This Is What Happens When You Try to Hack Your Friend Out of Jail

Forget about everything you've seen in the movies.

Because in this case, there was no one sneaking around the prison grounds or trying to stay out of that blaring spotlight that seems to be a requirement of every jailbreak on the big screen.

This escape attempt played out on the small screen.

As in, the computer that 27-year-old Michigan resident Konrads Voits was using in a hacking attempt to get his friend out of jail. And he nearly got away with it. Only a re-check of paper records foiled his work.

Voits pleaded guilty and was just sentenced to seven years in jail and more than $230,000 in restitution.

He was on the wrong side of InfoSec, but what he orchestrated as a cyber lone wolf is a sign of what security teams are up against on a grand scale.

According to the U.S. Attorney's Office in Eastern Michigan, here is what Voits was able to do:

• Executed a spearphishing scheme; he used both email and phone calls to contact Washtenaw County employees
• Created a spoofed version of the county website as part of the phishing campaign
• The scheme worked and he was able to access the county computer network through compromised credentials
• He moved within the network to take "the names, addresses, emails, and passwords of many former and present Washtenaw County employees"
• Accessed county jail records and changed the release date of a friend to get him out early

A county employee checked computer records against paper records, and that is when the "hacked" release date was discovered and the investigation revealed what had occurred.

This is the kind of scenario SecureWorld wants to help InfoSec leaders avoid. Register for our complimentary web conference "Securing the Human Layer," which is coming up on May 16th. The intersection of cyber and physical security is happening now, as this story illustrates.

No matter how much security technology we purchase, we still face a fundamental security problem: people.