Jail cells

A judge sentenced a Michigan man to 87 months —7 years 3 months— in prison for hacking into a county jail's computer system and modifying prisoner records in an attempt to get an inmate released early.

The man, Konrads Voits, 27, of Ypsilanti, will also serve three years of supervised release and will have to pay $235,488 in restitution to Washtenaw County, the cost of investigating and addressing the hack.

Hacker used spear-phishing, telephone calls

Voits prison sentence stems from his actions in the spring of last year. According to his guilty plea, Voits admitted that between January and March 2017, he engaged in a social engineering campaign to hack into the Washtenaw County Jail's computer system.

Initially, he engaged in a spear-phishing campaign. He sent emails to county jail employees, luring them on the "ewashtenavv.org" domain, a carbon copy of the county's official website of "ewashtenaw.org."

The email campaign was unsuccessful, but Voits was successful when he called county jail employees, posing as members of jail's IT staff, and tricking workers into installing a fake update package for the county jail's application.

In reality, the update file was laced with malware, which Voits used to access the jail's computer system. Voits admitted to using the malware to collect and steal passwords, usernames, emails, and other personal information of over 1,600 county employees.

Voits' modification of inmate records detected right away

His intrusion was detected when he accessed XJail, the county's inmate management app, and modified the entry of at least one prisoner in an attempt to have him released earlier.

Court documents don't go into the technical details, but they say Voits' intrusion was detected right away, that the entry was corrected, and the FBI was called in to help track down the intruder.

Authorities arrested Voits last summer, and he pleaded guilty in December 2017.

Related Articles:

Data of Over 200 Million Japanese Sold on Underground Hacking Forum

Students Hack High School to Change Grades, Get Lunch Refunds

Suspected Member of TheDarkOverlord Hacking Group Arrested in Serbia

Shadowy Hackers Accidentally Reveal Two Zero-Days to Security Researchers

Anonymous Member Arrested in Ohio