A man who broke the prison system to change the release date of an associate was taken to prison today. Konrads Voits, a hacker from Michigan, will have to serve seven years and three months.
As he says Bleeping Computer, Voits tried to access inmate records in order to get an associate released early.
27 will also have to pay 235.488 dollars as a fine for the full cost of investigating and coping with the violation.
According to the Voits indictment, issued in December of 2017, from January to March of the same year, the hacker was trying to release a prisoner.
Voits started with social engineering trying to get prison staff to visit the ewashtenavv.org domain, changing the “w” to the actual prison website domain ewashtenaw.org in an attempt to make it look like the normal one.
The malicious domain was a complete copy of the actual prison website, but contained malware. The hacker was talking to the prison staff, disguised as "Daniel Greene" and asking for help with the "court records", demanding that the staff visit the fake website.
The spear-Phishing intended to entice prison staff to visit the malicious domain and download malicious applications onto the detention shop computers, but failed.
Viots was undeterred. He later sent an email to the prison, pretending to be personal information technologys that was upgrading the prison systems. Voits again asked prison officials to visit the malicious domain and download executable "upgrade" files that contained malware.
This time he succeeded: He managed to install malware on prison systems and was able to collect information, such as the login credentials, emails and personal information of 1600 employees.
Voits also managed to acquire access in the XJail system, an internal application for inmate records. In March, he changed the records of at least one inmate through XJail.
However, the hacker underestimated prison staff. The violation was detected almost immediately, and the malicious file was corrected immediately. At the same time, the FBI was notified to locate the attacker.
"Voit's intrusion forced the county to hire a company to deal with such incidents to determine the full extent of the breach, restore files, verify the accuracy of the electronic records of almost all inmates and try to reassure its 1600 employees. whose personal data had been leaked ", says the indictment.
"Hopefully, after his release, Voits will be able to use his tremendous skills to make our society a better place."
- Yahoo: fine 35 million dollars to hide the hack
- Fake News: No political intervention, to solve those who created it