back to article Prisoners built two PCs from parts, hid them in ceiling, connected to the state's network and did cybershenanigans

We are impressed by five prisoners in the US who built two personal computers from parts, hid them behind a plywood board in the ceiling of a closet, and then connected those computers to the Ohio Department of Rehabilitation and Correction's (ODRC) network to engage in cybershenanigans. Compliments are less forthcoming from …

Page:

  1. TRT Silver badge

    Hats off to them...

    That took some balls, and skillz.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hats off to them...

      No doubt they were listed as model prisoners too, being quiet and that.

      At least they weren't hard to lock up :)

      1. Triggerfish

        Re: Hats off to them...

        If they put that much effort in a legit job to keep a network up, they would be bloody good sys admins.

        ..............possiby till the payroll dissapeared, but still.

    2. Anonymous Coward
      Devil

      Re: Hats off to them...

      i'm not even mad, that's amazing!

      1. bombastic bob Silver badge
        Facepalm

        Re: Hats off to them...

        well, bored hackers with nothing but "down time" and access to spare computer parts...

    3. Crazy Operations Guy

      Re: Hats off to them...

      They weren't really good at it, just slightly better than the Prison's staff. Something as simple as implementing port-lock-downs, 802.1x or just keeping ports unplugged unless actually needed would have stopped them cold.

      A prison is unique in that the IT staff would be aware of every single MAC address of every machine that should be on the network, at least in the areas where prisoners might be. They should be setting up a monitoring system that screams in their face every time the MAC changes on a port, and if it isn't tied to a work order, someone should go investigate.

      Setting something like that up is fairly trivial, I did it in a weekend using FreeBSD, nagios, and radiusd on an old Pentium-3 system that was rusting away in a closet. I get an email every time a machine is plugged into a different port, or a new system is added to the network, even over wireless. Any new device is dropped onto a non-routing VLAN and can only access a read-only ftp server hosting OS install files, patches, and some packages (FTP is in read-only mode, files are modified via rsync on another interface). It wouldn't take much more for the prison's IT staff to do the same.

      1. Anonymous Coward
        Anonymous Coward

        Re: Hats off to them...

        "They should be setting up a monitoring system that screams in their face every time the MAC changes on a port"

        Because spoofing a MAC address is impossible right?

        1. Crazy Operations Guy

          Re: Hats off to them...

          "Because spoofing a MAC address is impossible right?"

          They'd have to spoof an authorized mac and somehow get the real system offline (Otherwise the systems would just start throwing errors and effectively disconnect themselves), and even then, they'd have to get around the fact that the switch would still yell at the admin about the fact that it is on a different port. So even if they do duplicate both the mac, and somehow connect it to the same port, someone is going to notice that their computer no longer has connectivity.

        2. Shovel

          Re: Hats off to them...

          Remember when the Chinese cloned one nic card 20 years back, then copied and sold about 2 million of them back to the rest of the world? That was a fun year in paradise.

      2. razorfishsl

        Re: Hats off to them...

        yep and your little system fails on 2 counts:

        1. Mac spoofing

        2. Current trend for devices to randomize the MAC.

        1. Crazy Operations Guy

          Re: Hats off to them...

          "yep and your little system fails on 2 counts:

          1. Mac spoofing

          2. Current trend for devices to randomize the MAC."

          I take it you don;t know how 802.1x actually works... Reason 1 would be prohibitively difficult to pull off without anyone noticing. As for the second one, if a device pops up on a network that doesn't possess a valid token, the device will be quarantined until the device receives a new token by way of an Authentication back-end. Granting of the token by the authenticator can be done on something as basic as mac address (by far the most common on wired networks) but can be based on any authentication mechanism that the connecting OS has a supplicant for and the switch is able to relay back to the authentication server. I've implemented 802.1x using everything from basic mac address to usernames/password to certificates to manual approval by an authorized admin.

