The discovery of two working computers hidden in a ceiling at the Marion Correctional Institution in Ohio prompted an investigation by the state into how inmates got access.
Staff at the prison discovered the computers hidden on a plywood board in the ceiling above a training room closet. The computers were also connected to the Ohio Department of Rehabilitation and Correction's network.
Authorities say they were first tipped off to a possible problem in last July, when their computer network support team got an alert that a computer "exceeded a daily internet usage threshold." When they checked the login being used, they discovered an employee's credentials were being used on days he wasn't scheduled to work.
That's when they tracked down where the connection was coming from and alerted Marion Correctional Institution of a possible problem.
Investigators say there was lax supervision at the prison, which gave inmates the ability to build computers from parts, get them through security checks, and hide them in the ceiling. The inmates were also able to run cabling, connecting the computers to the prison's network.
"It surprised me that the inmates had the ability to not only connect these computers to the state's network but had the ability to build these computers," Ohio Inspector General Randall J. Meyer said. "They were able to travel through the institution more than 1,100 feet without being checked by security through several check points, and not a single correction's staff member stopped them from transporting these computers into the administrative portion of the building. It's almost if it's an episode of Hogan's Heroes."
The inmates were able to get the parts from a program where inmates break down computers in order to learn computer skills and recycle the parts.
The Ohio Inspector General says investigators found an inmate used the computers to steal the identity of another inmate, and then submit credit card applications, and commit tax fraud. They also found inmates used the computers to create security clearance passes that gave them access to restricted areas.
One inmate, Adam Johnston, reportedly admitted to applying for the credit cards, saying he just looked through the ODRC system for a young inmate with a long sentence, then used his information to get the cards.
"I think the Department of Rehabilitation and Correction needs to go through and do a spot on check to all their computer networks," Meyer said. "They've run through every open port within Marion Correctional to make sure there's no other malicious computers connected to their system but that's one of 32 institutions across the state."
Five inmates were identified as being involved with the hidden computers, and were moved to other prisons.
The Ohio Department of Rehabilitation and Correction responded with the following statement: "We appreciate the time the Inspector General’s office has taken to conduct these investigations and we have already taken steps to address some areas of concern. We will thoroughly review the reports and take any additional steps necessary to prevent these types of things from happening again. It is of critical importance that we provide necessary safeguards in regards to the use of technology while still providing opportunities for offenders to participate in meaningful and rehabilitative programming."