GhostExodus Arrested for Hacking into Carrell Clinic's Computer System

June 30, 2009

A man from Arlington, Texas, who worked as a contract security guard at the Carrell Clinic on North Central Expressway in Dallas, has been arrested on felony charges outlined in a criminal complaint.

Late Friday evening, agents with the FBI arrested Jesse William McGraw, a/k/a "GhostExodus," "PhantomExodizzmo," "Howard Daniel Bertin," "Howard William McGraw," and "Howard Rogers," age 25. McGraw appeared yesterday afternoon before U.S. Magistrate Judge Wm. F. Sanderson, Jr., for his initial appearance. He was detained until his probable cause and detention hearing set for Wednesday, July 1, 2009, at 2:30 p.m., before Judge Sanderson.

According to the affidavit filed in support of the criminal complaint, McGraw is the leader of the hacker group, "Electronik Tribulation Army." He was employed as a security guard for United Protection Services, in Dallas, and worked the night shift, from 11:00 p.m. to 7:00 a.m. at the Carrell Clinic hospital.

The affidavit alleges that between April and June 2009, McGraw committed computer intrusions of several computers in the Carrell Clinic hospital building, including computers controlling the Heating, Ventilation and Air Conditioning (HVAC) system and computers containing confidential patient information. The HVAC system intrusion presented a health and safety risk to patients who could be adversely affected by the cooling if it were turned off during Texas summer weather conditions. In addition, the hospital maintained drugs which could be adversely affected by the lack of proper cooling. McGraw, who used the online nickname "GhostExodus," posted pictures on the Internet of the compromised HVAC system and videos of himself compromising a computer system in a hospital.

Further investigation revealed that McGraw was planning to use his compromised systems to commit additional crimes on or before July 4, 2009, a date that McGraw, according to the affidavit, called "Devil's Day." He posted videos on the Internet which included admonition to other hackers to assist him in conducting unauthorized computer intrusions in support of a "massive DDOS" on July 4, 2009. DDOS is an acronym for Distributed Denial of Service and is a type of computer attack in which an unauthorized individual assumes control of other computers and uses the massed ability of those computers, over which they have unauthorized access and control, to attack targeted computers. The investigation also revealed that McGraw recently provided United Protection Services his one week notice and his last day of work was to be July 3, 2009, the day before the scheduled DDOS attack.

Upon McGraw's arrest on Friday evening, the Carrell Clinic IT staff identified and remediated the numerous compromised computers in the building.