Prisoners Hack Prison From Inside Prison


Prisoners Hack Prison! Sounds exciting right? This time it’s actually pretty entertaining with the prisoners managing to hack a prison network from INSIDE the prison using scavenged PC parts from a rehabilitation class.

Prisoners Hack Prison From Inside Prison

Some pretty resourceful guys managing to build 2 functional PCs from scrapped parts AND connect to the prison network AND try and hack their way out of the proxy.

We are impressed by prisoners in the US who built two personal computers from parts, hid them behind a plywood board in the ceiling of a closet, and then connected those computers to the Ohio Department of Rehabilitation and Correction’s (ODRC) network to engage in cyber shenanigans.

Compliment are less forthcoming from the State of Ohio’s Office of the Inspector General, which published its 50-page report [PDF] into this incident yesterday, following a lengthy investigation.

The Inspector General was alerted to the issue after ODRC’s IT team migrated the Marion Correctional Institution from Microsoft proxy servers to Websense. Shortly afterwards, on 3 July 2015, a Websense email alert reported to ODRC’s Operation Support Centre (OSC) that a computer operating on the network had exceeded a daily internet usage threshold. Further alerts, seven regarding “hacking” and 59 regarding “proxy avoidance”, reported that the user was committed to network mischief.

From there the search for the miscreant began, and once the log-in credentials used were found to be illicit, the ODRC’s IT employees attempted to find the unauthorised computer by locating the network switch it was connected into.


Judging from the way the scenario is described I’d assume (fairly safely) this is a low-security prison, probably THE lowest security AKA a white-collar prison.

There’s no way these kind of shenanigans could happen in a high-security facility. Plus whoever pulled this off is definitely tech-savvy so most likely a white-collar criminal rather than a violent murderer.

The computers were cobbled together from spare parts which prisoners had collected from Marion Correction Institution’s RET3, a programme that helped to rehabilitate prisoners by getting them to break down old PCs into component parts for recycling.

Forensic analysis of the computers completed by the Ohio Inspector General revealed that the users exploited their access to the ODRC’s systems to issue passes for inmates to gain access to multiple areas within the institution. They also used the Departmental Offender Tracking System to steal the personal information of another inmate and use those details to successfully apply for five credit cards.

Additional forensics by a more technical team reported finding “a large hacker’s toolkit with numerous malicious tools for possible attacks. These malicious tools included password-cracking tools, virtual private network tools (VPN), network enumeration tools, hand-crafted software, numerous proxy tools, and other software used for various types of malicious activity.”

In addition to the above, the forensics team found “self-signed certificates, Pidgin chat accounts, Tor sites, Tor geo exit nodes, ether soft, virtual phone, pornography, videos, VideoLan, and other various software” in addition to evidence that malicious activity had been occurring within the ODRC inmate network.

Some pretty advanced stuff going on there, delving into the darknet with Tor, self-signed SSL certs (probably trying to MiTM the proxy or something else on the network). Sounds like fun!

Apparently the 5 perps have been identified and split up, funs over boys.

Source: The Register

Posted in: Hacking News, Legal Issues


Latest Posts:


truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.


Comments are closed.