Skip Navigation

Critical Infrastructure News


How a hack almost sprung a prisoner out of jail

We’re all hopefully familiar with the notion that criminals can phish details from unsuspecting computer users by creating copycat websites.

To make a phishing page appear more legitimate a scammer might create a domain with a similar looking URL – for instance, rather than (hint: if you didn’t notice, the first “appIe” had a capital “i” in its name rather than an “l”.)

But would it surprise you to hear that similar devious URL trickery could also potentially help a hacker spring one of his buddies from prison?

Last week, Konrad Voits from Ann Arbor, Michigan, pleaded guilty to breaking into the computer systems of Washtenaw County in an attempt to – ultimately – extract an inmate from the prison system.

The 27-year-old hacker’s plan hinged upon the creation of a website called (note the two “v”s at the end), designed to look like the genuine website for Washentaw County,

In early 2017, Voits sent emails to County employees claiming to be a “Daniel Greene” and requesting help with court records. He also phoned employees posing as actual members of the County’s IT staff, in an attempt to trick workers into visiting the bogus website in order to “upgrade the County’s jail system”, but which would actually result in the installation of malicious code.

Unfortunately, some staff fell for Voits’s trick, and malware was installed on the County network.

With that bridgehead in place, Voits was able to gain full access to the County’s systems, including the passwords, usernames and personal information of 1600 employees, but also – most interestingly – the XJail software it used to monitor and track jail inmates.

With the login credentials to the prison management system in his hands, Voits attempted to change the records of one prisoner to arrange their early release.

It’s at this point that the County’s luck changed. Employees at Washtenaw County Jail spotted that something strange was afoot, alerted the FBI, and no prisoners managed to be released early as a result of the hack.