Security Guard Busted For Hacking Hospital's HVAC, Patient Information Computers

'GhostExodus' bragged about his breaches on YouTube, and tried to rally fellow hackers to conduct a massive DDoS attack

Dark Reading Staff, Dark Reading

July 2, 2009

2 Min Read

A former security guard for a Dallas hospital has been arrested by federal authorities for allegedly breaking into the facility's HVAC and confidential patient information computer systems. In a bizarre twist, he posted videos of his hacks on YouTube, and was trying to recruit other hackers to help him wage a massive DDoS attack on July 4 -- one day after his planned last day on the job.

Jesse William McGraw, 25, also known as "GhostExodus," "PhantomExodizzmo," and a couple of false names, was charged with downloading malicious code onto a computer at the Carrell Clinic in order to cause damage. As a result, he "threatened public health and safety," according to an affidavit filed by the FBI (PDF). McGraw worked as a night security guard for United Protection Services and was on contract with the hospital, which specializes in orthopedics and sports medicine.

McGraw heads up the Electronik Tribulation Army, an underground hacking group; ironically, one of his followers may have inadvertently given him up to the feds. Security researcher Wesley McGrew helped crack the case wide open after a "script kiddie" known as "XXxxImmortalxxXX " contacted him, bragging that he had hacked a hospital's HVAC system. "Upon further googling, it became apparent that XXxxImmortalxxXX was lying to me, and that it was the leader of the group Immortal had joined that allegedly carried out the attack. This attacker went by the name of 'GhostExodus,'" or McGraw, McGrew blogged.

Researcher McGrew, who is an expert in control systems and SCADA security, says he saw screenshots of the interface to the hospital's HVAC system posted online by GhostExodus. "Screenshots taken by the attacker showed an HMI that gave the user control over many elements of the hospital, including pumps and chillers in the operating room. Messing around with a system like this can seriously impact the health and safety of the patients," he blogged. After gathering more information on GhostExodus, he contacted the Texas attorney general's office and the FBI, which on Friday arrested McGraw.

The suspect had planned to use the hacked systems on July 4 for what he called "Devil's Day," when he was planning to wage with other attackers a mass DDoS attack. He had posted videos online trying to recruit other attackers to join in the DDoS attack.

McGraw had given one-week notice to United Protection Services recently, and his last day of work was scheduled for July 3.

Carrell Clinic administrator Tom Blair told The Dallas Morning News in a published report that it had no evidence of patient information being compromised.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights