Hospital Hacker GhostExodus Owns Himself – Arrested

This story actually gave me a lot of LULZ, how stupid can you be seriously? Man this guy made so many mistakes for someone so paranoid (he had a web cam setup outside his appartment door so he could see who was coming)..

But then he exposed his IP address on IRC, posted his face on some freaky vampire site and posted up screenshots of the HVAC system he ‘owned’ on a forum.

He wasn’t exactly making it hard for someone to find him..especially seen as though he actually WORKED IN THE HOSPITAL.

The leader of a malicious hacker collective who used his job as a security guard to breach sensitive Texas hospital computers has been arrested just days before his group planned a “massive DDoS” attack for the July 4 Independence Day holiday.

Jesse William McGraw, 25, of Arlington, Texas, was taken into custody late Friday evening after posting screenshots showing he had complete control of computers that administered air-conditioning systems at The Carrell Clinic in Dallas, federal prosecutors said. McGraw also brazenly posted videos showing him installing malware on hospital computers that made them part of a botnet he operated, said a network security expert, whose sleuthing uncovered the breach.

As a contract security guard at the hospital, McGraw had no authorized access to any of its computers. But that didn’t stop the miscreant, who went by the handle GhostExodus, from taping himself as he walked down the halls of the hospital with a blue security guard uniform poking out through a gray hoody, as he bragged about gaining control over sensitive computers.

If there was ever an original script kiddy, I think this guy fits the bill perfectly.

Seems like his l33t hacking skills extend to walking into rooms he has access too (with a security card), and taking some screenshots!

Or perhaps even sometimes he booted in with BackTrack and reset the passwords.

“It’s a unique mindset among these hackers,” said Wesley McGrew, a 29-year-old network PhD network security researcher at Mississippi State University. “It’s all about respect and fame and the respect of their equally weird peers.”

According to McGrew and federal prosecutors in Dallas, McGraw was the leader of a hacker gang known as the Electronik Tribulation Army. He had recently posted videos admonishing fellow hackers to carry out a “massive DDoS,” or distributed denial of service, attack on July 4, a date he called “Devil’s Day”. While the target and other details of the attack are unknown, the investigators are taking the threat seriously because McGraw, prior to his arrest, had tendered his resignation as a security guard job effective July 3.

According to court documents, hospital officials had experienced problems with their HVAC, or heating, ventilation and air-conditioning, units and were perplexed why none of the system alarms had gone off as programmed. Had they seen screenshots posted here by someone calling themselves GhostExodus, they would have known why. They images showed the HVAC control window for the hospital’s surgery unit. A test alarm setting was turned to “inactive.”

“You almost can’t help it ya know,” GhostExodus writes. “It must be done!”

Yah you just can’t help messing with the critical HVAC system of a hospital YOU TOOL. What is the point of that anyway, other than bragging rights (which will only impress other script kiddies).

Who knows…I guess if he had any real skills he wouldn’t be working as a security guard and he’d actually be using his talent to make some real bank.

Oh well, good luck to you I say GhostExodus.

Source: The Register

Posted in: Hacking News, Legal Issues, Malware

, , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

20 Responses to Hospital Hacker GhostExodus Owns Himself – Arrested

  1. nubanx July 2, 2009 at 1:45 pm #

    its this kind of BS that gives the “label” hacker a bad stigma.

    h4cktivism carried out in the 90’s normally had the agenda of publicizing a political, religious, and/or socio-economical viewpoint via technology. sites that were deemed “the bad guys” were typically targeted. there was almost this feeling that the hackers were the good guys; the ever vigilant miscreants that held alternative lifestyles in favor of shepherding in the realm of the digital age with a new stage of ethics.

    This guy had local access to hospital machines and put people who were sick or people who choose to help people that are sick in jeopardy for no reason other than “its too easy”.

    this disgusting waste of carbon deserves no title associated with information technology. being called a script kiddie would be flattering to him. the sad part is once he gets out, he’ll probably have revenge on mind and a newly revised sense of purpose and focus, making him target even worse things. maybe he’ll get a similar ending as JDahmer.

    /one can only hope. :-P

  2. David July 2, 2009 at 7:28 pm #

    I agree if this guy was sooooo uber elite he was working in a nice IT security company.
    25 years old and showing off in IRC chans? Get a life GhostExodus!

