Two inmates incarcerated at Marion Correctional Institution, a low-security, 2,500-capacity facility which used inmate labor to recycle old computers as part of the non-profit RET3 program.Both inmates managed to squirrel away dozens of RET3 parts and construct two new machines inside MCI. The fully functional computers were “hidden on a plywood board in the ceiling above a closet” and subsequently “connected to [Ohio Department of Rehabilitation and Correction’s] computer network.”
According to the 50-page Ohio Inspector General report, the fully functional computers were “hidden on a plywood board in the ceiling above a closet” and subsequently “connected to [Ohio Department of Rehabilitation and Correction’s] computer network.” But wait—there’s more. They were able to run ethernet cables through the ceiling and down to the network switch, where it was connected to port 16, and the inmates were able to obtain internet access via credentials belonging to, a retired prison employee who now works for ODRC as a contractor. Once connected, they were able to download articles on “home-made drugs, plastics, explosives, and credit cards.” One of the inmates, according to the report, also “accessed an article online from the Bloomberg.com site detailing how to submit fraudulent tax returns and have the refunds wired to debit cards,” and stole the identity of another inmate and used his name and social security number to apply for five credit cards. The investigators found a bunch of software useful for hacking and encryption, as well as brute force password crackers, an email spamming program, and a Java-based tool used to commit man-in-the-middle attacks. Likely this cornucopia of illicit programs was how the pair were able to issue “passes for inmates to gain access to multiple areas within MCI” and gain access to “unauthorized inmate records including disciplinary records, sentencing data, and inmate locations.
How they were discovered
The two masterminds were caught due to employee bandwidth throttling. An automated message informed MCI staff that on Friday July 3, 2015 “a computer operating through the ODRC computer network had exceeded a daily internet usage threshold.” The ring of prisoners involved with this data heist have been shipped off to other facilities, and MCI are shouldering the blame for not only allowing it to happen, but failing to notify Ohio State Highway Patrol as regulations.
Dag they should do their time (be good) and apply for a computer job