Security Guard Charged with Hacking Hospital Systems

The grainy video shows a bleary-eyed young man in a hoodie inside the Carrell Clinic in Dallas, Texas. As he hits the elevator button, the theme music from Mission Impossible plays in the background. "You're on a mission with me: Infiltration," he tells the camera.

By Robert McMillan
Thu, July 02, 2009

IDG News Service — The grainy video shows a bleary-eyed young man in a hoodie inside the Carrell Clinic in Dallas, Texas. As he hits the elevator button, the theme music from Mission Impossible plays in the background. "You're on a mission with me: Infiltration," he tells the camera.

Botnets: 4 Reasons It's Getting Harder to Find and Fight Them

Then in the course of the next five minutes, the man, who says he hasn't slept in 3 days, uses a security key to roam the halls of the hospital and install malicious botnet software on a computer there.

He says he's "infiltrated a very large corporate office," but according to the U.S. Federal Bureau of Investigation, he was just working the night shift as a security guard, pretending to break into the very building he was supposed to be guarding.

On Friday the federal authorities arrested Jesse William McGraw on a charge of felony computer intrusion, saying he intended to use the botnet to launch a massive distributed denial of service (DDOS) attack on July 4, the day after he was set to stop working there. He'd nicknamed the day "Devil's Day."

He worked for a Dallas security company called United Protection Services, on the 11 p.m. to 7 a.m. shift at the clinic.

McGraw, who went by the hacker name GhostExodus, allegedly installed malicious software all over the Carrell Clinic, including systems that contained confidential information, and others that managed the building's climate-control systems, authorities said Tuesday.

The hacker could have harmed patients or damaged drugs if he had turned off air conditioning during Texas's hot summer months, authorities said.

GhostExodus's Mission Impossible video was one of several that he posted to YouTube. They have since been removed, but copies were seen by the IDG News Service. One video named in court filings that was not deleted shows him skillfully playing a violin.

GhostExodus may have seen his arrest coming.

In a March 14 online journal entry, he said that an enemy was fabricating evidence against him and that he was erasing his tracks, but he did leave some tracks on the Web. For example, there's a May 24 forum post, where he bragged about his hacking and posted screen shots of the administrative interface to the heating, ventilation and air conditioning (HVAC) systems used at the hospital. "Spreading botnets is boring. But sometimes you get a hefty prize for all your hard work and labor," he wrote. "Like this you see below. An HVAC server."

Continue Reading

Our Commenting Policies