Hacker who almost sprung a prisoner out of jail is himself imprisoned for seven years

Graham Cluley

Hacker who almost sprung a prisoner out of prison is himself jailed for seven years

Hacker who almost sprung a prisoner out of prison is himself jailed for seven years

In early 2017, Konrad Voits of Michigan, successfully tricked IT staff at Washtenaw County into visiting a webpage on the domain ewashtenavv.org (note the two v’s at the end of that URL), instead of the legitimate website at ewashtenaw.org.

That bogus webpage installed malware onto IT staff’s computers that ultimately gave Voits complete control over the Washtenaw County network. Voits was able to steal the names, addresses, emails and passwords of former and present County employees.

However, what has caught everyone’s imagination is not yet another case of computer-assisted fraud, but rather Voits attempt to have a prison inmate released early by altering Washtenaw County Jail records.

Fortunately, jail employees realised that the inmate’s hacked records were incorrect and nobody was released early. Meanwhile, the FBI was soon on the trail of the perpetrator.

You can hear more about the case in an episode of the “Smashing Security” podcast we recorded in late 2017.

Smashing Security #56: 'Peeping Toms, prison hacks, and parliamentary passwords'

Listen on Apple Podcasts | Google Podcasts | Other... | RSS
More episodes...

A judge has now sentenced Voits to a not insignificant 87 months in a federal jail for the hack, and ordered him to pay $235,488 in restitution to the county for costs associated with investigating and responding to the security breach.

87 months. That’s seven years and three months. By anyone’s standards that’s a hefty sentence and likely to cast a long shadow over the rest of Voits’s life, impacting his innocent family and friends as well as his own future career prospects.

Many of us are technically savvy enough to register and create bogus domains, and create or purchase malware to take remote control of someone else’s computer systems. We may even have the brass to call up our victims or send them emails, tricking them into visiting a particular URL to launch an attack.

But just because something is possible doesn’t mean we should do it. I hope cases like Voits’s will warn others to think more carefully about the potential consequences of their actions, and act more ethically in future.

After all, it’s possible that Voits may now get out of prison long after the friend he tried to bust out. What a waste.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES