A 27-year old hacker who compromised county jail systems in his attempt to change the release dates of an associate has now been sentenced to seven years in federal prison.
According to his guilty plea, 27-year-old Konrads Voits of Ypsilanti will serve three years of supervised release in federal prison after admitting to engaging in a social engineering campaign to hack the Washtenaw County Jail’s computer systems between January and March 2017.
The hacker initially engaged in a spear-phishing campaign by sending county employees emails to lure them onto the domain ‘ewashtenaav.org’, a near carbon copy of the county’s official website ‘ewashtenaw.org’, with the ‘w’. Although the email campaign was unsuccessful, Volts later tricked county jail employees into installing a fake executable file by posing as a member of the jail’s IT staff.
The executable file contained malware that enabled Voits to gain access to the jail’s computer system. Further, the hacker also admitted to using the malware to collect and steal passwords, usernames, emails and other personal information belonging to over 1,6000 county employees.
However, the plan came apart after the hacker accessed XJail, the county’s inmate management application. His intrusion was detected after he modified the data of one prisoner in an attempt to have the inmate released earlier.
The tampered record was corrected and the FBI was called in to help alongside a cybersecurity firm to conduct a forensics analysis of the intrusion.
“Voit’s intrusion compelled the county to hire an incident response company to determine the full extent of the breach, to reimage numerous hard drives, to verify the accuracy of the electronic records of nearly every then county jail inmate, and to attempt to reassure the 1600 county employees whose personal data had been compromised by purchasing an identity theft program for county employees,” the plea agreement states.
Voits was arrested last summer and he plead guilty in December 2017.
Image credit: Pexels.