          The switch doesn't care what is used to authenticate the conencting client, so long as the authentication server responds back with an AUTHORIZED packet, and expiration for the authorization, and an optional VLAN assignment that the client belongs on. Otherwise the systems is just left on a quarantine VLAN that, usually, doesn't route to anything (Some places allow packets to route out on that VLAN to build a 'guest network' without allowing the system to see packets from secured networks, obviously a prison wouldn't allow that). So if they do implement something a little more than mac based auth, then the system will be sitting there with nothing to do but talk to the authentication server (until an admin notices a weird machine on the network and kills the system).

          A place like a prison, where security is key, it would be likely that they'd use the mac to authenticate the system to the network, but would only get them access to the authentication network until their system can convince the authentication server to grant them greater access.

          1. Anonymous Coward
            Anonymous Coward

            Re: Hats off to them...

            https://www.defcon.org/images/defcon-19/dc-19-presentations/Duckwall/DEFCON-19-Duckwall-Bridge-Too-Far.pdf

            Nice post bro, but what about that?

          2. martinusher Silver badge

            Re: Hats off to them...

            The problem with 802.1x is that a surprising number of sysadmins seem entirely ignorant of what it is, how it works and how to use it. Although the protocol was originally designed for wired switches, as a way of verifying that the computer connected to a switch port is the correct one, it got adapted for use with wireless networks, employing a users' login credentials to clear a particular machine for use on the network (and issuing it with an appropriate key). Its seamless, reliable and pretty bulletproof...but people are still messing with MAC addresses and the like.

            What's a bit sad about this article is that all this effort and expertise were used to get Internet access and the puerps used it for illegal/shady activities. That's obviously why they're in jail in the first place -- misplaced talent.

      3. SEDT

        Re: Hats off to them...

        Crazy Operations Guy

        You are, of course, a genius. Which explains the arrogance, perhaps

      4. Anonymous Coward
        Anonymous Coward

        Re: Hats off to them...

        You seem to forget management. Your ideas are good, but when management don't give you the time to do such things and ignore you when you point out security issues, then you can only do what they allow you to do. If the business decides it wants all ports available so they can easy plug in a device, then you make them all available. Its what you're paid to do. If you don't like it because it's a security issue, then you leave and go elsewhere, hopefully in a copy where management actually respects IT.

      5. bombastic bob Silver badge
        Devil

        Re: Hats off to them...

        "Setting something like that up is fairly trivial, I did it in a weekend using FreeBSD, nagios, and radiusd on an old Pentium-3 system that was rusting away in a closet."

        exactly. Yet, THE PRISON WAS USING A MICROSOFT "SOLUTION". While THAT was in place, the cybercrooks "got away with it".

        And the offenders were THEN DETECTED AND CAUGHT when that Micro-shaft "solution" was swapped out for a (apparent) REAL one.

      6. jbbbarr

        Re: Hats off to them...

        They would have had to splice into the cables, as the pic alludes to, port should have flapped or went down temporarily, unless they possibly rigged clips that could bite thru each 1 of the 8 wires after they carefully stripped it back? Either way I'm pretty sure they did not just plug into p16, the security would have shut down a rouge mac immediately. I would love to see the log from this switch, it should speak volumes of the red flags that were glazed over.

    4. Aus Tech

      Re: Hats off to them...

      It does take some balls. It only takes one person with the knowledge to build the computers. All that is needed is the Case, M/B, CPU, RAM, a network cable, a hard drive, and the means to install the O/S. Everything else is already available on the M/B.

      Given that the prisoners were already disassembling computers, reversing the process to build them is simple. Getting access to the network switch to do the deed is about the hardest part, or it should have been. That suggests that there was a network physical security failure, and that somebody's posterior should have been very sore from the punishment inflicted.

      1. keith_w

        Re: Hats off to them...

        you don't actually need the case, just the power supply and the on.off switch.

        1. Anonymous Coward
          Anonymous Coward

          Re: Hats off to them...

          Don't forget the Turbo button!!

          1. Montreal Sean

            Re: Hats off to them...

            Turbos are too laggy.

            I've got a supercharger button!

      2. Wayland Bronze badge

        Re: Hats off to them...

        USB sticks would be easy to smuggle in. Even small mobile phones with rounded corners but a motherboard, I don't think so.

        1. Anonymous Coward
          Anonymous Coward

          Empty minds, busy hands.

