Yesterday was a big day for the officials at Ohio Department of Rehabilitation and Correction’s (ODRC) as they cracked down a major scheme going on for about a year and a half.
As per investigatory report [PDF], officials at ODRC were investigating a case of possible breach of the security of their network since July 2015. Not only this, but the crooks were also involved in several cyber shenanigans including Hacking, identity fraud, etc. However, it all came to an end last night, as they caught the culprits’ red-handed.
As it happened:
Last night, Inspector General of ODRC published a 50-page long report sharing their insights on the whole incident.
According to the Inspector General Mr. Randall J. Meyer, five prisoners were involved in the whole plot. The culprits exploited a program called Marion Correction Institution’s RET3, which was originally meant to restore the change the life of the prisoners in a positive way. The program included breaking down old PCs and finding parts to recycle. However, the crooks used these parts for their benefit.
The prisoners built two computers from the components collected through the program and connected them to the network of ODRC. To avoid detection, the prisoners hid those PCs behind a plywood board in the ceiling of a closet.
According to the report, “Inmates appeared to have been conducting attacks against the ODRC network using proxy machines that were connected to the inmate and department networks. It seems the Departmental Offender Tracking System portal was attacked and inmate passes were created. Findings of bitcoin wallets, stripe accounts, bank accounts, and credit card accounts point toward possible identity fraud, along with other possible cyber crimes.”
How they get caught:
This would have been a perfect plan had the inmates been a little more cautious but what alerted the authorities was multiple warnings about exceeding the daily internet usage limit. Also, evidence of proxy avoidance and hacking were found on the ODRC’s network. This whole scenario was spotted by a computer security firm Websense (now renamed Forepoint), and then authorities made sure that the culprits were caught.
The report further states that “On the above date and time, I was following up on information received from OSC IT department. I had been told there was a PC on our network that was being used to try and hack through the proxy servers. They narrowed the search area down to the switch in P3, and the PC was connected to port 16. I was able to follow the cable from the switch to a closet in the small training room. When I removed the ceiling tiles, I found 2 PCs hidden in the ceiling on two pieces of plywood.”
Along with several hacking tools, hand-crafted software, proxy tools authorities also found self-signed certificates, Pidgin chat accounts, Tor sites, Tor geo exit nodes, ether soft, virtual phone, pornography, videos, VideoLan, and other various software. Furthermore, Bitcoin wallets, stripe accounts, bank accounts, and credit card accounts were also found on the computers which mean that the inmates were also involved in identity theft.
Authorities have taken care of the culprits and are making sure that they get the deserve punishment for their malicious acts, and they are now focused on taking necessary steps to ensure that this kind of incident doesn’t happen again.
“It is of critical importance that we provide necessary safeguards in regards to the use of technology while still providing opportunities for offenders to participate in meaningful and rehabilitative programming,” said Mr. Meyer.