Feeds

Feds: Hospital hacker's 'massive' DDoS averted

Arrest foils 'Devil's Day' scheme

The Power of One eBook: Top reasons to choose HP BladeSystem

GhostExodus outed

In some respects, McGraw's hacking regimen bordered on the paranoid. He kept a webcam over the outside door to his one-bedroom apartment so he'd know in advance when someone was calling on him. But otherwise, court documents portray someone who was sloppy in covering his tracks. The picture on a fake FBI credential he showed in one video matched the photo on his driver's license. Another video in which GhostExodus showed off Wireshark and other hacking tools revealed an IRC session that revealed an IP address issued by swbell.net.

His need for attention led him to volunteer a wealth of information about himself. A profile here made in March lists his age as 24 and shows the face of a white male that is identical to the one belonging to the individual McGrew says he observed in the hospital videos. (Those clips have since been taken down).

Combining the IP address with a Craigslist posting and GhostExodus's YouTube videos, McGrew soon deduced the miscreant probably was a night security guard at Carrell Clinic.

GhostExodus's tell-tale screen capture

Besides breaching the security of the hospital, McGraw also posted evidence that he accessed a computer used by the aviation unit of the Dallas Police Department. Police officials confirmed that a machine assigned to that unit was known "to have been compromised by an unauthorized individual."

McGrew - who despite the name similarity has no relation to McGraw - first learned of the HVAC breach after someone from Electronik Tribulation Army sent him an unsolicited instant message on June 18 bragging of the exploit. The message pointed to screenshots that suggested it wasn't a hoax. With a specialty in SCADA, or supervisory control and data acquisition, McGrew quickly took notice. Three days later he tipped off the Texas Attorney General's office and the FBI.

"I can't just see that and let that go," he said. "I spent the entire weekend trying to find out as much about GhostExodus as possible."

Of particular concern was the sinking realization that someone had unauthorized access to the system that controls the air-conditioning systems that cool operating rooms and other critical areas of the Texas hospital, where temperatures regularly hit the triple digits.

"Elements of critical infrastructure, like HMIs for control systems in hospitals have such low security that even someone like this can get in," he said. "It really shows how dangerous even a low-skilled attacker can be." ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.