GhostExodus, the ETA, and a Control-Systems Incident at Carrell Clinic (Part 2)

Jul 02 2009
Filed In: SCADA, analysis, fun, links, skiddies

If you haven’t read Part 1 of this story, then you really ought to take a look at it first.  It serves as a good overview, and the criminal complaint filed by the FBI is a good read.

Yesterday afternoon was GhostExodus’ detention hearing.  I’m not very familiar with the process one goes through after being arrested for something like this, so I had to look up what this meant.  I found the following site which, I believe, explains detention hearings well:

(Looks like a cool site beyond this, even.  Kind of a legal equivalent to the blog I run here.)

I was informed yesterday afternoon that the Judge in this case found that there was probable cause to detain Jesse McGraw while the case is pending.

Here are some links to the coverage this is getting.  I’m linking articles that I think my readers would enjoy, especially those where the reporters were thorough enough to contact me personally to get the stories:

The members of the press I’ve talked to on the phone and over IM have been very nice.  There are many more stories than this, you can poke around on Google News if you like, but your best source of technical information for fellow security and control-systems folks is going to be right here, of course :)

Now, time to break out the popcorn.  Here are two of the most interesting videos that were posted to GhostExodus’ youtube accounts.  It’s my understanding that these videos were played in court yesterday.  After each video, I’ve summarized some points of interest in each video:

  • “Post July 4th” is a strange choice of title here, as it’s before July 4th, and in preparation for the attacks scheduled for the 4th
  • He’s recording this by holding his laptop in front of him (reflections in elevator)
  • Claims to have infiltrated corporate offices, but it’s obviously a medical facility
  • Watch for medical charts and such on the walls when he sits down
  • Appears to be the collar of a security guard uniform peeking out of the top of the hoodie
  • The FBI identified this computer at the clinic by the toy flamingo on top of the monitor

  • This was recorded at a desk at the hospital where McGraw was a security guard.
  • I thought about buying one of those camera pens until I saw this.  Not inconspicuous.
  • Showing off your fake FBI credentials on youtube isn’t very smart.

I will continue this series with more posts, discussing the HVAC compromise, how I came to be aware of it, and the techniques I used to gather information on the suspect.  Still pooped from talking to so many people about this, but I’m enjoying spreading the gospel of control-systems security ;)

Back to Top
Tags:

There are 16 Comments to "GhostExodus, the ETA, and a Control-Systems Incident at Carrell Clinic (Part 2)"

Write a Comment