A man from Michigan has hacked into the computer system of his local prison to alter the records of a friend in order to secure his early release. After his early spear-phishing attempts failed to fool staff into giving him access to court records, he succeeded in persuading a handful of court employees to visit his bogus website by masquerading as an IT manager at the County Jail. The website, which was designed to look like the county’s official online portal, was laced with malware, through which he harvested one employee’s remote log-in details – which was all he needed.
He then secured access to sensitive data and personal details of over 1600 staff via the jail’s computer system. This allowed him to manipulate the criminal records of a number of prisoners, and to alter his mate’s release date.
Unfortunately for both parties, prison staff quickly spotted the alteration and called in the Feds, who arrested the hacker. He now faces a stiff prison sentence himself, plus a heavy fine. The jail has appointed a cybersecurity firm to make its IT systems more secure – and presumably to offer awareness training to its staff.