[ad_1]
For those who don’t remember Jesse William McGraw’s name, a quick reminder: This is the 26-year-old man from Arlington, formerly known as the GhostExodus of the Electronik Tribulation Army, who was arrested. in June 2009 for hacking 14 computers at the WB Carrell Memorial. Clinic on N. Central Expressway, where he worked as a night security guard. According to federal authorities, McGraw broke into computers containing information about patients and those who operate the CVC and intended “to use his compromised systems to commit further crimes by July 4, 2009,” date which McGraw, according to the affidavit, called “Devil’s Day.” “McGraw, who was indicted a month later, was shot while posting his exploits on YouTube, where they were discovered by computer science student Wesley McGrew at Mississippi State University.
In May of last year, McGraw pleaded guilty to an indictment charging him with two counts of transmitting malicious code; the federal government said it “admitted it intended to use the bot to launch a denial of service attack on the website of a rival ‘hacker’ group,” this rival being other than Anonymous.
Yet in a letter he sent me from Seagoville Federal Correctional Facility late last year, McGraw insisted he was not guilty of any such thing: “Of course , I’ve done my fair share of juvenile posturing, ”he wrote,“ but I never tampered with patient records, turned off a CVC system, stole identities or people’s hard-earned money. ” He wrote that “pirates make the police [sic] Internet “, and that” ETA has helped many innocent victims whom Anonymous terrorized “.
But the US attorney’s office just sent a message: McGraw was sentenced last night by US District Judge Jane J. Boyle to 110 months on each of the two counts, to be served simultaneously. The statement read, which follows in its entirety: “In reaching this sentence, Judge Boyle cited the need for those who commit computer crimes to understand the potentially devastating consequences of their actions, to promote respect for the law and to deter others involved in or planning to hack. Justice Boyle ordered McGraw to compensate occupants of the building affected by his criminal conduct, specifically the WB Carrell Memorial Clinic, the North Central Surgery Center and the Cirrus Group. “
The long federal government recap follows.
FORMER SECURITY GUARD, HACKEDHOSPITAL COMPUTER SYSTEM,
IS SENTENCED TO 110 MONTHS OF FEDERAL PRISON
The defendant posted a video of himself
Compromising a hospital’s IT system on YouTube
DALLAS – Jesse William McGraw, a former contract security guard at North Central Medical Plaza on the North Central Expressway in Dallas, who admitted to hacking into that hospital’s computer systems, was convicted yesterday afternoon by the district judge American Jane J. Boyle at 110 months on each of the two charges, to be served simultaneously, announced the United States Attorney James T. Jacks of the North District of Texas. In reaching this sentence, Justice Boyle cited the need for those who commit computer crimes to understand the potentially devastating consequences of their actions, to promote respect for the law, and to deter others involved in or considering hacking. Justice Boyle ordered McGraw to compensate occupants of the building affected by his criminal conduct, specifically the WB Carrell Memorial Clinic, the North Central Surgery Center and the Cirrus Group.
In May 2010, McGraw, aka “Ghost Exodus”, 26, of Arlington, Texas, pleaded guilty without a plea bargain to an indictment to two counts of transmitting malicious code. He has been in detention since his arrest in June 2009.
During his 11:00 p.m. to 7:00 a.m. shift at the North Central Medical Plaza, McGraw had physical access to more than 14 computers, including a fifth-floor nurses station computer and heating system, ventilation and air conditioning (HVAC) computer located in a locked room. The nurses station computer was used to track a patient’s progress at the Carrell Memorial Clinic, and medical staff also used it to reference patients’ personal identifiers, billing records, and medical histories. The HVAC computer was used to control the heating, ventilation and air conditioning of the first and second floors used by the North Central Surgical Center.
McGraw installed or transmitted a program to the computers he accessed that allowed him, or anyone with his account name and password, to remotely access the computers. It also damaged the integrity of some computer systems by removing security features, such as uninstalling anti-virus programs, which made computer systems and the related network more vulnerable to attack. It also installed malicious code (sometimes called “bots”) on most computers. Bots are commonly associated with stealing data from the compromised computer, using the compromised computer in denial of service (DDoS) attacks, and using the computer to send spam. McGraw knew his actions would harm the security and integrity of computers and computer systems. McGraw was the self-proclaimed leader of a computer hacking organization called the “Electronik Tribulation Army” (ETA). He advocated the compromise of computers and computer systems in instructions he posted online for ETA members and others interested in engaging in computer frauds and participating in DDoS attacks.
In this case, McGraw admitted that he intended to use the bots and compromised computers to launch DDoS attacks on the websites of rival hacker groups. Rival ETA hacker groups included “Anonymous”, the hacker group currently claiming responsibility for attacks on PayPal and others in favor of Wikileaks.
On February 12, 2009, McGraw abused his trust and bypassed physical security to the locked room containing the HVAC computer. At around 11:35 p.m., he started downloading a password recovery tool from a website, which he used to recover passwords. On February 13, 2009, at around 1:19 a.m., McGraw, again without permission, physically accessed the CVC computer and inserted a removable storage device and executed a program that allowed him to emulate a CD device. /DVD. He remotely accessed the HVAC computer five times on April 13 and 14, 2009.
At approximately 1:45 a.m. on April 28, 2009, McGraw abused his trust in him as a security guard and unauthorized access to a nursing station computer. McGraw made a video and audio recording of what he called his “botnet infiltration”. While the theme for “Mission Impossible” played, McGraw walked through his conduct, gaining unauthorized access to a desktop and computer, inserting a CD containing the OphCrack program into the computer to bypass passwords or security, and inserting a removable storage device into the computer that he said contained malicious code or program. The FBI found the CD containing the OphCrack program in McGraw’s house and found the bot’s source code on his laptop.
McGraw was aware that changing the HVAC computer controls could affect the temperature of the facility. By affecting the facility’s environmental controls, it could have affected the treatment and recovery of patients vulnerable to changes in the environment. Additionally, it could have affected treatment regimens, including the effectiveness of all heat-sensitive drugs and supplies.
He also knew that the nurses’ station computer was used to access and review medical records. Although he claims he did not review or modify patient records, and the government is not aware of any evidence to the contrary, by gaining administrator access to these computers he would have had the opportunity to modify these records.
The case was investigated by the FBI and the Texas Attorney General’s Criminal Investigations Division. US Deputy Prosecutor CS Heath sued.
[ad_2]
Source link
