A Michigan man by the name of Konrads Voits pleaded guilty to hacking Washtenaw County’s computer network and changing the Washtenaw County Jail records, with the intent to help a friend get released early from jail.
Unfortunately for him, his fiddling with the inmate electronic records was spotted, an FBI investigation was mounted, and it led back to him. He was arrested on March 10, 2017, in his apartment.
According to MLive, Voits was sitting at his computer when officers entered, and when he was arrested, they caught a glimpse of his screen – a computer log showing an internal IP address belonging to Washtenaw County, which he did not have authorization to access.
According to the plea agreement, Voits registered the domain name of ewashtenavv.org on January 24, 2017. The name of the domain contained two “v”s instead of a “w” at the end – the intent was to fool County employees into thinking it was a legitimate domain name for the County.
“Subsequently, between February 14-16, 2017, Voits sent emails to County employees falsely representing that he was a ‘Daniel Green’ and that he needed help with some court records. Between February 20-22, 2017, Voits called County employees over the phone, falsely representing that he was either ‘T.L.’ or ‘A.B.’, actual County Information Technology (IT) employees,” the plea agreement states.
“During these email communications and phone conversations, Voits attempted to get the County employee to click on a hyperlink which connected to the fraudulent website containing malware, or informed the County employees that he needed the employee to type a domain name into his/her browser, for the purpose of downloading an executable file to supposedly ‘upgrade the County’s jail system.'”
Some of the targets followed the directions, and Voits also managed to obtain remote login information from one of the employees. He then installed malware on the County’s network.
He was able to gain full access to the network, as well as access to sensitive County records such as the XJail system (the program for monitoring and tracking County Jain inmates), search warrant affidavits, and personal information (including passwords) of over 1600 County employees.
Finally, in March, he accessed the County Jail records of several inmates and altered the records of at least one of them.
The County says that breach investigation and remediation efforts cost them at least $234,488, but they assure that no inmates were released early due to the hack.
For damaging a protected computer, Voits is now facing a maximum penalty under federal law of 10 years’ imprisonment and a $250,000 fine. He will also have to pay restitution to Washtenaw County for the losses they incurred due to his incursion.