Ex-Convicted Hacker GhostExodus: Severity of My Crime Wasn’t Based On What I Did, But What I Could Have Done
Posted on 06-03-2020.
In 2009, Jesse William McGraw, aka "GhostExodus" and the leader of the so-called Electronik Tribulation Army (ETA) hacking group, broke into a dozen computers at the orthopedic W.B. Carrell Memorial Clinic, where he worked as a night-shift security guard.
McGraw installed a program to the machines that enabled him to remotely access the computers, including the clinic’s heating, ventilation, and air conditioning (HVAC) computer and the nurse’s station computer.
Additionally, McGraw installed a botnet to some of the computers to subsequently use it to initiate denial of service attacks (DDoS) on the websites of rival hacker groups, on July 4, or as he called it, the “Devil’s Night.”
As further described in a sentencing press release, “McGraw made a video and audio recording of what he called his ‘botnet infiltration.’ [...] McGraw described step by step his conduct, accessing without authorization an office and a computer, inserting a CD containing the OphCrack program into the computer to bypass any passwords or security, and inserting a removable storage device into the computer which he claimed contained a malicious code or program.”
However, McGraw’s plans were never carried out as he was incarcerated in June of 2009.
In May 2010, U.S. District Judge Jane Boyle sentenced McGraw to 110 months for computer-tampering charges. When pronouncing the sentence, Judge Boyle seemed to send a message to cybercriminals as she “cited the need for those who commit computer crimes to understand the potentially devastating consequences of their actions, to promote respect for the law, and to deter others involved in or contemplating hacking.”
Jessy McGraw was released from federal prison in January 2020, with his last day at the halfway house on April 28.
When I reached out to McGraw seeking an interview, he said: “My life certainly doesn't seem to follow any coherent, normal pattern, so I feel it's all over the place. I don't talk about my case often, and I stopped discussing it with others for nearly half a decade. So it can be hard for me to put it together.”
Nonetheless, over the past week, we’ve spent a lot of time on meaningful conversations, where McGraw shared with me his thoughts about his case, the fairness of the judgment, the years in prison, and the impact it all has had on him.
Not to Attack the Clinic, but to Launch an Attack From the Clinic
AA: Why did you compromise the HVAC computer if you hadn’t intended to do any harm to people and medications, but wanted to take control over the computers only?
The compromising the HVAC and the Nurses Station E computer in the YouTube video comprise count 1 and 2 of the 2 count indictment. However, these were unrelated instances, but the DOJ lumped them together and compounded them with Devils Night. The fact that there was no botnet installed on the HVAC server should be indicative that it was not related to the botnet activities.
I used the HVAC server for personal use. This is actually supported by a several hundred-pages keylog file that was found installed on the HVAC server. Yes, I was keylogged. It was discovered that the HVAC had been compromised before my employment. The keylog was from Perfect Keylogger. It captured everything I did.
I used the HVAC because it was convenient. My guard station inside the clinic had a weak WiFi access point and it kept dropping my connection. So I found this easy-to-access-system (HVAC) and installed TeamViewer on it. But the firewall blocked incoming connections, and I didn’t want to reconfigure it, so I installed LogMeIn instead, so I could log in and run tasks from my guard station. I then used the HVAC to chat on AIM, use myspace, and buy car magnets on http://vistaprint.com
. All this is in the HVAC's log files that are included in the discovery evidence compiled by the FBI.
The HVAC user account required no password. But there were other user admin accounts. I can't remember what they were called. But I found a p2p program on one of the user accounts and downloaded media. That's probably how the machine got compromised originally, but I'm only speculating.
AA: What were you going to do on July 4, the Devil’s Night?
Launch a DDoS attack against 4chan, 94chan, and an IRC server being used by the people who were plotting to frame me. Turned out they didn't have to, I suppose.
I had used the botnets before. I had regularly launched them against 94chan, and I used them in #OpIran
. It was said that had the botnets not been thwarted before Devil’s Night, I could have caused significant damage. This isn't actually factual at all. As I said, I launched them on a regular basis.
The objective wasn't to attack the clinic, but obviously to launch (another) attack FROM the clinic on July 4th.
