For anyone who commits cyber crime they run the risk of getting to call a prison cell home for an extended period of time. One would figure that as heavily monitored and controlled as prison can be that there would be little chance of any cyber crime being committed from behind bars. If you did believe that then think again.

Hacking can take place behind bars

Prisoners in the state of Idaho were found to have been able to exploit a vulnerability in the J-Pay system to credit their prison accounts by about $1,000. One prisoner was so bold they applied almost $10,000 to their account. In total 364 inmates across 4 different facilities falsely credited their accounts a total of $225,000.


J-Pay is a system that provides inmates with access to the outside world. Family members or friends of an inmate purchase a tablet for them (or it can be provided by the company in some cases) to help keep the inmate connected to family and friends and to just pass the time looking at photos or videos. Revenue is generated by J-Pay in the form of credits. Inmates use credits to use email, buy music, eBooks, stamps and play games. The tablet also provides access to educational materials useful in rehabilitation.

They work with a kiosk installed in the living area or common spaces that sync the tablet with what is purchased. Some units are wi-fi enabled as well. A FM radio, a calculator, stopwatch and earbuds are built in or included. Units are available at select prisons in 35 states and the District of Columbia.

As long as technology and the Internet is involved…

What vulnerability was exploited was not made public and it seems that once it was discovered by the inmates it was very cleverly and clandestinely passed to inmates at other facilities. No actual money was transferred or lost, only credits applied to accounts. This could only have been done by someone highly skilled with computers and with knowledge of the J-Pay system. One does have to wonder though if they thought no one would notice.

The vulnerability has been fixed according to the company but both the company and its providers are being incredibly tight lipped about it, which should not be a surprise. $65,000 worth of the stolen credits have been recovered and the prisoners who received them have been suspended from downloading anything until all losses are repaid. Of course those inmates also face internal punishment as well as new charges.

It is commonly known that many criminals learn more about their nefarious craft in prison than on the outside. Who would have thought that they could learn about computer hacking on the inside?

Comments are closed.

Scroll to Top