Prisoners in five Idaho correctional institutions hacked JPay tablets for almost a quarter million dollars in credits, the Associated Press reported. In all, 364 inmates allegedly exploited the tablet’s software for $225,000.
JPay handheld computer tablets supplied to Idaho prisoners provide a means to email families and friends, video chat, watch educational videos, and download and play purchased games and music. The tablets, which are supplied by contract with CenturyLink and JPay, do not allow internet access.
Family and friends can use JPay to transfer funds to inmates to use as credits for the JPay system. JPay and CenturyLink say the prisoners exploited a software vulnerability to bump up their credit balances.
CenturyLink spokesperson Mark Mozen said the vulnerability has been resolved, but the company won’t provide details it considers proprietary information.
In a statement, JPay spokesperson Jade Trombetta said: “JPay is proud to provide services that allow incarcerated individuals to communicate with friends and family, access educational programming, and enjoy positive entertainment options that help prevent behavioral issues.
“While the vast majority of individuals use our secure technology appropriately, we are continually working to improve our products to prevent any attempts at misuse.”
Fifty of the 364 accumulated more than $1,000 in credits, said Idaho Department of Corrections spokesperson Jeff Ray. One inmate had almost $10,000 in hacked credits.
Ray said a special investigations unit discovered the problem earlier this month. Ray also stated that no taxpayer dollars were involved in the thefts.
“This conduct was intentional, not accidental. It required a knowledge of the JPay system and multiple actions by every inmate who exploited the system’s vulnerability to improperly credit their account,” Ray said in a statement.
Inmates involved in the hacking activity can still send and receive emails, but their ability to download games and music has been cut off until they make good on the thefts. To date, JPay has recovered more than $65,000 in credits.
The Department of Corrections filed disciplinary offense reports onthe alleged hackers. The inmates could potentially lose prison privileges and be reclassified to higher risk levels.
Prisons in the United States have four major purposes: retribution, incapacitation, deterrence, and rehabilitation. Education is an essential element of inmate rehabilitation, but teaching prisoners how to hack computer systems was never part of the plan.
