Incident Response, TDR

Texas hospital hacker sentenced to nine years

A former Dallas hospital guard was sentenced late last week to nine years in federal prison for breaking into hospital computers, planting malicious software and planning a distributed-denial-of-service (DDoS) attack.

Jesse William McGraw, 26, of Arlington, Texas, worked the night shift in 2009 at the Carrell Clinic hospital in Dallas, where he broke into more than 14 computers, including one that controlled the hospital's heating, ventilation and air conditioning (HVAC) system, and a nurses' station PC containing confidential patient information, according to a news release from the U.S. Department of Justice.

McGraw uninstalled anti-virus programs on the computers and installed malware that allowed unauthorized individuals to remotely access and take control of them.

He was also ordered to pay $31,881 in restitution and serve three years of supervised release following his prison term.

McGraw, who used the alias "GhostExodus," was the self-proclaimed leader of the hacker group "Electronik Tribulation Army." 

According to federal prosecutors, the group was building a botnet to attack rival hacker groups, such as Anonymous, which has made headlines recently for its hacking of anti-WikiLeaks' websites, the security firm HBGary and the hate-mongering Westboro Baptist Church.

The FBI caught wind of McGraw after he posted pictures on the internet of the compromised HVAC system. He also posted videos asking other hackers to assist him in mounting intrusions in support of a "massive DDoS” attack that was scheduled for July 4, 2009, according to the criminal complaint.

“McGraw was aware that modifying the HVAC computer controls could affect the facility's temperature,” the DoJ said in a statement. “By affecting the environmental controls of the facility, he could have affected the treatment and recovery of patients who were vulnerable to changes in the environment. In addition, he could have affected treatment regimes, including the efficacy of all temperature-sensitive drugs and supplies.”

McGraw was arrested in June 2009 and pleaded guilty last May to two counts of transmitting malicious code. His lawyer did not immediately respond when contacted by SCMagazineUS.com.

“I feel that this is a fair sentence considering the circumstances,” Wesley McGrew, a computer security researcher who aided the FBI in its investigation of McGraw, wrote in a blog post Friday. “His actions jeopardized the safety of innocent people and attempted to destroy evidence and hinder the investigation after he was taken into custody.”

McGrew began cooperating with the FBI after a member of the Electronik Tribulation Army bragged to him about hacking a control system and provided screenshots of compromised machines. McGrew found that the hack was performed by an attacker who went by the name of GhostExodus, later identified as McGraw.

“The rest of the Electronik Tribulation Army have gone relatively quiet,” McGrew wrote. “Maybe this will be a wakeup call for them to get out of this game.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.