Feeds

Feds: Hospital hacker's 'massive' DDoS averted

Arrest foils 'Devil's Day' scheme

Seven Steps to Software Security

GhostExodus outed

In some respects, McGraw's hacking regimen bordered on the paranoid. He kept a webcam over the outside door to his one-bedroom apartment so he'd know in advance when someone was calling on him. But otherwise, court documents portray someone who was sloppy in covering his tracks. The picture on a fake FBI credential he showed in one video matched the photo on his driver's license. Another video in which GhostExodus showed off Wireshark and other hacking tools revealed an IRC session that revealed an IP address issued by swbell.net.

His need for attention led him to volunteer a wealth of information about himself. A profile here made in March lists his age as 24 and shows the face of a white male that is identical to the one belonging to the individual McGrew says he observed in the hospital videos. (Those clips have since been taken down).

Combining the IP address with a Craigslist posting and GhostExodus's YouTube videos, McGrew soon deduced the miscreant probably was a night security guard at Carrell Clinic.

GhostExodus's tell-tale screen capture

Besides breaching the security of the hospital, McGraw also posted evidence that he accessed a computer used by the aviation unit of the Dallas Police Department. Police officials confirmed that a machine assigned to that unit was known "to have been compromised by an unauthorized individual."

McGrew - who despite the name similarity has no relation to McGraw - first learned of the HVAC breach after someone from Electronik Tribulation Army sent him an unsolicited instant message on June 18 bragging of the exploit. The message pointed to screenshots that suggested it wasn't a hoax. With a specialty in SCADA, or supervisory control and data acquisition, McGrew quickly took notice. Three days later he tipped off the Texas Attorney General's office and the FBI.

"I can't just see that and let that go," he said. "I spent the entire weekend trying to find out as much about GhostExodus as possible."

Of particular concern was the sinking realization that someone had unauthorized access to the system that controls the air-conditioning systems that cool operating rooms and other critical areas of the Texas hospital, where temperatures regularly hit the triple digits.

"Elements of critical infrastructure, like HMIs for control systems in hospitals have such low security that even someone like this can get in," he said. "It really shows how dangerous even a low-skilled attacker can be." ®

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.