Hacker Known as "GhostExodus" Sentenced to More Than Nine Years in Federal Prison

Categories: Crime
ghostexodus.jpg
From Jesse McGraw's video "Post July 4th Infiltration," posted before his intended attack on the hospital's computer system
For those who do not recall the name Jesse William McGraw, a brief refresher: He's the 26-year-old Arlington man Formerly Known as GhostExodus of the Electronik Tribulation Army who was arrested in June 2009 for hacking into 14 computers at the W.B. Carrell Memorial Clinic on N. Central Expressway, where he worked as a night-shift security guard. According to the feds, McGraw broke into computers containing patient info and those operating the HVAC and intended to "use his compromised systems to commit additional crimes on or before July 4, 2009, a date that McGraw, according to the affidavit, called 'Devil's Day.'" McGraw, who was indicted one month later, was brought down by posting his exploits to YouTube, where they were discovered by Mississippi State University computer science student Wesley McGrew.

In May of last year, McGraw pleaded guilty to an indictment charging him with two counts of transmitting a malicious code; the feds said he "admitted that he intended to use the bot to launch a denial of service attack on the website of a rival 'hacker' group," that rival being none other than Anonymous.

Yet in a letter he sent me from the Federal Correctional Institution in Seagoville at the end of last year, McGraw insisted he was guilty of no such thing: "Sure, I've done my share of juvenile posturing," he wrote, "but I've never tampered with patient records, turned off an HVAC, stolen identities, or people's hard earned money." He wrote that "hackers are policeing [sic] the internet," and that "E.T.A. helped a lot of innocent victims that Anonymous has terrorized."

But the U.S. Attorney's Office just sent word: McGraw was sentenced late yesterday by U.S. District Judge Jane J. Boyle to 110 months on each of the two counts, to be served concurrently. Says the release, which follows in full: "In reaching this sentence, Judge Boyle cited the need for those who commit computer crimes to understand the potentially devastating consequences of their actions, to promote respect for the law, and to deter others involved in or contemplating hacking. Judge Boyle ordered McGraw to make restitution to the occupants in the building affected by his criminal conduct, specifically the W.B. Carrell Memorial Clinic, the North Central Surgery Center, and the Cirrus Group."

The feds' lengthy recap follows.
FORMER SECURITY GUARD, WHO HACKED INTO HOSPITAL'S COMPUTER SYSTEM, IS SENTENCED TO 110 MONTHS IN FEDERAL PRISON

Defendant Posted Video of Himself Compromising a Hospital's Computer System on YouTube

DALLAS -- Jesse William McGraw, a former contract security guard at the North Central Medical Plaza on North Central Expressway in Dallas, who admitted hacking into that hospital's computer systems, was sentenced late yesterday afternoon by U.S. District Judge Jane J. Boyle to 110 months on each of two counts, to be served concurrently, announced U.S. Attorney James T. Jacks of the Northern District of Texas. In reaching this sentence, Judge Boyle cited the need for those who commit computer crimes to understand the potentially devastating consequences of their actions, to promote respect for the law, and to deter others involved in or contemplating hacking. Judge Boyle ordered McGraw to make restitution to the occupants in the building affected by his criminal conduct, specifically the W.B. Carrell Memorial Clinic, the North Central Surgery Center, and the Cirrus Group.

In May 2010, McGraw, a/k/a "Ghost Exodus," 26, of Arlington, Texas pleaded guilty without a plea agreement to an indictment charging two counts of transmitting a malicious code. He has been in custody since his arrest in June 2009.

During his 11:00 p.m. to 7:00 a.m. shift at the North Central Medical Plaza, McGraw gained physical access to more than 14 computers, including a nurses' station computer on the fifth floor and a heating, ventilation and air conditioning (HVAC) computer located in a locked room. The nurses' station computer was used to track a patient's progress through the Carrell Memorial Clinic and medical staff also used it to reference patients' personal identifiers, billing records and medical history. The HVAC computer was used to control the heating, ventilation and air conditioning for the first and second floors used by the North Central Surgery Center.

