Jesse William McGraw, who pleaded guilty to two counts of transmitting malicious code to systems at the hospital at which he worked (including a SCADA HVAC system’s HMI), was sentenced yesterday at the U.S. District Court for Northern Texas to 110 month of custody, followed by three years of supervised release. He has also been ordered to pay restitution in the amount of $31,881.75. This is according to the latest filing on his case on PACER:
- 17715607207 – Sentencing (PDF)
He was facing a maximum of 10 years per count, which is higher than the usual 5 years per count due to the threat to public health and safety. At one point in the case last year, he had signed a plea agreement stating that he would plead guilty in exchange for a maximum sentence of 6 years. This fell through, however, when he reneged on the deal by pleading innocent on his next appearance in court. He was then re-indicted for 14 counts, which were dropped after he agreed to (and did) plead guilty to the original two counts, outside the scope of any agreement.
On a personal note, I feel that this is a fair sentence considering the circumstances. His actions jeopardized the safety of innocent people and attempted to destroy evidence and hinder the investigation after he was taken into custody. Even after he finally pleaded guilty, he continued to blame everyone but himself, as you can see in his “cross-site scripting tunneling” story he posted, or had someone post for him, from prison three months ago. I originally felt very sorry for him, though it’s hard to have any sympathy for someone that has continually acted against his own best interests as long as he has.
The rest of the “Electronik Tribulation Army” have gone relatively quiet. Maybe this will be a wakeup call for them to get out of this game.
UPDATE: A good post on this from the folks at the Dallas Observer:
If you’re new to the site, these are the previous posts this is a followup to: