Jesse William McGraw, who pleaded guilty to two counts of transmitting malicious code to systems at the hospital at which he worked (including a SCADA HVAC system’s HMI), was sentenced yesterday at the U.S. District Court for Northern Texas to 110 month of custody, followed by three years of supervised release. He has also been ordered to pay restitution in the amount of $31,881.75. This is according to the latest filing on his case on PACER:

He was facing a maximum of 10 years per count, which is higher than the usual 5 years per count due to the threat to public health and safety. At one point in the case last year, he had signed a plea agreement stating that he would plead guilty in exchange for a maximum sentence of 6 years. This fell through, however, when he reneged on the deal by pleading innocent on his next appearance in court. He was then re-indicted for 14 counts, which were dropped after he agreed to (and did) plead guilty to the original two counts, outside the scope of any agreement.

On a personal note, I feel that this is a fair sentence considering the circumstances. His actions jeopardized the safety of innocent people and attempted to destroy evidence and hinder the investigation after he was taken into custody. Even after he finally pleaded guilty, he continued to blame everyone but himself, as you can see in his “cross-site scripting tunneling” story he posted, or had someone post for him, from prison three months ago.  I originally felt very sorry for him, though it’s hard to have any sympathy for someone that has continually acted against his own best interests as long as he has.

The rest of the “Electronik Tribulation Army” have gone relatively quiet. Maybe this will be a wakeup call for them to get out of this game.

UPDATE: A good post on this from the folks at the Dallas Observer:

If you’re new to the site, these are the previous posts this is a followup to:

  21 Responses to “GhostExodus Sentenced to 9 years, 2 months”

  1. This is in no way a fair sentence, 2 years served with a suspended sentence and 3 years probation would have been more appropriate. What the hell is wrong with you people? He didnt kill anyone. This sentence is absurd, sentencing is supposed to be about justice, not “sending a message” nor is it to punish someone for harm they could have but did not commit. But I guess thats in one ear and out the other for a guy who will just consider this message “harassment” and file a complaint with the FBI , whatever, If voicing my opinion is a crime, then come get me.

  2. Poor bastard i hope hes ok :(

  3. I supposed you would have preferred the death sentence for ghost. Ill bet you would have tweeted, “Congratulations to me! a Mission Accomplished”

    The sentence is too severe, period. Its not just my opinion, its the facts jack.

    But I do love a healthy dose of the dude.

  4. The death sentence would not have been a fair sentence, obviously. I don’t think anyone’s saying that.

    That it’s an unfair sentence is your opinion though. It’s okay though because what I posted is my opinion too. While the punishments for various crimes are set out in sentencing guidelines, the underlying sociological reasoning behind the different punishments for crime is a matter of opinion and debate. Some intend for it to be a time of rehabilitation, while others simply see it as removing unwanted elements from society. Some see it strictly as punishment for an individual (as you do) and other see it as a message for others that might consider the same actions (as I do).

    For everything I can see, Jesse acted against his own best interests in every possible way I can imagine since his arrest. He would have been better off with the plea agreement, but even not having that foresight, he at least should not have signed and reneged on it. Conspiring with outsiders to destroy evidence from behind bars? Bad move. All on top of never showing a hint of remorse or acknowledgement of what he had done, nor the possible consequences, which he should have realized weren’t completely under his control after he compromised their security.

    My opinion, man, is that he got exactly what was earned through his actions of the past few years.

  5. “nd other see it as a message for others that might consider the same actions (as I do).”

    Thats where I take issue, justice is not a platform for a judge to be “sending a message” of his personal beliefs, i dont think it should enter into the equation at all, thats like punishing someone because a judge thinks he has a smaller penis than someone else. Same bag of worms.

    The message I get is this, computer crimes will be punished with more severity than, rape, larceny, manslaughter and distribution of controlled substances, coz you know, what ghost did was so much more hienous than those kinds of crimes amiright?

  6. I will say this one last thing, if it was a message they intended to send, I can assure you that it has been recieved, loud and clear.

