Inmates build secret PCs, commit fraud from jail
Prisoners assembled secret PCs using recycling scheme components, hacked prison network, applied for credit cards
Inmates in an Ohio prison have been caught using two improvised PCs to hack the institution's network and commit numerous offences, including identity theft and credit card fraud.
The two main culprits, named as inmates Adam Johnston and Steven Spriggs, assembled two PCs from components that they had stolen from a PC recycling scheme run at the Marion Correctional Institution.
The PCs were then hidden in the ceiling of a cupboard in a training room.
The prisoners had then been able to access the prison's own network, using password and login details stole by ‘shoulder surfing' an ex-prison training officer, who was now a civilian employee of the recycling scheme.
The illicit PCs were used extensively to access prisoner records and location data, and to issue passes for inmates to be able to enter other parts of the prison.
Adam Johnston also used the PCs to steal another prisoner's personal data from the Ohio Department of Rehabilitation and Correction's (ODRC) network and prisoner admin systems, and used that data to successfully apply for a number of credit cards.
The PCs were found to be loaded with hacking tools including password crackers, VPN tools, proxy software, as well as communications software. The PCs also held bitcoin wallets, stripe accounts, bank accounts, and credit card accounts. Johnston had also been researching tax fraud methods that he could have implemented while still in jail.
In addition, the PCs were also used to download music, TV and movies, and pornographic videos, which another prisoner would sell on to other inmates, transferring files via a thumb drive.
Prison staff found the PC's hidden in a cupboard in a training room, after an investigation prompted by network alerts of unusual traffic and activity on the network. Officers were able to identify the switch where the illicit activity was coming from, and then followed a cable which led to the concealed compartment in the top of the cupboard.
The hack was discovered in August 2015, although details only just released in a report from State of Ohio inspectors. The two prisoners, along with three others implicated in the scheme, were moved to other institutions, although it was not disclosed if they had been subject to any other punishment.