Jail cells

A judge sentenced a Michigan man to 87 months —7 years 3 months— in prison for hacking into a county jail's computer system and modifying prisoner records in an attempt to get an inmate released early.

The man, Konrads Voits, 27, of Ypsilanti, will also serve three years of supervised release and will have to pay $235,488 in restitution to Washtenaw County, the cost of investigating and addressing the hack.

Hacker used spear-phishing, telephone calls

Voits prison sentence stems from his actions in the spring of last year. According to his guilty plea, Voits admitted that between January and March 2017, he engaged in a social engineering campaign to hack into the Washtenaw County Jail's computer system.

Initially, he engaged in a spear-phishing campaign. He sent emails to county jail employees, luring them on the "ewashtenavv.org" domain, a carbon copy of the county's official website of "ewashtenaw.org."

The email campaign was unsuccessful, but Voits was successful when he called county jail employees, posing as members of jail's IT staff, and tricking workers into installing a fake update package for the county jail's application.

In reality, the update file was laced with malware, which Voits used to access the jail's computer system. Voits admitted to using the malware to collect and steal passwords, usernames, emails, and other personal information of over 1,600 county employees.

Voits' modification of inmate records detected right away

His intrusion was detected when he accessed XJail, the county's inmate management app, and modified the entry of at least one prisoner in an attempt to have him released earlier.

Court documents don't go into the technical details, but they say Voits' intrusion was detected right away, that the entry was corrected, and the FBI was called in to help track down the intruder.

Authorities arrested Voits last summer, and he pleaded guilty in December 2017.

Related Articles:

Cobalt Bank Robbers Use New ThreadKit Malicious Doc Builder

HackerOne Offers Free Sandboxes To Replicate Real-World Security Bugs

DOJ Indicts Two Iranian Hackers for SamSam Ransomware Operation

Dell Systems Hacked to Steal Customer Information

First GDPR Sanction in Germany Fines Flirty Chat Platform EUR 20,000