using proxy machines that were connected to the inmate and department networks.” Additionally, ODAS OIT reported, “It appears the Departmental Offender Tracking System (DOTS) portal was attacked and inmate passes were created. Findings of bitcoin wallets, stripe accounts, bank accounts, and credit card accounts point toward possible identity fraud, along with other possible cyber-crimes.”
The prisoners involved knew what they were doing. From the interview with the inmate it seems the computers were set up as a remote desktop bridge between internal computers they were allowed to use and the wider internet. They would use a computer on the inmate network and use a remote desktop to access the illicit computers. These were running Kali Linux and there’s a list of “malicious tools” found on the machines. It’s pretty much what you’d expect to find on a Kali install but the most amusing one listed in the report is “Hand-Crafted Software”.
This seems crazy, but prisoners have always been coming up with new ideas to get one over on the guards — like building DIY tattoo guns, When you have a lot of time on your hands and little responsibility, crazy ideas don’t seem so crazy after all.
Kevin Mitnick is that you?
No.
FREE KEVIN!!! HAHA Talking of Kevin he does pretty well for himself these days as a security consultant and public speaker. I think he was probably the first hacker to flip the coin and use their notoriety to get companies onside using his services. It just seems in the grand scheme of things Kevin was a misguided teen with a lot of talent but no other outlet than hacking.
Well if you count this guy as a paper based systems and social engineering type hacker, then he did it first… https://en.wikipedia.org/wiki/Frank_Abagnale
I’ll give you that, similar story, similar ages kind of a pattern to their behaviors don’t you think?
Well also Captain Crunch was fresh off probation when he was designing modems for Apple I think.
Captain crunch is in a bad way there is a fundraiser https://www.gofundme.com/crunch-medical-fund , Another legend of the social engineering hacking/phreaking scene.
Lol, I was thinking the same thing! Just read ghost in the wires two weeks ago.
kevin mitnick says: “networks I consult on are completely wardialer and port scanner proof”
Heh, as owner of his book “The art of Intrusion”, that was my first thought too
seemingly more impressive as the article rolls on….never expected kali to be tossed in this mix.
Yeah that’s a hack, and a crack.
Just as well they were petty criminals or things could have got a lot worse, like if they let outsiders into the networks via their machine.
I am kind of surprised as I grew up in Marion. The criminal element then didn’t tend to be so technosavvy. It’s been more than a decade since I lived there though, so maybe things change.
Probably not… it only took a few to do all of this. I suspect most inmates still can’t spell their names.
True most probably can’t but there are the smart ones who teach the dumb ones to be better criminals which is why US prisons are called crime universities.
Have done time. Can verify this claim. You learn A LOT in prison if you pay attention and try to distance yourself from the gang stuff. Still not fun most of the time though.
I am curious what would HADers would design as an ultimate net-enabled surreptitious prison communication machine.
I am thinking some sort of pi-zero or HDMI stick and probably plug in to a TV or something assuming they do not epoxy the ports though that is terrible form a getting caught perspective so maybe one of these tiny serial displays would work, we were able to BBS back in the day with similar resolutions. Maybe hide the thing inside an approved MP3 player or something and get creative with wiring. Obviously a phone is the best for most purposes but the RF appearing on some sort of snooping or Stingray on startup even if there is an app on the phone to shut the modem down down, and also phones worthy of getting online are big enough and obvious enough to get caught. If you cant do rockblock or other satellite comms maybe a SLIP piggybacked onto powerline or maybe IR requiring a converter unit jacked into the network somehow without advertising itself. From the article they got caught using net login on an off day, perhaps net cache updating on permitted days/times and then using the surrepitious wired/wireless to access the latest and best cache from a mobile device.
Not sure how much trouble power would be maybe you can just plug in, otherwise maybe inductive coupling to a power cables, AA batteries from the canteen, solar seems too big.
OTOH abandoning digital tech, maybe a tiny CW QRP rig and a stolen ham callsign are enough, though then there is the problem of a long enough antenna wire and access to string it out and keep it in place, maybe a few 10s of meters unspooled magnet wire.
The deal is any connection using any gadget you can keep hidden and working is better than none and hacking around the problem is a fun exercise.
It depends on what you want to use it for. A lot of the stuff loaded on their system was for identity theft.
I kind of get the clandestine communication and exploration of the local WAN. But they lost me at identity theft.
Even then what specific software enables ident theft, Gimp/Photoshop for faking ID cards?
I would imagine that is mostly browser based fraudulent requests for replacement documents etc.
I am far more interested in the clandestine communications angle and am quite happy to divorce from what is probably a MSFT based tower case sized fraud machine reality of this one case.
