Security Guard Charged with Hacking Hospital Systems
The grainy video shows a bleary-eyed young man in a hoodie inside the Carrell Clinic in Dallas, Texas. As he hits the elevator button, the theme music from Mission Impossible plays in the background. "You're on a mission with me: Infiltration," he tells the camera.
McGraw talks like a big-time spy, but he makes some silly mistakes. In one video he puts on surgical gloves, presumably to hide his fingerprints, after typing on the computer he plans to hack. In another, he crops the video so that his face is not visible, but then shows off a fake FBI identity card -- with his picture on it. Then there's the fact that he posted the whole thing to YouTube.
His undoing came when a member of his hacker group, called the Electronik Tribulation Army, boasted to security researcher Wesley McGrew and showed him screen shots of hacked machines. That hacker, who went by the name XXxxImmortalxxXX, claimed to have hacked the Carrell Clinic systems, but McGrew soon linked the crime to GhostExodus and handed over his findings to authorities.
The group also compromised computers used by the Dallas Police and the National Aeronautics and Space Administration, (NASA) the FBI said in an affidavit. According to GhostExodus's journal he appears to have found a cross-site scripting bug -- a common Web programming error -- on NASA's Web site.
McGrew, a graduate student at Mississippi State University, said that it probably never occurred to GhostExodus to fake the videos he made. "It's a show of skill to his hacker peers," he said via instant message.
Still, the video is "pretty amazing," he added.
"He's a security guard at the hospital, but he's pretending to infiltrate a corporate office and he's running around with a hoodie on over his security guard uniform and installing botnet software on a hospital computer all to the Mission Impossible music," he said. "[You] can't make this stuff up."
U.S. Federal Bureau of Investigation
Receive the latest security news as it breaks.
