Today, the US Attorney’s Office announced that Jesse “GhostExodus” McGraw, has entered a guilty plea on two charges of transmitting a malicious code. Jesse had compromised more than 14 computers at the Carrell Clinic in Dallas, Texas, where he worked as a night-shift security guard. This included the system running the HMI (Human Machine Interface) for the hospital’s HVAC system. To the best of my knowledge this is the only arrest and conviction of a hacker involved in a control systems/SCADA incident in the United States.
This story began last year, when I became aware of the HVAC compromise, and gathered information about it to turn over to FBI. Throughout the process, I have been very impressed with the technical skill and responsiveness of the FBI agents. I am also very happy with this outcome. This may serve to educate organizations with control systems about the threats and vulnerabilities that are possible, and put other “script-kiddie” type hackers on notice that they can be tracked down and prosecuted for their actions.
The press release for the guilty plea is not yet available on the DOJ website, but the following articles are available:
- Security guard pleads guilty to hacking his employer - Bob McMillian, IDG News Service
- Hacker Known as “GhostExodus,” Who Broke Into Carrell Clinic Computers, Pleads Guilty – Robert Wilonsky, Dallas Observer (This article has the complete text of the DOJ press release)
- Arlington man pleads guilty to hacking medical clinic’s computers – Nathaniel Jones, Star Telegram
I have a large collection of PDFs of court filings for this case, which I may post with commentary at some point soon, now that he has entered a guilty plea. The PDFs make for interesting reading and a wild ride, and I don’t know of any other resources that have good documentation of a hacker case. I’m looking forward to going through them again.