Much simpler. I have a JP4 tablet approved for prison use, courtesy of friend working for the manufacturer. It’s no racecar, but it’s capable enough to play media. There’s a couple buttons on the side and enough room inside to solder in a wireless module. A careful combination of button presses could switch to a Linux kernel on boot, or even get a recreation of the default firmware UI to run when a physical button is released, as a deadman switch.
Silly me, I immediately posted on Reddit looking for advice on how to repurpose it since I didn’t know what JTAG was back then. Until I deleted my Reddit account, I got messages every few months regarding the post and offering to buy the tablet. Sketchy.
Digital shivs.
heh… sharpen a pci edge connector
Just run at someone with one of those old mild steel beige cases sharp edges everywhere, nice slice up my thumb about 1,1/2″ long from one of them things fighting a tough molex connector.
Oh man, I remember those cases. My hands used to be covered in little slices from those stupid things.
What gang did the molex connector come from?
A model M is a 3d6 as a melee weapon. and has the HA, Holy Avenger attribute for an additional 1d6 against internet trolls.
I looted a Model M from a university lab catacomb. It’s imbued with darkness and enchanted with a Mouse of Nub.
http://www.mikecase.net/ModelM/Black-Model-M-Trackpoint.jpg
That’s got to be at least 4d6, with a passive Stun effect from the typing noise.
Another example of why I am pro chain gangs and work camps for criminals serving 5 or more years.
Give a criminal free time and free everything else, and you are just asking for trouble.
We’re veering off topic, but I would just throw out there that there’s a substantial difference between “keeping someone busy” and “grinding up their bodily machinery with hard physical labor,” as has been the historical meaning behind the practices you mention.
Well there’s a great solution to that, don’t break the law. The fact of the matter is that anything over 5 years these days is a felony. Not just any felony, but usually manslaughter or worse. These people do not deserve the kindness of a society they acted to destroy.
“Not just any felony, but usually manslaughter or worse. These people do not deserve the kindness of a society they acted to destroy.”
10 Rillington place, an infamous incident occurred there involving a sexually motivated psychopathic back-street coat-hanger abortionist killing someones wife and the deceased wife’s partner got mistakenly hung… Sometimes the “LAW” gets it fatally wrong!
I suppose.. at least you didn’t demand the return of hanging.
According to the Federal Bureau of Prisons (bop.gov) only 3.1% of inmates are incarcerated for Homicide, Aggravated Assault and kidnapping. 46.6% are in prison for Drug related offensives, and most of those are nonviolent.
@ Chris J: Add “nonviolent” identity theft and other white collar crime.
@ Chirs J the US justice system is good at turning non violent people into violent excons.
If anything it’s more an abortion of justice since it’s been hijacked by for profit interests and prosecutors looking to embellish their resume’s with teabag points.
I think “bop.gov” is the most amusing government URL I’ve ever seen.
Leaving aside the wrongly convicted who already don’t break the law, only about half of incarcerated felons are violent offenders of any kind, and 90% of those committed robbery or assault. So perhaps 5% of felons committed manslaughter or worse.
Reality is that in federal around 98% never experience a trial and the lawyer is only there to make a deal with the prosecutor. See https://en.wikipedia.org/wiki/Aaron_Swartz for just one example of normal overcharging intended to throw a whole pasta bowl of charges risking a major percentage of someones life for something like copying public domain information too quickly should the innocent be decidied guilty in a system where court is almost never the smartest option for the innocent who has been caught the gaze of the Eye of Sauron. 98% all it takes is the suspicion of a cop and prosecutor to send you to jail, better odds than even the tragic Nazi or Soviet ‘justice’ systems success rates at overcoming the objections of those suspected. Make no mistake this system is more about forwarding the careers of a few people than any notion of justice or even punishment.
Is it already Shitty Opinions Hour at Hackaday again?
Yep…. it’s getting quicker recentely.
All I can say to you is this.
https://www.youtube.com/watch?v=4feUSTS21-8
Having a bunch of convicts picking up litter, or some other scheme which gets things done for sod all cash is fine by me. Crime is not necessarily punished severly enough. But giving them all the crap that everyone else has to pay for is just adding salt to the wounds of victims.
mandatory death sentences for everything. its less cruel and unusual than putting people in an american prison.
We’re all doomed here on HAD!!!!!!
We all make a bit of DIY noise that could easily get us all arrested and hung (Independently by country) for public disorder (Noise pollution, section 60 public disorder I think it covers here in the UK).
It takes one grumpy neighbor to complain at 13:00 in the afternoon!
Please. My neighbor’s dog has been barking non-stop for the past 13 years. Every neighbor has complained, and police and animal control have been called several times. Nothing ever happens.
The successful criminal brain is always superior. It has to be
The successful criminal brain is seldom found in prison.
Some of us may have even voted for them. ;-)
Given the last election, you had a good chance no matter who you voted for.
