Arlington Security Guard Arrested on Federal Charges for Hacking into Hospital's Computer System

[security curmudgeon <jericho () attrition org>]

http://dallas.fbi.gov/dojpressrel/pressrel09/dl063009.htm

For Immediate Release
June 30, 2009   United States Attorney's Office
Northern District of Texas
Contact: (214) 659-8600

Arlington Security Guard Arrested on Federal Charges for Hacking into 
Hospital's Computer System
Defendant Allegedly Posted Video of Himself Compromising a Hospital's 
Computer System on YouTube

DALLASA man from Arlington, Texas, who worked as a contract security guard 
at the Carrell Clinic on North Central Expressway in Dallas, has been 
arrested on felony charges outlined in a criminal complaint, announced 
Acting U.S. Attorney James T. Jacks of the Northern District of Texas.

Late Friday evening, agents with the FBI arrested Jesse William McGraw, 
a/k/a "GhostExodus," "PhantomExodizzmo," "Howard Daniel Bertin," "Howard 
William McGraw," and "Howard Rogers," age 25. McGraw appeared yesterday 
afternoon before U.S. Magistrate Judge Wm. F. Sanderson, Jr., for his 
initial appearance. He was detained until his probable cause and detention 
hearing set for Wednesday, July 1, 2009, at 2:30 p.m., before Judge 
Sanderson.

According to the affidavit filed in support of the criminal complaint, 
McGraw is the leader of the hacker group, "Electronik Tribulation Army." 
He was employed as a security guard for United Protection Services, in 
Dallas, and worked the night shift, from 11:00 p.m. to 7:00 a.m. at the 
Carrell Clinic hospital.

The affidavit alleges that between April and June 2009, McGraw committed 
computer intrusions of several computers in the Carrell Clinic hospital 
building, including computers controlling the Heating, Ventilation and Air 
Conditioning (HVAC) system and computers containing confidential patient 
information. The HVAC system intrusion presented a health and safety risk 
to patients who could be adversely affected by the cooling if it were 
turned off during Texas summer weather conditions. In addition, the 
hospital maintained drugs which could be adversely affected by the lack of 
proper cooling. McGraw, who used the online nickname "GhostExodus," posted 
pictures on the Internet of the compromised HVAC system and videos of 
himself compromising a computer system in a hospital.

Further investigation revealed that McGraw was planning to use his 
compromised systems to commit additional crimes on or before July 4, 2009, 
a date that McGraw, according to the affidavit, called "Devil's Day." He 
posted videos on the Internet which included admonition to other hackers 
to assist him in conducting unauthorized computer intrusions in support of 
a "massive DDOS" on July 4, 2009. DDOS is an acronym for Distributed 
Denial of Service and is a type of computer attack in which an 
unauthorized individual assumes control of other computers and uses the 
massed ability of those computers, over which they have unauthorized 
access and control, to attack targeted computers. The investigation also 
revealed that McGraw recently provided United Protection Services his one 
week notice and his last day of work was to be July 3, 2009, the day 
before the scheduled DDOS attack.

Upon McGraw's arrest on Friday evening, the Carrell Clinic IT staff 
identified and remediated the numerous compromised computers in the 
building.

A federal complaint is a written statement of the essential facts of the 
offenses charged, and must be made under oath before a magistrate judge. A 
defendant is entitled to the presumption of innocence until proven guilty.

In stating that the investigation is ongoing, Acting U.S. Attorney Jacks 
praised the investigative efforts of the FBI and Texas Attorney General 
Criminal Investigation Division. Assistant U.S. Attorney C. S. Heath is 
prosecuting.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php