McGraw installed, or transmitted, a program to the computers that he accessed that allowed him, or anyone with his account name and password, to remotely access the computers. He also impaired the integrity of some of the computer systems by removing security features, e.g., uninstalling anti-virus programs, which made the computer systems and related network more vulnerable to attack. He also installed malicious codes (sometimes called"bots") on most of the computers. Bots are usually associated with theft of data from the compromised computer, using the compromised computer in denial of service attacks (DDoS), and using the computer to send spam. McGraw knew his actions would damage the security and integrity of the computers and computer systems. McGraw was the self-proclaimed leader of a hacking organization called the "Electronik Tribulation Army" (ETA). He advocated compromising computers and computer systems in instructions that he posted online for members of the ETA and other individuals interested in engaging in computer frauds and participating in DDoS attacks.

In this case, McGraw admitted that he intended to use the bots and the compromised computers to launch DDoS attacks on the websites of rival hacker groups. ETA's rival hacker groups included "Anonymous," the hacker group currently claiming responsibility for attacks against PayPal and others in support of Wikileaks.

On Feb.12, 2009, McGraw abused the trust placed in him and bypassed the physical security to the locked room containing the HVAC computer. At approximately 11:35 p.m., he began downloading a password recovery tool from a website, which he used to re-recover passwords. By Feb. 13, 2009, at approximately 1:19 a.m., McGraw, again without authorization, physically accessed the HVAC computer and inserted a removable storage device and executed a program which allowed him to emulate a CD/DVD device. He remotely accessed the HVAC computer five times on April 13-14, 2009.

On April 28, 2009, at about 1:45 a.m., McGraw abused the trust placed in him as a security guard and accessed without authorization a nurses' station computer. McGraw made a video and audio recording of what he called his "botnet infiltration." While the theme of "Mission Impossible" played, McGraw described step by step his conduct, accessing without authorization an office and a computer, inserting a CD containing the OphCrack program into the computer to bypass any passwords or security, and inserting a removable storage device into the computer which he claimed contained a malicious code or program. The FBI found the CD containing the OphCrack program in McGraw's house and found the source code for the bot on his laptop.

McGraw was aware that modifying the HVAC computer controls could affect the facility's temperature. By affecting the environmental controls of the facility, he could have affected the treatment and recovery of patients who were vulnerable to changes in the environment. In addition, he could have affected treatment regimes, including the efficacy of all temperature-sensitive drugs and supplies.

He was also aware that the nurses' station computer was used to access and review medical records. While he claims that he did not review or modify patient records, and the government is not aware of any evidence to the contrary, by gaining administrator access to these computers he would have had the ability to modify these records.

The case was investigated by the FBI and the Texas Attorney General's Criminal Investigation Division. Assistant U.S. Attorney C. S. Heath prosecuted.

My Voice Nation Help
30 comments
Security Guards Houston
Security Guards Houston

    I admire what you have done here. I love the part where you say you are doing this to give back but I would assume by all the comments that is working for you as well. Do you have any more info on this?

MortgageGuy
MortgageGuy

If you walked in to your mother's hospital room and saw some kid tempering with the controls, you'd shoot him first, THEN demand he go to prison, whether he caused any harm or not. If you walked into your home office and saw some kid rifling through your papers to get the password to your safe, you'd have him arrested even if he swore he wasn't going to use it. This kid is the new breed of criminal / terrorist. Nobody builds a bomb unless they plan to blow something up. Nobody hacks a computer without a plan to cause harm.

TheRealDirtyP1
TheRealDirtyP1

This does seem like an abuse of justice. I wouldn't say this deters anyone from hacking, I'd say it pisses people off and makes them more guarded so they don't get caught. I'm guessing on this one, but I'm thinking people that do real damage, identity theft, get less than what this guy is getting.

Defiance
Defiance

110 months in a federal prison? That's absolutely ridiculous. No one was harmed by his mischief. Yes, the kid lacks judgement and he acted against his own best interests for most of the case but 9 years? This isn't justice.

