[ISN] Security Guard Busted For Hacking Hospital's HVAC, Patient Information Computers

InfoSec News alerts at infosecnews.org
Thu Jul 2 07:50:23 CDT 2009 

http://www.darkreading.com/insiderthreat/security/attacks/showArticle.jhtml?articleID=218300006

By Kelly Jackson Higgins
DarkReading
July 01, 2009 

A former security guard for a Dallas hospital has been arrested by 
federal authorities for allegedly breaking into the facility's HVAC and 
confidential patient information computer systems. In a bizarre twist, 
he posted videos of his hacks on YouTube, and was trying to recruit 
other hackers to help him wage a massive DDoS attack on July 4 -- one 
day after his planned last day on the job.

Jesse William McGraw, 25, also known as "GhostExodus," 
"PhantomExodizzmo," as well as by a couple of false names, was charged 
with downloading malicious code onto a computer at the Carrell Clinic in 
order to cause damage and as a result, "threatened public health and 
safety," according to an affidavit filed by the FBI . McGraw worked as a 
night security guard for United Protection Services, which was on 
contract with hospital, which specializes in orthopedics and sports 
medicine.

McGraw heads up the Electronik Tribulation Army, an underground hacking 
group, and ironically, it was one of his followers who may have 
inadvertently given him up to the feds. Security researcher Wesley 
McGrew helped crack the case wide open after a "script kiddie" known as 
"XXxxImmortalxxXX " contacted him, bragging that he had hacked a 
hospital's HVAC system. "Upon further googling, it became apparent that 
XXxxImmortalxxXX was lying to me, and that it was the leader of the 
group Immortal had joined that allegedly carried out the attack. This 
attacker went by the name of 'GhostExodus,'" or McGraw, McGrew blogged.

Researcher McGrew, who is an expert in control systems and SCADA 
security, says he saw screenshots posted online by GhostExodus of the 
interface to the hospital's HVAC system. "Screenshots taken by the 
attacker showed an HMI that gave the user control over many elements of 
the hospital, including pumps and chillers in the operating room. 
Messing around with a system like this can seriously impact the health 
and safety of the patients," he blogged. After gathering more 
information on GhostExodus, he contacted the Texas attorney general's 
office and the FBI, which on Friday arrested McGraw.

[...]

More information about the ISN mailing list