Last week, news got out that two prisoners in the Ohio Department of Rehabilitation and Correction were caught with a few hacked together computers hidden in the ceiling above a closet. What'd they do with these computers? Aside from obviously downloading porn, they were also laying down a wide variety of scams and hacks.
Photo by Donald Tong.
The two inmates, Adam Johnston and Scott Spriggs, were somehow not only able to piece together entire computers with stolen parts without anyone noticing, they were also able to run ethernet cables through the ceiling and down to the network switch to gain internet access without any restrictions. They then accessed those computers and their unfettered access to the internet with remote desktop software.
With this newfound power, they stole the identity of one inmate and used it to apply for five credit cards; downloaded a ton of porn and other movies then sent them over to other inmates on thumb drives; and then used a variety of software to brute force crack passwords, spam emails, and perform a few man-in-the-middle attacks to grab account details so they could grant passes for inmates within the prison.
Good news too, we have the full Ohio Inspector General report, and that includes a list of all the software the inmates used. If you've been reading Lifehacker for a while, you're going to recognise some of this software:
- CC Proxy: Proxy server for Windows
- Cain & Abel: A password recovery tool
- Zed Attack Proxy: Scanner and tools for finding security vulnerabilities
- CC Cleaner: System optimizer that cleans out old data
- Wireshark: Open-source packet analyser, most often used to see everything happening on a network
- NMap: Network discovery and security auditing tool, often used with Wireshark
- ZenMap: Security scanner
- SoftEther VPN Server: Free and open-source VPN software
- OpenVPN: Free and open-source VPN software often used to set up your own internal VPN
- Jana Server: Web proxy
- Yoshi: Email spamming tool
- VideoLAN: Aka, VLC, the multimedia player everyone loves
- Clamwin: Anti-virus software
- phpBB: Free and open-source forum software, if you ever tried to set up a web site in the late '90s or early '00s, you probably tried to install phpBB at least once
- AdvOr Tor Browser: Speedier alternative to Tor
- Paros: Java-based proxy
- 3CX Voip Phone: Free VOIP/SIP software
- Webslayer: Hacker tool for brute forcing passwords
- Cavin: Portable editor with encryption
- Virtual Box: Virtual machine software
- TrueCrypt: Encryption tool
- THC Hydra: Network cracking tool
- Kali Linux: Everyone's favourite pen testing operating system
The whole thing is something out of an episode of Mr Robot, but in Ohio, and slightly less political in nature. Still, it's a fascinating story, and one that despite the illegal nature of it all, any geek can at least nod their head in respect at.