  7. If you feel that other crimes should be punished more severely, and I’d agree with that, then I encourage you to contact lawmakers and encourage them to pass even stricter sentencing guidelines.

    The message here is not related to a judge’s “platform”, it’s simply stating what is laid out in law for everyone to read: That there are computer crimes that are taken very seriously, and the punishment is severe (§ 1030 (c)(4)(A)(i)(IV)).

    This is not outside of the bounds of any law. In fact, it’s less than half the maximum sentence of the original indictment (10 per count). If he had’ve owned up to what he’d done earlier he’d be facing less: 6 years, or if he’d cooperated earlier, perhaps even less.

    He knew what he was doing was illegal, he knew it was wrong, and he should have understood the consequences of getting caught. Since it doesn’t appear that he’s very remorseful of his actions even now, I don’t think that it’s out of line to at least hope that his sentence serves as an illustration of the consequences to other script kiddies that might consider similar actions to his.

  8. Well I believe, and yet again, my opinion, that the law as defined provides far too severe punishment for such a trivial crime. I think its a product of fear mongering and a public that has little or no understanding at all of any of this, just an overwhelming consensus of fear and ignorance. Yeah he needed to pay for what he did, I cannot dispute that, but still seems excessive. Also, if the judge wants to send messages, he can lrn to use a computer.

  9. He brought a lot of the harshness of the sentence upon himself after his arrest. The remainder of it could have been easily avoided by not committing what is obviously a crime with consequences in the first place.

  10. Good luck and good fortunes.

  11. To you too. Stay clean!

  12. oh, you have no idea, as I said, I was sort of getting the message when I got raided, I certainly have a firm grasp after seeing the sentence ghost got. I actually just rebuilt my lan from the ground up with strict policies to help ensure the legality of ALL activity to and from my network. Its just not worth it. Im perfectly content knowing that I can do things, while not actually doing them. Besides theres a lot for my to learn about a great deal of things, I think id rather spend my energy doing that than plotting a time share in a prison cell.

  13. Hey you know how I like to ramble on and on and on, well there was something else I was sort of wanting to say. Im not really sorry about putting up that website, I think it was harmless sophmoric humor, but what I would like to apologize for, is putting your personal information out there, im sure it doesnt really bother you, especially since none of that info is really a secret, but it was inapropriate to do that. also wanted you to know that I was unaware that you had been threatened, the fbi told me someone had made threatening phone calls or sent threatening emails to you, this I had no part in. Ya know, I dont mind photoshopping peoples pics into fake gay bondage images, but I never had any intention of expressing any kind of actual threats towards you. Never did, and never will, I treasure my freedom and if that wasnt enough to convince you, know that I am fully aware that I am on the radar and lucky to have so far not gotten into trouble and I hope to keep it that way. Ok thats pretty much the last thing I wanted to say, Oh w8, , also,I didnt call u a fascist. I was categorizing a particular view.

  14. The only good harassment is sexual harassment
    Just saying…

  15. hmm, well the images were suggestive, does that qualify?

  16. Well I certainly did not harrass you, I have just as much right to host a site and post information about you, as you have a right to do the same on your site, which you have done. What I do not have a right to do, is slander you. Just because a site hosts material and opinions that you object too, does not make it “harrassment” So if my hosting a site is harrassment, rather, your site and posting would also be harrassment, this would actually be a civil dispute under normal circumstances. We both have rights.

  17. but since there is no dispute, and I have absolutely no intention of hosting any such site, its really a non issue.

  18. I appreciate your attempts to clarify yourself and all, but it’s starting to go a little off-topic.

    Ever considered starting your own blog? Seems like the ideal format for you to express yourself: Just turn all of your long comments in various places into posts.

  19. point taken, I apologize for the mess.

  20. I sort of have to agree with fixer on this one, he did spend 2 years in jail already, i fully understand the crimes that were commited, however with all things considered seems they are doing this to alot of “hackers” some people I will admit, deserve a higher sentence, I just do not see how making him serve a 9 year sentence is going to rehabilitate him. just a personal thought.

 Leave a Reply



You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

© 2012 McGrew Security Suffusion theme by Sayontan Sinha