[BreachExchange] Prison hacker who tried to free friend now likely to join him inside

Audrey McNeil audrey at riskbasedsecurity.com
Tue Dec 5 20:14:02 EST 2017


https://www.theregister.co.uk/2017/12/04/prison_hacker_pleads_guilty/

A Michigan man who hacked into his local prison's computing system to gain
early release for a friend is facing his own time inside after getting
caught.

Konrads Voits, 27, pled guilty to hacking charges after installing malware
on the Washtenaw County government computer system in an attempt to get a
friend released early from prison. The attempt was unsuccessful and the
police caught him, ensuring that he may well be joining his mate in the Big
House.

"Cyber intrusions affect individuals, businesses and governments,"
saidUnited States Attorney Daniel Lemisch.

"Computer hackers should realize that unlawfully entering another's
computer will result in a felony conviction and a prison sentence. We
applaud the dedication of so many hard-working law enforcement officers to
take away this man's ability to intrude into the computer systems of
others."

According to court documents [https://regmedia.co.uk/2017/12/04/voits.pdf]
Voits set up a phishing domain ewashtenavv.org, mimicking the Washtenaw URL
but using a double v instead of a w in January. He then pinged county
employees using email from the domain claiming to be Daniel Greene and
directing staff to a malware-laden site.

Voits also called up staff pretending to be a county IT manager. He used
social engineering to get several staffers to download an .exe containing
malware, claiming it was an upgrade.

In a sustained campaign, Voits managed to get the login details and
passwords for 1,600 county employees, including for the Xjail computer
system that is used to track inmates. By March he had the logins to the
prison management system and tried to amend the records of one inmate to
arrange their early release.

His tinkering raised red flags, however, and the authorities moved in. Once
Voits' meddling was discovered, inmate records were fixed and the county
called in computer forensics, spending $235,488 to fix the mess.

Voit has agreed to a plea deal and faces up to 10 years inside with a fine
of $250,000 when he is sentenced in April. He's unlikely to receive the
maximum sentence however. He also agreed to give up his laptop, four
cellphones, and an undisclosed number of Bitcoin.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171205/32da9bd8/attachment.html>


More information about the BreachExchange mailing list