Follow us:
  1. Home
  2. News
  3. Privacy

The Weekly Hack: Idaho inmates exploit prison tablets to hack money

The company says it will shut down almost all services until it gets its money back

Photo (c) AlekZotoff - Getty Images
The tablets being provided to inmates in prisons all over the country come with special strings attached. Emails, for instance, can take up to 48 hours to reach their intended destination due to security screenings. The email costs a minimum of 35 cents to send and attaching pictures or exceeding word limits costs extra. Apps and other features designed to appeal to bored inmates all come with their own charges.

The telecommunications giant JPay in recent years has distributed free tablets to tens of thousands inmates with the anticipation that they will spend enormous amounts of money to access the features to make the tablets worthwhile. In New York alone, JPay has predicted that it will earn $8.8 million within two years by giving free tablets to 52,000 inmates in the state.

One enterprising group of inmates in Idaho is now facing punishment for hacking a piece of that pie for themselves. JPay and the Idaho Department of Corrections announced Friday that prison inmates found a vulnerability in their tablets and used it to add $225,000 worth of credits to their own JPay accounts. Most inmates loaded $1,000 or less into their accounts, though one took nearly $10,000. In all, a total of 364 inmates allegedly benefited from the scheme, but only briefly.

After the alleged hack was discovered, JPay announced that it has since recovered $65,000 worth of the credits. Apparently, however, the company needs the inmates’ help to get the rest of its own money back. The firm announced that it is suspending almost all service on the tablets -- everything but email -- until the rest of its money is refunded from the inmates involved in the scheme.

“This conduct was intentional, not accidental. It required a knowledge of the JPay system and multiple actions by every inmate who exploited the system’s vulnerability to improperly credit their account,” an Idaho Department of Corrections spokesman told the Associated Press.

Using a fee-based model to bring the comforts of home to prisoners, the jail communications firm JPay is part of an industry that profits enormously off of inmates, or more likely, their families. The firm also handles prison phone calls that used to cost as much as $14 per minute (until the FCC capped prison phone fees under the Obama administration) and commissary accounts in which family members have been charged fees as high as 45 percent of whatever amount they were sending to the inmate.

JPay also handles many of the debit cards that inmates are given upon release from prison to help pay for getting home. But the money in those cards often becomes inaccessible without explanation or is whittled away by various fees, one lawsuit contends.

JPay was purchased by Securus several years ago, another jail telecommunications giant that profits from high fees. Securus in recent years has successfully lobbied some counties to replace in-person jail visits with costly video visitation systems. Securus, which reportedly lets cops track phone calls in real time, has also proven to be vulnerable to hackers.

Even if the money is not returned, JPay will probably come through this theft just fine. Numerous advocacy groups have described the jail communications industry as one that benefits from having a monopoly in whatever facility in which they are operating.

Jail communications “often do not result in stronger lines of communication at all,” the Electronic Frontier Foundation has said. “Many communications services are offered under unfair terms and with artificially inflated fees that are only possible because the services operate monopolies at each prison or jail.”

Voting machine vendor admits vulnerability

In other hacking news, the nation’s largest provider of electronic voting machines recently admitted in a letter to a Senator that it installed remote-access software on some of its machines. Experts agree that such software is known to be widely vulnerable to hacking.

Voting machines in particular were expected to be completely disconnected from the internet or any remote internet activity.

What’s more, the firm, called Election Systems and Software, previously denied using such technology. The company reportedly now claims that it stopped using the remote software in 2007.  

Take an Identity Theft Quiz

Get matched with an Accredited Partner

    Share your comments