For over three months, five inmates in Ohio’s medium-security Marion Correctional Institution tapped into the prison’s network to run two computers they had built piecemeal from parts scavenged from a nonprofit group’s job training program. The program teaches inmates how to disassemble and recycle outdated computer equipment as part of Marion’s “Green Initiative” program.
The inmates installed ethernet cable and tapped into a hub on the prison’s network. They also loaded more than two dozen hacking programs to sidestep network safeguards and access prison records, and went online to search inmate disciplinary and sentencing records, find inmate locations, and create passes to gain entrance to restricted areas within the prison.
Using imaging software, they secretly copied the hard drive from a training computer for inmates to power their homemade machines and sign on to the prison’s computer system, using login information belonging to a retired corrections official who had gone part-time on the Ohio Department of Rehabilitation and Correction (ORCD) payroll.
According to a 50-page report released by the Ohio Inspector General’s Office on April 12, the inmates, most of whom were serving life sentences, used the home-brew computers to conduct a variety of criminal activities. These included identity theft (stealing personal identification of an inmate in another prison) and credit card fraud (they applied for five new credit cards in the name of the prisoner whose name, date of birth and Social Security number they had stolen).
They also accessed the internet to access pornography, recipes for making drugs, and information useful for other crimes. For instance, they used a Bloomberg article on tax fraud as a guide for attempts to file false refund claims in the names of others and get the refunds sent electronically to debit cards.
While the state Inspector General’s report appeared just recently, the events it described actually occurred several years earlier. The report faults prison officials for failing to make required notifications to the governor, the state highway patrol, and the inspector general’s office after computer security software alerted ORCD officials it had detected unusually heavy use of its system by one user — the ex-Marion training officer who formerly supervised the prison’s Green Initiative program and was now working part-time for the ORCD.
When the prison noted that the days of his heaviest use did not match up with his actual work schedule, the warden and an investigator there suspected that meant prisoners were making unauthorized use of prison computers, but failed to report that. The Inspector General’s report also identified numerous other lapses in the prison’s security practices.
After about a month of searching, the prison’s investigation traced the computers’ port number to a network switch near the room where inmates received computer training from the local nonprofit group. They eventually found the jerry-rigged computers hidden on pieces of plywood stashed above the ceiling tiles of a conveniently located storage closet.
The inmates involved in the caper were dispersed to other prisons. The Ohio Inspector General told a computer publication the inmates’ scheme reminded him of “an episode of Hogan’s Heroes,” but added it also seemed unlike anything “you’d think would happen in today’s correctional facilities.”
Christopher Zoukis is the author of Federal Prison Handbook: The Definitive Guide to Surviving the Federal Bureau of Prisons, (Middle Street Publishing, 2017), and College for Convicts: The Case for Higher Education in American Prisons (McFarland & Co., 2014). He regularly contributes to The Huffington Post, New York Daily News, and Prison Legal News. He can be found online at ChristopherZoukis.com, PrisonEducation.com and Prisonerresource.com.