Hacker who almost sprung a prisoner out of jail is himself imprisoned for seven years

He tried to jailbreak someone, and now he’s become the prisoner himself.

Hacker who almost sprung a prisoner out of prison is himself jailed for seven years

In early 2017, Konrad Voits of Michigan, successfully tricked IT staff at Washtenaw County into visiting a webpage on the domain ewashtenavv.org (note the two v’s at the end of that URL), instead of the legitimate website at ewashtenaw.org.

That bogus webpage installed malware onto IT staff’s computers that ultimately gave Voits complete control over the Washtenaw County network. Voits was able to steal the names, addresses, emails and passwords of former and present County employees.

However, what has caught everyone’s imagination is not yet another case of computer-assisted fraud, but rather Voits attempt to have a prison inmate released early by altering Washtenaw County Jail records.

Sign up to our free newsletter.
Security news, advice, and tips.

Fortunately, jail employees realised that the inmate’s hacked records were incorrect and nobody was released early. Meanwhile, the FBI was soon on the trail of the perpetrator.

You can hear more about the case in an episode of the “Smashing Security” podcast we recorded in late 2017.

Smashing Security #056: 'Peeping Toms, prison hacks, and parliamentary passwords'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...

A judge has now sentenced Voits to a not insignificant 87 months in a federal jail for the hack, and ordered him to pay $235,488 in restitution to the county for costs associated with investigating and responding to the security breach.

87 months. That’s seven years and three months. By anyone’s standards that’s a hefty sentence and likely to cast a long shadow over the rest of Voits’s life, impacting his innocent family and friends as well as his own future career prospects.

Many of us are technically savvy enough to register and create bogus domains, and create or purchase malware to take remote control of someone else’s computer systems. We may even have the brass to call up our victims or send them emails, tricking them into visiting a particular URL to launch an attack.

But just because something is possible doesn’t mean we should do it. I hope cases like Voits’s will warn others to think more carefully about the potential consequences of their actions, and act more ethically in future.

After all, it’s possible that Voits may now get out of prison long after the friend he tried to bust out. What a waste.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.