[ad_1]
He will now have plenty of time to resolve them: the US attorney’s office has just informed that McGraw has pleaded guilty to one indictment on two counts of transmitting malicious code. Authorities said, “McGraw admitted he intended to use the bot to launch a denial of service attack on the website of a rival ‘hacker’ group. Each count carries a maximum legal sentence of 10 years in prison and a fine of $ 250,000. He will be sentenced in federal court in Dallas on September 16. This gives you plenty of time to read the captivating story that follows.
Accused posted video of himself compromising hospital computer system on YouTube
DALLAS – Jesse William McGraw, who worked as a contract security guard at North Central Medical Plaza on the North Central Expressway in Dallas, pleaded guilty today before U.S. District Judge Jane J. Boyle to criminal offenses related to his compromise and damage to the hospital. computer system, said US Attorney James T. Jacks of the Northern District of Texas.
McGraw, aka “Ghost Exodus”, 25, of Arlington, Texas, pleaded guilty to two counts of transmitting malicious code. Each count carries a maximum penalty of ten years in prison and a fine of $ 250,000. McGraw, who has been in custody since his arrest in June 2009 on related charges filed in a criminal complaint, will be sentenced by Judge Boyle on September 16, 2010.
The North Central Medical Plaza is home to medical offices and surgery centers, including the WB Carrell Memorial Clinic and the North Central Surgery Center. McGraw, a contract security guard for United Protection Services, typically worked the night shift, 11:00 p.m. to 7:00 a.m.
McGraw had physical access to more than 14 computers located in the North Central Medical Plaza, including a nurse station computer on the fifth floor and a heating, ventilation and air conditioning (HVAC) computer located in a locked room. . The nurses ‘station computer was used to track a patient’s progress at the Carrell Memorial Clinic, and medical staff also used it to reference patients’ personal identifiers, billing records, and medical histories. The HVAC computer was used to control the heating, ventilation and air conditioning of the first and second floors used by the North Central Surgical Center.
McGraw installed or transmitted a program to the computers he accessed that allowed him, or anyone with his account name and password, to access the computers remotely. It also damaged the integrity of some computer systems by removing security features, such as uninstalling anti-virus programs, which made computer systems and the related network more vulnerable to attack. He also installed malicious code (sometimes called a “bot”) on some of the computers. Bots are commonly associated with stealing data from the compromised computer, using the compromised computer in denial of service attacks, and using the computer to send spam. In this case, McGraw admitted that he intended to use the bot to launch a denial of service attack on the website of a rival group of “hackers”.
McGraw knew his actions would harm the safety and integrity of those rods. He advocated taking such actions to harm the integrity of the systems in the instructions he posted online for members of his “Electronik Tribulation Army” (ETA) and others interested in committing crimes. crimes against computers.
On February 12, 2009, McGraw abused his trust and bypassed physical security to the locked room containing the HVAC computer. At around 11:35 p.m., he started downloading a password recovery tool from a website, which he used to recover passwords. On February 13, 2009, at around 1:19 a.m., McGraw, again without permission, physically accessed the CVC computer and inserted a removable storage device and executed a program that allowed him to emulate a CD device. /DVD. He remotely accessed the HVAC computer five times on April 13 and 14, 2009.
At approximately 1:45 a.m. on April 28, 2009, McGraw abused his trust in him as a security guard and unauthorized access to a nursing station computer. McGraw made a video and audio recording of what he called his “botnet infiltration”. As the theme for “Mission Impossible” played, McGraw walked through his conduct, gaining unauthorized access to a desktop and computer, inserting a CD containing the OphCrack program into the computer to bypass passwords or security, and inserting a removable storage device into the computer that he said contained malicious code or program. The FBI found the CD containing the OphCrack program in McGraw’s house and found the bot’s source code on his laptop.
McGraw was aware that changing the HVAC computer controls could affect the temperature of the facility. By affecting the facility’s environmental controls, it could have affected the treatment and recovery of patients vulnerable to changes in the environment. Additionally, it could have affected treatment regimens, including the effectiveness of all heat-sensitive drugs and supplies.
He also knew that the computer at the nurses’ station was being used to access and consult medical records. Although he claims he did not review or modify patient records, and the government is not aware of any evidence to the contrary, by gaining administrator access to these computers he would have had the ability to modify these records if he had taken additional steps to circumvent the additional security measures.
The case is currently under investigation by the FBI and the Texas Attorney General’s Criminal Investigations Division. Assistant US Attorney CS Heath is pursuing the case.
[ad_2]
Source link