          You did read the bit about their prison job was disassembling computers?

          All they needed - except the network switch - was ready to hand.

          The means to do it was provided by the prison's IT staff with their laid-back cushy job attitude, that figured we built it so "What could go wrong?"

          I'm guessing that had they not been so greedy, they'd still be at it. I suspect that was the character flaw that got them in there to start with.

        2. Mahhn

          Re: Hats off to them...

          lol " but a motherboard"

    5. Scorchio!!
      FAIL

      Re: Hats off to them...

      They are probably the kind of asshat that breaks into innocent people's bank accounts and other facilities. So no, and I hope the people concerned pull their act together and protect at least people like me (for you the salutory lesson of losing all of the money in your bank account will be good) from these creatures.

      It is not funny. It is not admirable, and I'd like to know what the offender profiles are for those concerned.

    6. JCitizen
      Pirate

      Re: Hats off to them...

      What a bored prisoner can't do when motivated by pure boredom!

      1. SEDT

        Re: Hats off to them...

        "What a bored prisoner can't do when motivated by pure boredom"

        Absolutely anything. WW2 prisoners in Colditz cut through the iron window bars, with razor blades FFS

  2. Redstone

    They would have got away with it if they hadn't indulged in the twin pillars of getting caught: they got cocky and they were greedy..

    1. Mage Silver badge

      Re: They would have got away with it

      and if the IT hadn't migrated from MS Software!

      The Inspector General was alerted to the issue after ODRC's IT team migrated the Marion Correctional Institution from Microsoft proxy servers to Websense. Shortly afterwards, on 3 July 2015, a Websense email alert reported to ODRC's Operation Support Centre (OSC) that a computer operating on the network had exceeded a daily internet usage threshold.

      My emphasis.

      Don't buy all your SW from one source, choose the most suitable packages.

      1. Anonymous Coward
        Anonymous Coward

        Re: They would have got away with it

        Don't buy all your SW from one source, choose the most suitable packages.

        That's far too sensible. It's more fun to observe that abandoning Microsoft clearly has advantages whatever way you look at it, and if you want to pour some lighter fuel on the debate you then express a preference for one alternative. Do it in all caps and then sit back.

        (no, I can't be asked right now, but be my guest)

        :)

        1. jonfr

          Re: They would have got away with it

          Anything server from Microsoft is useless in my view. I only consider them good for Desktop and I only consider Linux* (*Your distro of chose) good for server work as it does what is expected of it**.

          ** Also applies to *BSD (FreeBSD, NetBSD, OpenBSD and so on).

          1. Anonymous Coward
            Anonymous Coward

            Re: They would have got away with it

            Anything server from Microsoft is useless in my view

            Aww, come on, is that the best you can do? WTF happened to a good old rant, the sort of all-caps-with-foam-dripping-from-the-mouth stuff we could have a good laugh at? Where have these people gone? Or can't they handle being part of the entertainment.

            Honestly, kids these days ..

            :)

            1. jonfr

              Re: They would have got away with it

              I've never been the caps lock type, too much time on the IRC in the past where such behaviour got one banned from the channel from hours to days.

              Those people you speak of have left the internet to do other things. I think it's mostly cocaine and opioids and other such things if they do drugs at all (many don't). Some return, most don't return I guess (there is no study into this, so guesses go wild).

              Some views on this subject are interesting.

              https://www.dailydot.com/unclick/i-quit-the-internet-for-4-years/

            2. razorfishsl

              Re: They would have got away with it

              **Example of a professional Microsoft rant....**

              I have a very nice email from microsoft tech support explaining why they have DELIBERATELY changed the 2016 office software to loose attachments.

              Double clicking on a word attachment in outlook opens the file in word, but puts the file in a temp directory .......8 levels down.

              so when you do a save , guess where it goes?

              and when you quit outlook...... guess what happens to the "temp" folder.

              the explanation goes on to point out,.......

              but notice how we have made the "one-drive service" very easy to use for saving your documents., the functionality is by design.. Please use one drive.

              1. Anonymous Coward
                Anonymous Coward

                Re: They would have got away with it

                I have a very nice email from microsoft tech support explaining why they have DELIBERATELY changed the 2016 office software to loose attachments.

