Using computers they’d built out of discarded electronics and hidden in a closet ceiling, two inmates in an Ohio prison hacked the facility’s network, downloaded porn, and applied for credit cards with stolen information, according to a report released Tuesday (April 11) by Ohio’s inspector general’s office.
The computers were discovered in 2015 after the IT department at the Marion Correctional Institution, a medium-security prison, noticed that a computer on the network had exceeded its daily usage limit. Alerts indicated that the computer had attempted to hack through the network’s controls, but was unsuccessful.
Although a contractor for the prison was logged into the computer in question, the IT department believed someone else was responsible for the breaches, as the flagged activity had taken place outside of working hours. After obtaining the computer’s name and IP address, the IT workers determined it was an unauthorized device, “because part of its computer name, ‘-lab9-,’ fell outside of the numbers assigned to the six known computers used in the PC training area.”
With that, the IT staff and prison investigators began their search for the rogue computer. Within a few days, they figured out which network port it was plugged into, and IT staffer Gene Brady went to the room where that port was located.
“I was able to follow the cable from the switch to a closet in the small training room,” Brady said. “When I removed the ceiling tiles I found 2 PC’s hidden in the ceiling on 2 pieces of plywood.”
Forensic investigators quickly determined that the inmates responsible were Scott Spriggs and Adam Johnston, and that they’d been using the computers undetected for months, performing a litany of nefarious tasks. They had managed to gain access to the state’s Departmental Offender Tracking System, for instance, and had stolen the personal information of at least one inmate. They then used that inmate’s Social Security number to apply for five credit cards.
They had also downloaded porn and various other media, as well as a large collection of hacking tools. The report notes that the pair had been researching ways to make some illicit cash, and had read “a Bloomberg Business article on tax refund fraud describing how a criminal with valid Social Security numbers, dates of birth, bank account information, addresses, and an internet connection can illicitly obtain tax refunds loaded onto prepaid cards.”
The two prisoners had even used their computers to create passes to access restricted areas within the prison, though the report doesn’t explain exactly how.
Spriggs and Johnston had stolen the parts to build their makeshift computers from their jobs at the prison, where they disassembled old electronics to be recycled. Investigators found that the computers used parts from various locations around Ohio, including Shaker Heights City Schools and the Wheel and Brake Division of the Parker Hannifin Corporation.
As the state investigated the operation, it found that the prison’s warden, Jason Bunting, had known about the illegal activity before the computers were found, but did not report it. When investigators asked why, he said, “I don’t have that answer for you.” He later resigned as the prison’s warden and is now the superintendent of the Northwest Ohio Development Center.
Following the discovery, the two inmates were sent to separate correctional facilities in Ohio, and prohibited from using phones or electronic devices.