In early 2017, Konrad Voits of Michigan, successfully tricked IT staff at Washtenaw County into visiting a webpage on the domain ewashtenavv.org (note the two v’s at the end of that URL), instead of the legitimate website at ewashtenaw.org.
That bogus webpage installed malware onto IT staff’s computers that ultimately gave Voits complete control over the Washtenaw County network. Voits was able to steal the names, addresses, emails and passwords of former and present County employees.
However, what has caught everyone’s imagination is not yet another case of computer-assisted fraud, but rather Voits attempt to have a prison inmate released early by altering Washtenaw County Jail records.
Fortunately, jail employees realised that the inmate’s hacked records were incorrect and nobody was released early. Meanwhile, the FBI was soon on the trail of the perpetrator.
You can hear more about the case in an episode of the “Smashing Security” podcast we recorded in late 2017.
A judge has now sentenced Voits to a not insignificant 87 months in a federal jail for the hack, and ordered him to pay $235,488 in restitution to the county for costs associated with investigating and responding to the security breach.
87 months. That’s seven years and three months. By anyone’s standards that’s a hefty sentence and likely to cast a long shadow over the rest of Voits’s life, impacting his innocent family and friends as well as his own future career prospects.
Many of us are technically savvy enough to register and create bogus domains, and create or purchase malware to take remote control of someone else’s computer systems. We may even have the brass to call up our victims or send them emails, tricking them into visiting a particular URL to launch an attack.
But just because something is possible doesn’t mean we should do it. I hope cases like Voits’s will warn others to think more carefully about the potential consequences of their actions, and act more ethically in future.
After all, it’s possible that Voits may now get out of prison long after the friend he tried to bust out. What a waste.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.