                Oh my gosh, and did you lose the grammar checker too? I feel for you, honest.

          2. Dagg
            Unhappy

            Re: They would have got away with it

            Anything server from Microsoft is useless in my view.

            Me thinks you are a tad arrogant, I have a mix of Windoze and linux at home and I've got a problem

            My broadband maxed out, first thought was one of those bloody windoze systems has "got" something. But after disconnecting the various system it turns out the culprit is my Debian video recorder.

            So careful who you blame...

            1. jonfr

              Re: They would have got away with it

              @Dagg, I've come to the conclusion that Linux isn't for Desktop. That's just my view after using it as such for 14 years. During that time the progress has been painfully slow and it is now good five to eight years behind Microsoft Windows and Apple MacOS. The reason why it isn't popular is clear, it isn't competitive as a desktop Os on the market. If it was, it would be used.

              Mobile is different thanks to Google (Alphabet).

              I was speaking about Microsoft Windows server. I don't know for sure how progress has been going on it for the past 14 years, but I don't think its an ideal environment to use due to how its structured on the system level (with hard drive a:, b: and so on). Servers need a different set-up since they are doing a different thing. I guess in all Microsoft environment it can be useful, unless you use something else for a gateway and firewall to connect to the internet.

              I have found that Microsoft Windows 10 is highly useable as a Desktop (but I'm no fan of it). But I'll keep my server FreeBSD or Linux, that's not going to change.

              Hat tip: If you are using Microsoft Windows shared folder network (also known as samba) you can access remote computer hard drive by typing in ${drive letter} into the address bar on that computer. Example; \\192.168.0.4\F$ - Type in user and password and you got access to all the files, read-write access included.

      2. Griffo

        Hang on, they were using What?

        The article and report say "Microsoft Proxy Server". The last version of MS Proxy 2.0 was released in... 1997. Maybe they meant ISA? Or TMG? Either way, all are old products, and none of them has built in per-use quota management, which is really what caught the perps, so I'm not sure you can have a dig at Microsoft.

        1. Amos1

          Re: Hang on, they were using What?

          My thoughts precisely.But it's a government, one that has people's tax returns so you know that data security is of paramount concern to the State. Hahahahahahahahahahaha!

        2. Anonymous Coward
          Anonymous Coward

          Re: Hang on, they were using What?

          I'm not sure you can have a dig at Microsoft.

          You must be new here. You can ALWAYS have a dig at Microsoft, justification doesn't come into it.

          :)

      3. jelabarre59 Silver badge

        Re: They would have got away with it

        That was a major point I noticed. The MS software was (as usual) unable to detect a security hole (likely because it's own internal functionality needs the same holes, die to sloppy coding on MS' part). Immediately upon switching to a competent product exposed the security violation. There's an important lesson to be learned here. The prison could only have done a worse job by running IBM software/systems.

    2. Michael Thibault

      "they got cocky and ... greedy"

      Under the circumstances, "impatient" would sew things up nicely. A hobby is a good thing to have.

    3. Shovel

      I guess they got tired of their usual cocky

    4. bombastic bob Silver badge
      Trollface

      "They would have got away with it if they hadn't indulged in the twin pillars of getting caught: they got cocky and they were greedy.."

      and those meddling kids

  3. Anonymous Coward
    Anonymous Coward

    The Shawshank Connection

    That is all.

    1. Anonymous Coward
      Anonymous Coward

      Re: The Shawshank Connection

      The Great Itscape.

      The green bios mile.

      Stalag Port 17

      or my personal favourite,

      Midnight PCI Express

      1. Anonymous Coward
        Anonymous Coward

        Re: The Shawshank Connection

        Alt+Esc from Alcatraz

        1. Anonymous Coward
          Anonymous Coward

          Re: The Shawshank Connection

          Click'n'Run

          Prison (Page) Break

      2. VanguardG

        Re: The Shawshank Connection

        Hogan's Hackerz

      3. AceRimmer1980
        Big Brother

        Re: The Shawshank Connection

        Escape LAN.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019