US’s IT infrastructure is full of cracks and is so vulnerable that five inmates from an Ohio rehabilitation center managed to hack into the states network using two computers made from spare parts.
The prisoners build and hid them behind a plywood board in the ceiling of a closet, and then connected those computers to the Ohio Department of Rehabilitation and Correction’s (ODRC) network to engage in cybercrime.
The Inspector General was alerted to the issue after ODRC’s IT team migrated the Marion Correctional Institution from Microsoft proxy servers to Websense. Shortly afterwards, on 3 July 2015, a Websense email alert reported to ODRC’s Operation Support Center (OSC) that a computer operating on the network had exceeded a daily internet usage threshold.
Further alerts showed seven regarding “hacking” and 59 regarding “proxy avoidance,” reported that the user was committed to network mischief.
From there the search for the miscreant began, and once the login credentials used were found to be be illicit, the ODRC’s IT employees attempted to find the unauthorised computer by locating the network switch it was connected into.
The computers were put together from spare parts which prisoners had collected from Marion Correction Institution’s RET3, a program that helped to rehabilitate prisoners by getting them to break down old PCs into component parts for recycling.
The investigation results revealed that the computers users exploited their access to the ODRC’s systems to issue passes for inmates to gain access to multiple areas within the institution. They also used the Departmental Offender Tracking System to steal the personal information of another inmate and use those details to successfully apply for five credit cards.
Additional forensics by a more technical team reported finding “a large hacker’s toolkit with numerous malicious tools for possible attacks. These malicious tools included password-cracking tools, virtual private network (VPN) tools, network enumeration tools, hand-crafted software, numerous proxy tools, and other software used for various types of malicious activity.”
In addition to the above, the forensics team found “self-signed certificates, Pidgin chat accounts, Tor sites, Tor geo exit nodes, ether soft, virtual phone, pornography, videos, VideoLan, and other various software,” in addition to evidence that malicious activity had been occurring within the ODRC inmate network.
Ultimately, five inmates were identified as being involved with the hidden computers, and have been separated and moved to other correctional facilities.
Now the ODRC have already taken steps to address some areas of concern. They will thoroughly review the reports and take any additional steps necessary to prevent these types of things from happening again.