BreachExchange mailing list archives

Re: Arlington Security Guard Arrested on Federal Charges for Hacking into Hospital's Computer System

From: "Jackson, Ben (ITD)" <Ben.Jackson () state ma us>
Date: Thu, 2 Jul 2009 12:44:19 -0400
A bit more coverage of this here:

http://www.mcgrewsecurity.com/2009/06/30/ghostexodus-the-eta-and-a-contr
ol-systems-incident-at-carrell-clinic-part-1/

--
Ben Jackson, GCIA - Sr. Security Engineer - Commonwealth of
Massachusetts
ben.jackson () state ma us - +1-617-626-4575 (v) - +1-617-626-4459 (f)
             Too Many Genies... Not Enough Bottles...

-----Original Message-----
From: dataloss-bounces () datalossdb org
[mailto:dataloss-bounces () datalossdb org] On Behalf Of security
curmudgeon
Sent: Wednesday, July 01, 2009 8:04 PM
To: dataloss-discuss () datalossdb org; dataloss () datalossdb org
Subject: [Dataloss] Arlington Security Guard Arrested on Federal Charges
for Hacking into Hospital's Computer System


http://dallas.fbi.gov/dojpressrel/pressrel09/dl063009.htm

For Immediate Release
June 30, 2009   United States Attorney's Office
Northern District of Texas
Contact: (214) 659-8600

Arlington Security Guard Arrested on Federal Charges for Hacking into
Hospital's Computer System Defendant Allegedly Posted Video of Himself
Compromising a Hospital's Computer System on YouTube

DALLASA man from Arlington, Texas, who worked as a contract security
guard at the Carrell Clinic on North Central Expressway in Dallas, has
been arrested on felony charges outlined in a criminal complaint,
announced Acting U.S. Attorney James T. Jacks of the Northern District
of Texas.

Late Friday evening, agents with the FBI arrested Jesse William McGraw,
a/k/a "GhostExodus," "PhantomExodizzmo," "Howard Daniel Bertin," "Howard
William McGraw," and "Howard Rogers," age 25. McGraw appeared yesterday
afternoon before U.S. Magistrate Judge Wm. F. Sanderson, Jr., for his
initial appearance. He was detained until his probable cause and
detention hearing set for Wednesday, July 1, 2009, at 2:30 p.m., before
Judge Sanderson.

According to the affidavit filed in support of the criminal complaint,
McGraw is the leader of the hacker group, "Electronik Tribulation Army."

He was employed as a security guard for United Protection Services, in
Dallas, and worked the night shift, from 11:00 p.m. to 7:00 a.m. at the
Carrell Clinic hospital.

The affidavit alleges that between April and June 2009, McGraw committed
computer intrusions of several computers in the Carrell Clinic hospital
building, including computers controlling the Heating, Ventilation and
Air Conditioning (HVAC) system and computers containing confidential
patient information. The HVAC system intrusion presented a health and
safety risk to patients who could be adversely affected by the cooling
if it were turned off during Texas summer weather conditions. In
addition, the hospital maintained drugs which could be adversely
affected by the lack of proper cooling. McGraw, who used the online
nickname "GhostExodus," posted pictures on the Internet of the
compromised HVAC system and videos of himself compromising a computer
system in a hospital.

Further investigation revealed that McGraw was planning to use his
compromised systems to commit additional crimes on or before July 4,
2009, a date that McGraw, according to the affidavit, called "Devil's
Day." He posted videos on the Internet which included admonition to
other hackers to assist him in conducting unauthorized computer
intrusions in support of a "massive DDOS" on July 4, 2009. DDOS is an
acronym for Distributed Denial of Service and is a type of computer
attack in which an unauthorized individual assumes control of other
computers and uses the massed ability of those computers, over which
they have unauthorized access and control, to attack targeted computers.
The investigation also revealed that McGraw recently provided United
Protection Services his one week notice and his last day of work was to
be July 3, 2009, the day before the scheduled DDOS attack.

Upon McGraw's arrest on Friday evening, the Carrell Clinic IT staff
identified and remediated the numerous compromised computers in the
building.

A federal complaint is a written statement of the essential facts of the
offenses charged, and must be made under oath before a magistrate judge.
A defendant is entitled to the presumption of innocence until proven
guilty.

In stating that the investigation is ongoing, Acting U.S. Attorney Jacks
praised the investigative efforts of the FBI and Texas Attorney General
Criminal Investigation Division. Assistant U.S. Attorney C. S. Heath is
prosecuting.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data
Protection from Four Critical Perspectives. The eBook begins with
considerations important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:

Arlington Security Guard Arrested on Federal Charges for Hacking into Hospital's Computer System security curmudgeon (Jul 01)
- Re: Arlington Security Guard Arrested on Federal Charges for Hacking into Hospital's Computer System Jackson, Ben (ITD) (Jul 02)