Report: Marion prisoners hid computers, committed crimes

Inmates at Marion Correctional Institution hid computers in the ceiling at the prison and used them to commit crimes, the Ohio Inspector General reported Tuesday.

The report was one of two released Tuesday investigating incidents at the prison. In the other investigation, the inspector general’s office probed the procedures followed in the issuing of a contract to provide prisoner services.

The incidents that provoked both investigations occurred in 2015. ​Marion Correctional Institution, 940 Marion-Williamsport Road East, houses about 2,500 inmates, primarily medium-security prisoners.

The Office of the Ohio Inspector General reported that two computers were hidden on plywood boards above a ceiling panel in a training room at the prison, according to the investigation.

The investigation, assisted by the Ohio Highway Patrol and the state Department of Administrative Services, found that in July 2015, the Ohio Department of Rehabilitation and Correction (ODRC) received an alert that a computer had exceed its daily Internet usage threshold. Furthermore, the log-in credentials being used were for an employee who was not working that day. Employees were able to trace the computer connection and found the computers.

The computers were connected to the ODRC computer network and were being used by an inmate to steal the identity of another inmate, in part so that he could submit credit card applications and commit tax fraud, the report found. The computers also were used to illegally create security clearance passes for inmates to gain access to restricted areas and download hacking tools that could be used in network attacks, the investigation found.

Analysis revealed the computers had been used to make credit card applications, create passes for inmates to gain access to multiple areas within MCI and access inmate records such as disciplinary data, sentencing data and inmate locations. A “large hacker’s toolkit with numerous malicious tools for possible attacks” was detected on the computer’s hard drives.

The Ohio Inspector General found “lax inmate supervision” allowed inmates the ability to build computers from parts, transport them through several prison security checks, hide them in the ceiling, run cabling, and ultimately, connect the computers to the prison’s network.

Programs for inmates at MCI included one in which obsolete computers were disassembled and the parts returned to the contractor. In addition, the investigation determined that, through a program run by the Ohio Penal Industries, inmates had unregulated access to computer hardware, software and accessories.

“Additionally, articles about making home-made drugs, plastics, explosives and credit cards were discovered,” the inspector general report said.

The inspector general’s report concluded that MCI employees failed to report suspected illegal activity, failed to supervise inmates and protect computer resources, failed to follow crime scene protection policies and failed to follow password security policy. All those areas should be addressed, the inspector general’s office said. It asked the director of ODRC to respond within 60 days to detail how changes will be implemented.

The report of investigation has been sent to the Marion County Prosecuting Attorney and the Ohio Ethics Commission for consideration.

The second investigation report released Tuesday also involved the Marion Correctional Institution. The investigation focused on the circumstances surrounding the awarding of a contract and the subsequent transfer of the contract between vendors that provide services to prisoners.

The Ohio Inspector General found ODRC policy had been violated by failing to follow competitive bidding requirements, and expressed concerns regarding the process that was used to review, approve, and execute the contracts.

The inspector general’s report investigated whether a 2015 contract issued to Healing Broken Circles was correctly awarded. The investigation raised questions about MCI’s awarding of the contract previously held by WinWin Inc. The institution identified Healing Broken Circles as the vendor, even though it is a completely different organization than WinWin, not just a different name.

The report will be sent to the state auditor’s office for further review.

Healing Broken Circles is a nonprofit corporation that operates the Lifeline Reentry Community Center at Marion Correctional Institution. Executive Director Jo Dee Davis has been working with prison inmates for 18 years, the last 16 at MCI.

Ohio Inspector General Report of Investigation file numbers 2015-CA00043 and 2015-CA00047 are available at: http://watchdog.ohio.gov/investigations/2017investigations.aspx