Modern-day prison heists
It was a story bound to get attention the world over.
Inmates from across five separate prisons in Idaho in the US had managed to hack their prison-issued tablets.
They then boosted their credit limits with which they pay to communicate and consume online content.
In total, 364 inmates had boosted their credit limits by a combined amount just short of $250 000.
The prisoners had exploited a vulnerability in the tablets’ software to do this. (Prison officials in Idaho were quick to point out that no taxpayer money was involved in the theft.)
Various news reports have suggested that some prisoners managed to boost their online credits by as much as $9 990, while over 50 managed to boost their credits by over $1 000.
This story made me think.
I wondered if these inmates have ever done any hacking while on the outside, or if these hacking skills were new to their repertoire.
The thing they say about prisons is that if you weren’t a career criminal when you went in, you will be by the time you get out.
“Prison is a recruitment centre for the army of crime,” wrote philosopher Michel Foucault.
Or, as US crime academic Jack Levin said, “Building prisons to fight crime is like building cemeteries to fight disease.”
Are more hackers being jailed, and does this mean that hacking skills are on the rise in prisons?
The various news stories on the heist reported that the tablet service was offered to prisoners and prisons in the US by a company called JPay, which in Idaho, has partnered with IT company CenturyLink, to offer their services.
The two companies insisted that the JPay vulnerability was now fixed, but would not elaborate on how the credit limits were artificially increased.
JPay’s tablets allow inmates access to email, money transfers, the ability to listen to music, use video chat, purchase eBooks and stamps, and play games, for which they charge fees.
On its website JPay advertises the JP5 tablet as “the next generation of corrections-grade tablet computing”.
JPay’s pitch is that having one of these tablets helps your loved ones “pass the time, keep engaged and stay connected to you”.
JPay began offering services to prisons and inmates in 2002 and has a presence in prisons across 35 states in the US.
Idaho’s department of corrections spokesperson, Jeff Ray, insists that the hacking required “knowledge of the JPay system” and multiple actions by every inmate who “exploited the system’s vulnerability to improperly credit their account”.
Disciplinary action is being taken against the inmates and just over $65 000 of the ill-gotten credits has so far been recovered.
Searching for previous examples of daring prison hacks, it is hard to move past Konrads Voits of Ypsilanti, Michigan.
Voits had the audacity to hack the Washtenaw County Jail computer system in early 2017 and modified prison records to get his friend released early.
He also managed to install malware on the jail’s IT staff computers, which gave him complete control over the jail’s network.
However, Voits’ modified prison records were picked up when checked against manual ones and the FBI soon had him cornered.
In April this year, Voits was sentenced to seven years and three months in prison for his efforts.
He has also been ordered to pay a fine of $235 488 to Washtenaw County for the costs incurred in investigating and cleaning up his hack.
But my favourite story of a prison hack is one from 2015, where the prisoners didn’t just hack computers – they built their own.
Inmates at the Marion Correctional Institution north of Columbus in Ohio built their own computers from spare parts and hid them in the ceiling of the jail.
The spare parts came from a prison programme for inmates, whereby obsolete computers were disassembled, and parts returned to the contractor.
With these computers they managed to hack into the prison’s network, getting up to all kinds of mischief.
The prison was only tipped off when someone picked up that one of the computers on the network had exceeded its daily internet usage threshold.
Are these prison hack stories just the first wave of a new phenomenon that will become as commonplace as ransom hacks have become in 2018?