Investigation Finds Inmates Built Computers, Hid Them In Prison Ceiling

An anonymous reader quotes a report from WRGB: The discovery of two working computers hidden in a ceiling at the Marion Correctional Institution prompted an investigation by the state into how inmates got access. In late July, 2015 staff at the prison discovered the computers hidden on a plywood board in the ceiling above a training room closet. The computers were also connected to the Ohio Department of Rehabilitation and Correction's network. Authorities say they were first tipped off to a possible problem in July, when their computer network support team got an alert that a computer "exceeded a daily internet usage threshold." When they checked the login being used, they discovered an employee's credentials were being used on days he wasn't scheduled to work. That's when they tracked down where the connection was coming from and alerted Marion Correctional Institution of a possible problem. Investigators say there was lax supervision at the prison, which gave inmates the ability to build computers from parts, get them through security checks, and hide them in the ceiling. The inmates were also able to run cabling, connecting the computers to the prison's network. Furthermore, "investigators found an inmate used the computers to steal the identify of another inmate, and then submit credit card applications, and commit tax fraud," reports WRGB. "They also found inmates used the computers to create security clearance passes that gave them access to restricted areas."

Re:Huh?

[azcoyote]

From TFA:

The inmates were able to get the parts from a program where inmates break down computers in order to learn computer skills and recycle the parts.

Re: H1B Visa?

Disaffected Trump voters I assume.

Re:If this was a movie...

..or its unrealistic apostrophe usage.

Re: H1B Visa?

You are wrong on most items in your list.
There is not a lot of manufacturing being done by prison inmates. Where they do work, Inmates receive a wage for their work. Most prisons are not privately owned. Three strikes requires theee felony convictions. But, by all means, continue.

Re:Huh?

[ledow]

Like HELL!

Why can you plug into the network at all? (RADIUS, etc.)
Why can you plug in unauthorised devices? (NPS, device management etc.)
Why can you use devices without up-to-date antivirus/firewall etc. (NPS again)
Why do new things plugged in get access to everything and not just a limited VLAN?
Why are you able to then get access to something just by a stolen username/password from an authorised device? (Access controls, I mean come on! At least insist that it's a domain-joined device!)
Why did they not notice until ACCESS WAS ALREADY BEING USED ON THE NETWORK?

It's pathetic.

I work in a primary school (up to age 11) and you wouldn't be able to do that to our systems without alarm bells going off.

In a "secure" environment like a prison, and especially on secure services that can create access cards and open door, the IT department were doing NOTHING LIKE their job.

Literally, a managed switch and a device management software / Windows server set up properly would have stopped 99% of what they did in its tracks and all they'd have was a stolen username/password they could use only at an authorised machine anyway.

You basically handed the prisoners the network on a plate, for virus infection, malware installation, Internet access, system compromise, packet-sniffing, etc.

And you're saying well done because they noticed a whole bunch of suspicious entries in a log after a LONG time of the computer being in a position to do all kinds of damage?