  3. Droope July 3, 2009 at 7:14 pm #

    LOL. Poor guy.

  4. Lepht July 4, 2009 at 12:35 pm #

    this gets to me. the hell it “must be done” – would this sort of shit still have to be done according to him if the HVAC failed while they were operating on some poor guy? if some elderly patients died of hypothermia on the ward?

    there are so many better uses of the skills we’re learning. damn, that makes me mad.


  5. Talverion July 4, 2009 at 3:54 pm #

    There is a reason many “computer geeks” and “hackers” don’t have much of a social life… If they’re doing anything illegal, as this man did, they don’t want to talk about it, also blowing their cover. He really screwed up on this one. *facepalm*

  6. Navin July 6, 2009 at 6:15 am #

    Hehe…just wht I needed to get a smile on my face this monday morning!!

  7. Will July 6, 2009 at 5:17 pm #

    What is sad is that this walking witless wonder came very close to harming others. If Wesley McGrew had not raise a red flag on this guy, we might have been reading about horrors at the hospital and not laughing at this guys bumblings.

    Granted, this guy is an idiot and would have been caught after the fact. But other than his bragging and a heads up call by Wesley McGrew, nothing stopped him from infecting the hospital’s equipment and carrying out his plan. In one article, the IT staff noted that the HVAC system was acting funny, but this did not raised a warning flag to the hospital’s security or IT staff.

  8. j0 July 6, 2009 at 8:27 pm #

    lolz, funny kid, he should have a rest now for couple of year’s ..

  9. DirtyOldBastard July 8, 2009 at 11:28 am #

    0wnig box with root password is as lame as defacing wikis.

  10. Omniscient July 9, 2009 at 7:10 am #

    The poor guy might get a few years over hacking an air conditioner. Epic fail. I feel bad for him but this is what happens when you commit a crime, brag about it, and a post a video of the whole thing on youtube.

    Doesn’t take a l33t person to figure that out.

  11. das licht July 9, 2009 at 8:31 am #

    Haha- you guys don’t realize that he wasn’t doing it just to be “1337” he was doing it to prove that he could do it and this would have hurt ABSOLUTELY NO ONE! He wasn’t doing it to kill people off in a hospital or put them in serious pain/suffering- It was about the people who constantly talk shit… Like the people on this blog, saying shit and saying you are all ‘1337’ xD

    Just to prove that he could do it when most of the people that say they are ‘1337’ on the internet are mildly retarded and have terrible OCDs where they have to convince every last person in the world that they are cool in all aspects or they will die.

    … Anyone can talk shit online… Most of them can’t back it up.

    I’ve known about him way before this all happened by the way.

    Some of you believe anything you read/hear on the internet or T.V. and it’s rather pathetic that any of you will buy into it as soon as you hear about it without even questioning it- assuming the source you heard it from is just correct no matter what, regardless of how blatant it is.

    Will- you’re a raging faggot; no one ‘raised a red flag’ just like it said in the following link (later in this post) he just ‘snitched’ on him for things that I could go and look up on youtube or forums that I go to.
    I could find things like that, or even worse things than that, in a very short amount of time- seeing that I go to many forums (which are not private or hidden at all) where users post things like this regularly.

    I can *guarantee* that none of you know what you’re talking about;

    I bet most of you just saw this on a blog or Google or some friend who saw it somewhere on the internet, etc. and just decided “hey, here’s my chance to hate on someone I don’t even know to pretend I’m 1337.”
    Watch some of the videos on there. The people in those videos are actually right.

  12. Bogwitch July 14, 2009 at 10:30 am #

    @das licht
    I’m sorry that you feel that way. The fact is, he had authorised, physical access to a box and managed to install some malware onto it. This does not make him a particularly good hacker. He did it to seek noteriety within the community to which he felt he belongs.

    I suspect that most people who you have slated on this blog could install a RAT given unhindered physical access to a box, it’s not difficult.

    The bottom line is, he was in a position of trust which he broke.

