Prisoners Build DIY Computers and Hack Prison Network

The Internet is everywhere. The latest anecdotal evidence of this is a story of prison inmates that build their own computer and connected it to the internet. Back in 2015, prisoners at the Marion Correctional Institution in Ohio built two computers from discarded parts which they transported 1,100 feet through prison grounds (even passing a security checkpoint) before hiding them in the ceiling of a training room. The information has just been made public after the release of the Inspector General’s report (PDF). This report is fascinating and worth your time to read.

This Ethernet router was located in a training room in the prison. Physical access is everything in computer security.

Prisoners managed to access the Ohio Department of Rehabilitation and Corrections network using login credentials of a retired prison employee who is currently working as a contract employee. The inmates plotted to steal the identity of another inmate and file tax returns under their name. They also gained access to internal records of other prisoners and checked out websites on how to manufacture drugs and DIY weapons, before prison officers were able to find the hidden computers. From the report:

The ODAS OIT analysis also revealed that malicious activity had been occurring within the ODRC inmate network. ODAS OIT reported, “…inmates appeared to have been conducting attacks against the ODRC network using proxy machines that were connected to the inmate and department networks.” Additionally, ODAS OIT reported, “It appears the Departmental Offender Tracking System (DOTS) portal was attacked and inmate passes were created. Findings of bitcoin wallets, stripe accounts, bank accounts, and credit card accounts point toward possible identity fraud, along with other possible cyber-crimes.”

The prisoners involved knew what they were doing. From the interview with the inmate it seems the computers were set up as a remote desktop bridge between internal computers they were allowed to use and the wider internet. They would use a computer on the inmate network and use a remote desktop to access the illicit computers. These were running Kali Linux and there’s a list of “malicious tools” found on the machines. It’s pretty much what you’d expect to find on a Kali install but the most amusing one listed in the report is “Hand-Crafted Software”.

This seems crazy, but prisoners have always been coming up with new ideas to get one over on the guards — like building DIY tattoo guns, When you have a lot of time on your hands and little responsibility, crazy ideas don’t seem so crazy after all.

Q Has Nothing on Naomi Wu

We’re not so much fans of James Bond as we are of Q, the hacker who supplies him with such wonderful things. There is a challenger to Q’s crown, [Naomi Wu] — code name [SexyCyborg] — built an epic gadget called the Pi Palette which hides a Linux laptop inside of a cosmetics case.

You can see the covert mode of the Pi Palette below. It resembles a clamshell cosmetics case with the makeup and applicator in the base and a mirror on the underside of the flip-up lid. The mirror hides an LCD screen in the portrait orientation, as well as a Raspberry Pi 3 running Kali Linux.

The base of the case includes a portable battery beneath the wireless keyboard/touchpad — both of which are revealed when the cosmetics tray is removed. An inductive charger is connected to the battery and [Naomi] built a base station which the Pi Palette sits in for wireless charging.

She envisions this as a covert penetration testing. For that, the Pi Palette needs the ability to put the WiFi dongle into promiscuous mode. She wired in a dual dip-switch package and really went the extra mile to design it into the case. The fit and finish of that switch is just one tiny detail the illustrates the care taken with the entire project. With such a beautiful final project it’s no wonder she took to the streets to show it off. Check that out, as well as the build process, in the video after the break.

Continue reading “Q Has Nothing on Naomi Wu”

Why Aren’t We Arguing More about Mr Robot?

Editor’s note: Thar be spoilers below.

Showing any sort of ‘hacking’ on either the big screen or the small often ends in complete, abject failure. You only need to look at Hackers with its rollerblading PowerBooks, Independance Day where the aliens are also inexplicably using PowerBooks, or even the likes of Lawnmower Man with a VR sex scene we keep waiting for Oculus to introduce. By design, Mr Robot, a series that ended its first season on USA a month ago, bucks this trend. It does depressed, hoodie-wearing, opioid-dependant hackers right, while still managing to incorporate some interesting tidbits from the world of people who call themselves hackers.

Desktop Environments

In episode 0 of Mr Robot, we’re introduced to our hiro protagonist [Elliot], played by [Rami Malek], a tech at the security firm AllSafe. We are also introduced to the show’s Macbeth, [Tyrell Wellick], played by Martin Wallström]. When these characters are introduced to each other, [Tyrell] notices [Elliot] is using the Gnome desktop on his work computer while [Tyrell] says he’s, “actually on KDE myself. I know [Gnome] is supposed to be better, but you know what they say, old habits, they die hard.”

[Elliot], running Kali with Gnome
[Elliot], running Kali with Gnome
While this short exchange would appear to most as two techies talking shop, this is a scene with a surprisingly deep interpretation. Back in the 90s, when I didn’t care if kids stayed off my lawn or not, there was a great desktop environment war in the land of Linux. KDE was not free, it was claimed by the knights of GNU, and this resulted in the creation of the Gnome.

Subtle, yes, but in one short interaction between [Elliot] and [Tyrell], we see exactly where each is coming from. [Elliot] stands for freedom of software and of mind, [Tyrell] is simply toeing the company line. It’s been fifteen years since message boards have blown up over the Free Software Foundation’s concerns over KDE, but the sentiment is there.

Biohacking

There’s far more to a hacker ethos than having preferred Linux desktop environments. Hacking is everywhere, and this also includes biohacking, In the case of one Mr Robot character, this means genetic engineering.

In one episode of Mr Robot, the character Romero temporarily gives up his power in front of a keyboard and turns his mind to genetics. He “…figured out how to insert THC’s genetic information code into yeast cells.” Purely from a legal standpoint, this is an interesting situation; weed is illegal, yeast is not, and the possibilities for production are enormous. Yeast only requires simple sugars to divide and grow in a test tube, marijuana actually requires a lot of resources and an experienced staff to produce a good crop.

Life imitates art, but sometimes the reverse is true. Just a few weeks after this episode aired, researchers at  Hyasynth Bio announced they had genetically modified yeast cells to produce THC and cannabidiol.

The promise of simply genetically modifying yeast to produce THC is intriguing; a successful yeast-based grow room could outproduce any plant-based operation, with the only input being sugar. Alas, the reality of the situation isn’t quite that simple. Researchers at Hyasynth Bio have only engineered yeast to turn certain chemical precursors into THC. Making THC from yeast isn’t yet as simple as home brewing an IPA, but it’s getting close, and a great example of how Mr Robot is tapping into hacking, both new and old.

Why Aren’t We Arguing More About This?

The more we ruminate on this show, the more there is to enjoy about it. It’s the subtle background that’s the most fun; the ceiling of the chapel as it were. We’re thinking of turning out a series of posts that works through all the little delights that you might have missed. For those who watched and love the series, what do you think? Perhaps there are other shows worthy of this hacker drill-down, but we haven’t found them yet.