Nearly 364 inmates of the Idaho Corrections Department in the United States, hacked into the tablet system and transferred to their bank accounts nearly 225,000 dollars. These prisoners had access to computer tablets marketed by the American company JPay whose data and communication services are provided by CenturyLink. These tablets were intended for entertainment, practical and educational purposes, namely to play, buy and listen to music but also to communicate and send emails outside.
The inmates simply took advantage of a breach in the JPay tablet software to transfer the money to each other. Furthermore, the operation required prior knowledge of the JPay system and simultaneous action by the detainees. JPay eventually pre-recovered a portion of the credit (about 65,000 dollars) and suspended all entertainment services for the inmates.
This case of cyberattacks may seem unusual, but the threat is very real when it comes to using connected objects and exploiting vulnerabilities in any system. Indeed, cases of prison hacking by detainees have already occurred. Computers in prison are even more coveted because they contain major information about prisoners and the prison (information about the sentences incurred, about the prisoners themselves…) and can serve as a means of pressure. In 2017, prisoners from an Ohio prison hacked into the prison’s camera network. In another case, in December 2017, a man was caught hacking into a prison computer to modify a friend’s file in order to obtain his early release. Convicted, he is currently serving a seven-year sentence.