Freeside
Freeside

it's sad that they can't secure their computers ...

Todd Loren Sinclair
Todd Loren Sinclair

Seems like pretty harsh punishment for something that caused no damage .... I mean a 14 computer botnet ... that borders on embarrassing ... and it isn't going to bring anyone's server down. This is more mischief than crime!

Naxius2000
Naxius2000

The guy was low time, about as l33t as potatoes. He is to hacking as caveman are to Rocket Ship building. ETA in general are good at the Google search, but as for originality or custom code, my gutter outside does better.

Oak Cliff Townie
Oak Cliff Townie

Hacking and then bragging about it ?How about 5 years for being DUMB !

Me
Me

according to this link, http://www.mcgrewsecurity.com/..., McGraw was only looking at 6 years from the Feds until he reneged on his plea and then had his buddies try destroying evidence for him while he was in jail, earning him extra time. Looks like he should have stuck with his original deal.

Izabela Wojcik
Izabela Wojcik

Just reading this story makes me want to vomit! Isn't it funny that no one (except Bernie Madoff; and the only reason he did is because his clients were rich and famous) went to jail for the financial mess the ENTIRE WORLD is currently in... but this little goober goes to FEDERAL PRISON.

WHAT A BUNCH OF CRAP! (and the sad part? No matter how many times we say it, and no matter how many people write about it... no one is going to do anything about this)

Cowtown
Cowtown

I wonder what nickname McGraw's new friends in the federal pen will give him? Probably not "Ghost Exodus". Maybe he can post youtube clips of his sodomizations. His parents will be very proud.

Vanessa
Vanessa

Maybe you would have them arrested. I personally, would not. Not unless they are threatening physically. Just get them out of there.

Sometimes you can't help what is stolen. Usually however, it is someones carelessness that caused their information to be breached. It sucks. However it is no reason to send them to federal prison. Just because you are angry doesn't justify locking someone in a cage for a non violent crime.

This thought process is frightening to me. Just like the top comment where the commenter feels like it is okay for prisoners to be raped.

I suggest doing some research into the matter and see who is really filling up our prisons, and then proceed to tell me it is justified.

beefstroker
beefstroker

hes allready spent 2 years locked up, I think time served with a 3 year probation would have been more appropriate than punishing him for "damage he could have done" or simply "to send a message to other hackers"

Oak Cliff Townie
Oak Cliff Townie

Even a well protected Intranet can be open to attack due to carelessness when an individual keeps their pass word somewhere in or on their desk.

Kind of like leaving keys in a car.

beefstroker
beefstroker

watch your mouth motherfucker, we see you

beefstroker
beefstroker

Watch your mouth or you might end up full of nigger dicks"

Alexondamic
Alexondamic

Obviously aren't familiar with the legal and financially respectable occupation of 'Computer Security'

beefstroker
beefstroker

He refused to become a snitch and the feds cried like babies with a shitty diaper. Get your facts right asshole, and Im his buddy, and he asked me to do no such thing bro. come at me.

Iiiears
Iiiears

If an exploit gets press you get prison.You picked the wrong analogy. Why not Iraq invasion and Bush Jr?Seriously, He put lives at risk and should be jailed.

Alexondamic
Alexondamic

and we'll all just 'like it' and 'wish' we could do something...im not gonna do anything about it. but im willing to if a situation that would make it most convenient would arise

Mavent
Mavent

I find it interesting that people like you are so obsessed with "prison sodomization". Working through a secret fantasy, Cowtown?

steve
steve

Or the normal, give the security guard way too much access to the system and 15-minutes anyone with some experience in highschool has full access, shit leave a open ethernet port in the lobby, joe random could too. I work in IT, I've seen some fairly big (lets say fortune 500) companies that had some very insecure networks and devices... tip use the companies name as the password, make it secure at a !... yea that bad

Iiiears
Iiiears

Does anyone else find mention of ANONYMOUS interesting?

Now Trending

Dallas Concert Tickets

From the Vault

 

General

Loading...