+1 that comment.
It’s a quote from a scene in the Bond movie “Dr No.”
https://www.youtube.com/watch?v=rsT1bLR2sfM
Dr. No: [to Bond] Unfortunately, I misjudged you.
You are just a stupid policeman…
I was expecting “After the prisoners got the computers running, they studied HackaDay articles to learn how to break the security….”
Next time, it will be RPi One or a USB dongle type Linux system with WiFi that can be hidden in the usual prison hiding place. The prison method for recharging will be the real real triumph. HaD.io project to improve the world. A Linux computer that fits in a ‘plan’.
I was half expecting they were accessing their makeshift bridge via jailbroken iPhones.
Better yet, a google home. No need for a screen or keyboard. Just say “OK Google, is the coast clear?”
Alexia, open the prison doors!
Siri, call me a cab!
“RPi One or a USB dongle type Linux system with WiFi that can be hidden in the usual prison hiding place”
No dice, most prisons do regular cavity searches these days.
So are Kali Linux, TrueCrypt and OpenVPN now considered “malicious” software? The government will now ban them because “Linux = free = hacked = used by hackers = criminals → found in prison computers”.
They are pen test tools that can be used maliciously just as a knife is a tool for cutting but can be abused.
>So are Kali Linux, TrueCrypt and OpenVPN now considered “malicious” software?
of course TC is malicious, the NSA can’t look at your files. That’s why they killed it probably using a “national security letter”. No, i don’t have any proofs for this, but i’m convinced it’s the reality. :-/ As i said some time ago, today everybody that even just knows how to blink an LED with an Arduino is considered a dangerous hacker-terrorist-criminal. People have no clue about the real meaning of “hacker” and why such people are extremly important. Sad world.
[/rant]
The computer parts were pilfered from a Dept of Corrections computer recycling program run by a non profit I worked for in the past. I used to teach / train court community service guys/gals at the main location. While I’m not surprised these guys scrapped this kit together, it definitely took a guy with some savvy to get the net proxies up and running… for those knocking criminals and learning / rehabilitation programs, I have to say, I had a few students that never had great opportunities to learn the guts of computing…basically giving these guys a crash course A+ program and seeing them “get it” was pretty fulfilling…
I saw the report said they were trying to teach inmates how to recycle computer parts. Looks like they accomplished that a bit too well.
Parts. Time. Motivation.
They had everything needed.
i for one would not want to carry a raspberry pi in my rectum.
All those pins on it are bound to do some serious damage.
That moment you’re reading this and you realize it was in your random ass home town.
I love this story so much!
…. intelligence doesn’t get checked with your trial suit at the R&D when processing in to serve your sentence. I’ve met some of the brightest and most intelligent and creative thinkers yet while incarcerated. While Prisons are set up to mainly warehouse those our court system incarcerated for criminal activity, (some wrongly convicted) they often do their best to teach inmates to work and supply educational opportunities. I’ve seen what a work ethic and education can accomplish. Staff and Security are human also and when they lower their standards, violations in rules occur.
“…(some wrongly convicted) ”
Sounds like the A-team.
…or Tim Robbins
Concur. And appreciate how well you stated it.
I had to attend a disciplinary hearing for using a PC and printer to forge “ownership” documents for various commissary store items that required a “property slip” to verify ownership. A copy is also maintained by the prison when purchased legit but if you sale those items to other inmates which is against the rules then a forged document might get you by until they compare with the copy. here is a list of items to buy in Texas prisons. http://tdcj.state.tx.us/documents/finance/Commissary_Price_List_09-24-2014.pdf
MFW it’s cheaper to buy groceries after you’ve first tried stealing them… -_-
that makes absolutely no sense at all. That’s kinda like all these DWI billboards claiming you will lose your girlfriend….
Heck, if you play your cards right, you might even get a new girlfriend…
Play ’em wrong, and you might BECOME the girlfriend… >_<
No surprise here. I had a problem with my girlfriends kid hacking his computer (getting around the firewall, getting admin privileges, etc). I called his schools IT guy to find out what they do and he told me you can’t prevent this kind of problem. The only solution was to monitor the computers and if they violate the rules they lose computer privileges. Remember, if they have physical access to the computer there is no way to secure it. All the info you need is out on the Internet.
Would AI eventually be capable of doing the monitoring?
Yes but then the kids will use AI to defeat the AI. They won’t even need to be that smart.
How I know this is fake news: In America people without degrees can’t possibly have the skillset..
When you take into consideration the conditions where this was done, it has to rank as one of the all time great hacks.
Just found this article. Makes me laugh. I did the same shit while in Texas Dept. of Criminal Justice but in 1996-1998. Try to do that shit almost a decade before….LOL. Texas Prison Hack