Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Texas man pleads guilty to hacking medical center computers

Jesse William McGraw, a 25-year-old from Arlington, pled guilty to two counts of transmitting malicious code earlier this week at the US District Court in Dallas. The indictment stems from an incident in which McGraw, aka ‘Ghost Exodus’, gained unauthorized access to computer systems at the North Central Medical Plaza outside of Dallas, where he worked as a security guard on the overnight shift.

According to a US Justice Department release, McGraw accessed 14 computers in two different facilities on numerous occasions and had the ability to retrieve and track patient data. The intent, however, was not theft of patient data, as acknowledged by US Attorney James Jacks.

Instead, McGraw installed a program on the computers that allowed him remote access. “He also impaired the integrity of some of the computer systems by removing security features, e.g., uninstalling anti-virus programs, which made the computer systems and related network more vulnerable to attack”, noted the Justice Department statement.

McGraw – the so-called leader of the online hacker group ‘Electronik Tribulation Army’ (ETA) – installed a bot on some of the machines, which he apparently intended to use in a denial-of-service attack against a rival hacker group after July 4, 2009.

The young man brazenly posted a YouTube video of himself bypassing the computer’s password system and downloading malicious code onto a nurses’ station machine. With the theme to Mission Impossible playing in the background and sporting a hooded sweatshirt to apparently portray quasi-concealment of his identity, McGraw claims to have infiltrated “a very large corporate office”. But what he didn’t tell the YouTube audience was that he already had the key card to the facility, as it was his job to provide security for the office that evening.

Each count McGraw faces carries a maximum 10-year prison term and up to a $250 000 fine. He will be sentenced by a US District judge Jane Boyle on Sept. 16, 2010.

What’s Hot on Infosecurity Magazine?