Slashdot Mirror

← Back to Stories (view on slashdot.org)

Man Hacks Jail Computer Network To Get Inmate Released Early (bleepingcomputer.com)

Posted by msmash on from the it's-a-thing-now dept.

An anonymous reader writes: A Michigan man pleaded guilty last week to hacking the computer network of the Washtenaw County Jail, where he modified inmate records in an attempt to have an inmate released early. To breach the jail's network, the attacker used only spear-phishing emails and telephone social engineering.

The man called jail employees and posed as local IT staffers, tricking some into accessing a website, and downloading and installing malware under the guise of a jail system upgrade. Once the man (Konrads Voits) had access to this data, investigators said he accessed the XJail system, searched and accessed the records of several inmates, and modified at least one entry "in an effort to get that inmate released early." Jail employees noticed the modification right away and alerted the FBI. The man as arrested a month later and is now awaiting sentencing (maximum 10 years and a fine of up to $250,000).

31 comments

  1. Should have started small... by whiskeyzulu · · Score: 3, Funny

    ...and changed his social studies grade first.

    1. Re:Should have started small... by Anonymous Coward · · Score: 0

      I was reminded of this clip from Ferris Bueller's Day Off.

  2. Went about it the hard way by Anon-Admin · · Score: 4, Funny

    A few years ago there was a person who forged the court release paper work and faxed it over to the jail.

    They got the fax, processed it as it normally would have been processed, and the guy was released that day. They did not catch the mistake for almost a week. lol

    1. Re:Went about it the hard way by RhettLivingston · · Score: 4, Interesting

      Suspect you're talking about this Florida prison escape by two inmates. The crazy thing about that story is how they were caught. All felons in Florida are required to register their locations after release. These two guys actually registered their location. They were working under the delusion that nobody would ever figure it out and doing everything possible to follow the law.

      I'm pretty sure that they paid a lot for the forgery though. So it wasn't easy or cheap.

      The concept of escaping from a prison and staying out for any length of time was common in older days but is pretty much dead in America today. The vast majority are caught almost immediately. All escapees do is add to their sentences.

      Jail is a somewhat different story. Authorities may simply not care enough to launch a massive manhunt with a jailbreak by a misdemeanor offender. At the same time, the gain is less so why do it. These guys will have a vast loss for next to no gain.

    2. Re: Went about it the hard way by Anonymous Coward · · Score: 1

      Oddly, your motivation for escape does not include innocence.

    3. Re: Went about it the hard way by Anonymous Coward · · Score: 0

      Sure, there are a lot of innocent folks behind bars. When there are places that achieve plea rates of over 98%, there is no doubt that innocent people are pleading guilty.

      But, motivation for escape has no relationship to the outcome. In today's world, you can count on being quickly caught. Since most who escape are then punished with both extra time and harsher incarceration, sometimes going to the hole for years, there simply isn't a payoff.

      An innocent person has better odds of getting out via one of the various innocence projects than via escape - though even those odds are low enough to make you think about it before risking the reprisals.

  3. It's a trap by SuperKendall · · Score: 1

    Plainly he wanted to be arrested and get put into the prison, that's when the REAL trojan he implanted into the system will take effect and give him full access to the armory and all other prisoners...

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:It's a trap by Joe_Dragon · · Score: 1

      Our jail is so old that they to do rolling of the bar to lock and unlock doors

  4. Hope they fixed the hack by 91degrees · · Score: 1

    maximum 10 years and a fine of up to $250,000

    Will this mysteriously be changed to a $10 fine and a couple of days in prison?

    1. Re:Hope they fixed the hack by Anonymous Coward · · Score: 0

      There was no hack. It was phishing and social engineering. The vulnerability was entirely human.

  5. missing element by originalGMC · · Score: 1

    What I want to know is, why was this guy Voits trying to hack into the prison? Sure, the report can show what he did (court papers: https://regmedia.co.uk/2017/12... ), but the story is missing the component of why? Why would Voits risk his life, fortune and livelihood to hack into this prison software? Who's record was he after? Was there a person he was specifically targeting to alter their record? The journalists here have found such a juicy headline, but I think they jumped the gun a bit on publishing.

    1. Re:missing element by Anonymous Coward · · Score: 0

      The problem you are describing is very common in generic "non-investigative" journalism today. I see it all the time. Stories come out with very little detail or background, and leave many more questions than answers. Clickbait...

    2. Re:missing element by Anonymous Coward · · Score: 0

      It's quite possible/probable that (keep in mind I did not RTFA), in an effort to not draw attention to themselves, they modified some random schmucks release date to see if the release would actually work (with less risk of getting caught himself). If it did work, they'd either try it next (alone or as part of a bigger group to set up plausible deniability), or sell the service to other inmates.

    3. Re:missing element by mysidia · · Score: 1

      Imagine Step 2.... they could intend to get a rival gang member in prison on some petty charge, and instead of reducing the number of years, increase them, add a "no parole" restriction, or make a false "death penalty" addendum to their file.

    4. Re:missing element by Ungrounded+Lightning · · Score: 1

      ... make a false "death penalty" addendum to their file.

      Not in Michigan - the first sovereign state to have a constitutional ban on the death penalty. (Pre-statehood there was this botched execution, which so disgusted the citizenry that they banned 'em.)

      Note, though, that Michigan gives real multi-decade prison sentences to murderers. Murder is a young man's crime and by the time they get out they aren't young any more.

      As of the last time I knew of the stats (admittedly a couple decades back) there was exactly ONE Michigan convicted murderer, released after completing his sentence, who went on to improperly kill again: He ran a stopsign and squashed a pedestrian.

      --
      Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    5. Re:missing element by hendric · · Score: 1

      Why? Well, reducing the sentence of a random prisoner was the red herring. The real reason he hacked the prison records was to extend the sentences of certain prisoners. Who's going to believe a prisoner in 6 years who says he should be getting out when the computer says he should be doing 20 to life?

      --
      "Though it may take a thousand years, we shall be FREE."
  6. How can anybody get a D in Home Ec? by Joe_Dragon · · Score: 4, Funny

    How can anybody get a D in Home Ec?

    1. Re:How can anybody get a D in Home Ec? by sittingnut · · Score: 1

      wonder how many of current /. readers will get that reference?

    2. Re:How can anybody get a D in Home Ec? by Anonymous Coward · · Score: 0

      mmmm Ally Sheedy

    3. Re:How can anybody get a D in Home Ec? by Anonymous Coward · · Score: 0

      _o/

    4. Re:How can anybody get a D in Home Ec? by antdude · · Score: 1

      Or a F!

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    5. Re:How can anybody get a D in Home Ec? by Anonymous Coward · · Score: 0

      How about a nice game of chess?

  7. more info at 9 by Anonymous Coward · · Score: 0

    http://www.mlive.com/news/ann-arbor/index.ssf/2017/05/defense_requests_computer_spec.html

  8. Cyberocracy by AHuxley · · Score: 2

    Hey, uh... the computer says I actually supposed to be getting out of jail...
    Prison Guard: You're supposed to be in that line.
    [points to the door]
    Prison Guard #2: Hey, guys, the computer says let him out!

    --
    Domestic spying is now "Benign Information Gathering"
    1. Re: Cyberocracy by Anonymous Coward · · Score: 0

      Alright, let this dumbass out.

    2. Re:Cyberocracy by grumling · · Score: 1

      'Cause, I was, you know-
      I was definitely in prison, okay?
      I got sat on my face and everything.

      --
      "Well, good luck finding a judge that doesn't run a bestiality site."
    3. Re:Cyberocracy by KWTm · · Score: 1

      Reminds me of this silly comedy superhero cartoon for 10-year-olds that I happened to get a glimpse of at some restaurant (so I don't know the name of the show or its characters).

      The evil granny-like old lady stole all the merchandise in the store by walking up to the security guard at the door and saying, "Oh, and I have this coupon for : I get everything in the store for free." (shows coupon)
      Guard: "Oh, okay."

      --
      404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
      [GPG key in journal]
  9. Jail is too small by Dan+East · · Score: 2

    The jail only has a capacity of 332. That may sound like a lot, but that is smaller than, say, your typical rural high school Especially when you consider it is two jails in one (the men and women are kept totally separate, so the male capacity may only be 200-250). Changes in the system would be noticed too easily in a jail that small, where there are less employees and it is easier for them to be more familiar with the inmate population.

    --
    Better known as 318230.
  10. I didn't kill my wife by Anonymous Coward · · Score: 0

    I didn't kill my wife

    1. Re:I didn't kill my wife by lannocc · · Score: 1

      Is that you, Mr. Reiser?

      --
      -IOVAR Web Dev Platform
  11. Network segragation by Anonymous Coward · · Score: 0

    Is it just me, or does anyone else feel that the computer with connectivity to the Jail DB info, probably shouldn't be able to connect to the internet. Or, at the very least should have some kind of proxy. Maybe some AV software? assuming this wasn't custom/0 day.

    ah, the human firewall, weakest of all.