A Michigan man will spend the next seven years and three months behind bars as punishment for attempting to hack a county jail’s computer system and altering prison records to get his friend released early.
In addition to 87 months in jail, Konrads Voits – a 27-year-old from Ypsilanti, Michigan – was also hit with a fine of $US235,488 that he is ordered to pay to Washtenaw County for the cost accrued in investigating the intrusion, Bleeping Computer reported.
Voits, who pleaded guilty to one count of damaging a protected computer last December, spent the better part of the spring of 2017 crafting and executing a social engineering scheme that allowed him to gain access to the Washtenaw County Jail computer system.
The Michigan resident began his campaign by crafting a website that looked identical to the county’s actual site. While the county’s real website has the domain name ewashtenaw.org, Voits’ mockup had the domain ewashtenavv.org, which looks indistinguishable at a glance. With the fake county website up and running, Voits began sending out emails to employees of the county jail in an attempt to lure them to the site and surrender their login credentials so he could hijack their account and access the jail’s computer system.
Unfortunately for the hacker, that plan failed and no one from the jail took the bait. After abandoning the phishing attack, Voits then began calling the jail to talk to employees. He posed as a member of the county’s IT staff over the phone and would pretend that he was trying to help install an update for X.Jail, the program used to manage jail records. Voits would direct the unwitting employee to type in a URL, which redirected to a site that hosted malware.
After a couple attempts, Voits succeeded in tricking an employee into installing the malicious software, which he used to gain access to just about everything stored on the county’s computers. He had the ability view to search warrant affidavits, internal discipline records from the jail, and the personal information of county employees. Voits stole the usernames, passwords, email addresses, and other information from more than 1,6000 government workers.
A victim’s statement from a county employee said the hack caused a great deal of fear and consternation. According to MLive, the employee said she and others felt “personally violated” by Voits’ hack and had to “suffer the uncertainty of not knowing whether their identity has been stolen or credit has been ruined.”
Voits also completed the task that he initially intended to do: modify the prison record of a friend in an attempt to get him released early. While he did manage to make the change, the jailbreak plot never panned out. According to the Associated Press, an employee cross-checked the release date with hand-kept records and determined something was wrong. A short FBI investigation later, Voits was arrested.
The AP reported prosecutors in the case acknowledged Voits has “extraordinary talents,” but said he used them for nefarious purposes. They also encouraged the court in a sentencing memorandum to allow Voits to spend part of his jail time in a federal medical center, according to MLive. Voits’ defence attorney said he suffers from “severe” mental illness.
“Hopefully, upon release, Voits will be in a position where he can use his immense skills to make society a better place,” the prosecutors said.