    As for not putting life at risk, I would also have do disagree. Whether he went through with the proposed DoS on not, he had introduced some code onto the systems that had not gone through the same (hopefully rigorous) testing that other software components would have gone through. This software could have introduced other vulnerabilities or conflicts that he was not aware of. If the operating theatre was closed down due to a failure of the HVAC, lives could have been put at risk.

    Finally, please provide evidence to back up your *guarantee* that we don’t know what we’re talking about.

  13. Navin July 14, 2009 at 3:10 pm #

    das licht dude, firstly, I must tell U tht I’ve been on this site/blog for around half a decade and not once have I heard anyone at all claim to be a L337 #@x0r, or any crap like that (except maybe on the retards posts). Most of us are in fact self-proclaimed n00bs/security enthusiasts (me included) and are here just to keep ourselves updated on the events in the world of Network security.

    That said and done, lets get back to the point. The very fact that he “hacked” a HVAC shows that he had either no knowledge of how important a component it is in any medical institute or had a fair idea of wht he was doing and wanted to show that he was up for the challenge. I have nothing against people who simply hack webpages (by wht methods whatsoever) to spread propoganda eg: but the very fact that he did it to a HVAC proves that he’s a complete moron!! More evidence of this comes from his statements like:

  14. Das Licht July 15, 2009 at 5:00 pm #

    @ Navin. I’m not saying ppl on here are calling them 1337 or anything… Notice the quote tags.
    It was on another blog. =/
    In the comments somewhere.
    Oh yeah, and to that ‘Bogwitch’ person. O.O

    I don’t think it’s something he should be in prison/jail for either way… I’m not saying I think he should have done that at his own work place (he especially* should not have done that at his own work place!!)
    watch please.
    This video is kind of funny toward the end, too… That guy is kind of an idiot. O.O

    but, whatever… meh… just watch.

  15. Bogwitch July 16, 2009 at 9:44 am #

    @Das Licht

    Thanks, 10 minutes of my life I won’t get back.

    So, two kiddies on YouTube say ‘He’s a nice guy’ is evidence enough that he meant no harm? If he actually did intend no harm, he should be locked up for stupidity.

    Get yourself back to /b/ – You’ll be much more at home there.

  16. PigSkinsNBawls July 19, 2009 at 11:38 am #

    “h4cktivism carried out in the 90

  17. Bogwitch July 21, 2009 at 11:46 am #

    Oh, it’s h4cktivism, is it? I thought it was a skiddie posturing and attempting to gain kudos within, what appears on the surface, to be a lame circle of zomg 7331 hax0rz.

    What exactly was the cause he was trying to publicise apart from his own ego?

  18. the tan man July 30, 2009 at 3:27 pm #

    This guy is 1337! Joke, I lol’d though.

  19. Das Licht August 2, 2009 at 4:00 pm #

    Bogwitch, you’re a douchebag…
    I hate /b/. I didn’t say just because two people say it’s okay makes it legal, I’m saying you’re a retard and you don’t understand what you’re talking about- you try to make it one-sided as possible.

    Yeah, I didn’t reply for a while, I’ve been gone… It doesn’t alleviate the fact that you’re an idiot, to the core.

    Nothing he did could have possibly caused harm, end, done, nothing more after that, you have no argument… =]
    You lose.

    You’re saying he SHOULD have harmed people in trying to do this? It’s stupid that he wasn’t trying to harm someone? Maybe you should be in prison…

  20. Bogwitch August 3, 2009 at 9:11 am #

    @Das Licht

    I understand fully what I am talking about. The issue I have is with your statement that he ‘intended no harm’ – I now take issue with your statement ‘Nothing he did could have possibly caused harm’

    He intended harm. He intended to mess around with the air conditioning of a hospital. Messing around with control systems such as these would have a negative impact such as operations being cancelled which could have the consequence of loss of life.
    If he never intended to go ahead with the stunt, he has still changed the operating platform by installing his software which could have unknown, unforseen consequences (trusted computing, anyone?) again, giving the possibility of threatening life.

    My points are these. He was in a position of trust which he betrayed. He has not displayed any superior penetration skills, he had physical access to the box. If he intended no harm, he’s a moron as there could be consequences to his actions. If he was committed to carrying out his actions, he could potentially be threatening life directly, therefore he’s at best, a moron.

    As for the personal insults, water off a ducks back.