Feeds

Feds: Hospital hacker's 'massive' DDoS averted

Arrest foils 'Devil's Day' scheme

Top 5 reasons to deploy VMware with Tegile

The leader of a malicious hacker collective who used his job as a security guard to breach sensitive Texas hospital computers has been arrested just days before his group planned a "massive DDoS" attack for the July 4 Independence Day holiday.

Jesse William McGraw, 25, of Arlington, Texas, was taken into custody late Friday evening after posting screenshots showing he had complete control of computers that administered air-conditioning systems at The Carrell Clinic in Dallas, federal prosecutors said. McGraw also brazenly posted videos showing him installing malware on hospital computers that made them part of a botnet he operated, said a network security expert, whose sleuthing uncovered the breach.

As a contract security guard at the hospital, McGraw had no authorized access to any of its computers. But that didn't stop the miscreant, who went by the handle GhostExodus, from taping himself as he walked down the halls of the hospital with a blue security guard uniform poking out through a gray hoody, as he bragged about gaining control over sensitive computers.

"It's a unique mindset among these hackers," said Wesley McGrew, a 29-year-old network PhD network security researcher at Mississippi State University. "It's all about respect and fame and the respect of their equally weird peers."

According to McGrew and federal prosecutors in Dallas, McGraw was the leader of a hacker gang known as the Electronik Tribulation Army. He had recently posted videos admonishing fellow hackers to carry out a "massive DDoS," or distributed denial of service, attack on July 4, a date he called "Devil's Day". While the target and other details of the attack are unknown, the investigators are taking the threat seriously because McGraw, prior to his arrest, had tendered his resignation as a security guard job effective July 3.

According to court documents, hospital officials had experienced problems with their HVAC, or heating, ventilation and air-conditioning, units and were perplexed why none of the system alarms had gone off as programmed. Had they seen screenshots posted here by someone calling themselves GhostExodus, they would have known why. They images showed the HVAC control window for the hospital's surgery unit. A test alarm setting was turned to "inactive."

"You almost can't help it ya know," GhostExodus writes. "It must be done!"

Internet Security Threat Report 2014

Next page: GhostExodus outed

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.