Ohio Inspector General / Via watchdog.ohio.gov
Two Ohio inmates built computers from discarded parts, hacked the prison network, and wreaked cyber havoc for months before staff found the devices hidden in a closet ceiling, according to the state's government watch dog.
After a lengthy investigation released Tuesday, the state's inspector general said the prisoners at Marion Correctional Institution stole another inmate's identity to apply for credit cards and a planned tax fraud scheme, downloaded porn, read articles on how to manufacture drugs and weapons, and made passes to access unauthorized areas of the prison, along with a litany of other activities.
Investigators concluded officials at the correctional facility, which houses about 2,500 medium-security prisoners, left inmates unsupervised for long periods of time, enabling the pair to commit crimes online from the prison's own network.
Ohio Department of Rehabilitation and Correction support staff first noticed something was awry on July 3, 2015, after receiving an email alert that a computer had exceed its internet threshold. Further alerts flagged that an unauthorized computer kept trying trying to hack through proxy servers.
The state's correction IT team started hunting for the rogue device, which had been using illicit login credentials to get into the network, and on July 27, Marion's technology employee Gene Brady tracked the computer to ceiling tiles in a training room closet.
Inmates Adam Johnston and Scott Spriggs got their hands on the necessary hardware via jobs for the nonprofit program RET3, which employs prisoners to disassemble old computers for recycling — not refurbishing, officials said.
Spriggs and Johnston nabbed the refurbished hardware and put it in a cart, pushing it past a crash gate with a metal detector and a corrections officer to an elevator, up to the third-floor training room, and ran wire, cable, and power cords to connect to the prison network, investigators said.
The route that Johnston used to push the computers on a cart from the program room to the closet.
Ohio Inspector General
According to the report, Johnston told investigators he got the login password of prison employee-turned-contractor by looking over his shoulder.
The duo then used the password to obtain inmate records and steal another's Social Security number and birth date to apply for five credit cards.
A few of the credit cards got approved and were mailed to Johnston's mother, who told investigators that her son was “going to put money on the card to help me out,” according to the report.
The inmates also distributed videos and porn, and sold downloaded music to fellow inmates in exchange for commissary goods, investigators said.
Investigators also found “a large hacker's toolkit with numerous malicious tools for possible attacks…self-signed certificates, Pidgin chat accounts, Tor sites, Tor geo exit nodes, ether soft, virtual phone, pornography, videos, VideoLan… bitcoin wallets, stripe accounts, bank accounts, and credit card accounts,” according to the report.
Forensic analysis also found articles about making homemade drugs, plastics, and explosives, along with a Bloomberg Business article “describing how a criminal with valid Social Security numbers, dates of birth, bank account information, addresses, and an internet connection can illicitly obtain tax refunds loaded onto prepaid cards.” It wasn't clear from the report, however, if any of it was actually carried out.
Three other inmates were also identified as being involved and moved to other correctional facilities.
Investigators also found that the prison's former warden, Jason Bunting, and other officials knew about the unauthorized computer but did not immediately report it to the Ohio State Highway Patrol and the Ohio Inspector General, as required by state policy.
When asked why, Bunting responded, “I don’t have that answer for you,” according to the report.
He later resigned.
A Marion County prosecutor and the Ohio Ethics Commission are expected to review the findings to determine the next course of action.
State prisons spokeswoman JoeEllen Smith, meanwhile, said in a statement that officials would review the reports and take any steps necessary to prevent the breach from happening again.
“It is of critical importance that we provide necessary safeguards in regards to the use of technology while still providing opportunities for offenders to participate in meaningful and rehabilitative programming,” she said.