It was a historic conviction. I became the first person in recent U.S. history convicted for corrupting Industrial Control Systems. Also, you have to look at what was happening in the world at the time. Pfcs Manning, WikiLeaks, Anonymous.
The sentence was grossly excessive. But there was a lot for the Department of Justice (DoJ) to gain by giving me a large sentence when you take into consideration what was happening on the scene.
AA: Why did you take and post that video on YouTube, anyway?
There was no need for the video. But in my mind, I didn't realize it, at the time. My intention was propaganda. Something to motivate or inspire others to imitate me.
AA: So, you said that some conflict between you and four other people was the impetus behind your decision to compromise the clinic and take the video, right?
It was the only reason. Yes. You see, we normally spread botnets via p2p networks by injecting the executable into a game setup file, patch, or mod utility. It's the next best thing to infecting, say, an important Microsoft update. But that year our numbers were dwindling. I was trying to quit the ETA without watching it cave in, and so I had to do all the footwork, and I didn't have time to spread it in some sophisticated way. That wasn't my department.
AA: What was the reason behind the conflict?
When ETA wanted to go public, for one. But what started it was an unsanctioned hack by one of my members against Eric Spencer (name changed at the request)
AA: Why did they perform the hack against Eric?
I had handled a cyberstalking/bullying case. She went by the alias Shad0w. She wanted to join the ETA after we resolved the bullying/stalking, so we trained her, taught her everything we knew. She ended up finding this guy on Paltalk, social engineered her way into his email and then defaced his MySpace page.
He came running to me, making crazy outlandish claims and threats, so I blocked him for about a year. When I unblocked him out of curiosity, he was still breathing threats, claiming that he was going to have me arrested, etc. That's where this whole thing started.
I certainly didn't take him seriously at first. The chat logs are actually in my discovery evidence. My last attorney might still have his copy, but the chat logs are all still there, in evidence. I had a copy, but I think my ex-wife threw the 3 ring binder away.
Eric Spencer was a pest, on Paltalk, he was always claiming that he was this big bad hacker. The weapons of his warfare were social engineering. He could get inside your head like a CIA interrogator. The kid was bat shit crazy. He'd speak to members of my crew, and with doctored chat logs that he created, got them to believe I was talking behind their backs.
He'd try to put us against each other, to get us to not trust one another. He started teaming up with others who were in Anonymous who also wanted to take me out.
I fed him false dox, using the name of a friend of mine, who was deceased, from Oceanside, California. He phoned the Oceanside police department and they tracked down the name, and sadly found the man's wife, and began questioning her regarding myself—a picture of me, but with her husband's name. She told them I looked like Marion's son, Howard. (I was adopted). She gave them my mum's address and they approached her, and my mum said she didn't know the person in the photo.
That incident is when I knew this was something else. Chilly, an Anon, managed to hack into the Fixer's, one of my founding members, Gmail account and found divorce documents containing his real name, address, and other personal information. Sent someone to vandalize his home. Downloading pics of Fixer's son photoshopped them into pornographic images. Found out where Fixer worked, and phoned his employer and tried to get him arrested. When they got his phone number, they made these rape and murder threats against him and his son. One time while he was out.
Internet Haet Macheen (IHM) convinced me that she had been saving incriminating screenshots of some of my hacking activities and was going to report me to the FBI.
So I called IHM, posing as a private detective, and discovered that she had been bluffing.
AA: Did Eric initiate any actions to have you arrested?
No, he didn't.
Several Anons had been probing around for the ETA website. Around this time in 2008, we recruited a guy who used to be a prominent member of the Insane Masterminds Crew (IMC), Tw|zT3D. He ran IMC's web security. The kid was a Jedi and a killer code slinger, so I had a hard time refusing him as a recruit. (I had waged war against IMC and destroyed it, taking most of his members with me). Tw|zT3D was a mole, and I had no idea that he was there to rectify what we did to Graham Phisher, leader of the IMC. So he handed over our database to these Anon's and that's when our users and passwords fell into their hands.
There were a handful of other Anons who were attacking us, but unrelated to Eric and IHM, Chilly, etc.
We partnered with the H2K crew and moved our sites to a secure place. Still, it was never disclosed that I was 74k71x. Again, I was not at war with Anonymous, only some advantageous individuals trying to make a name for themselves, in addition to Eric Spencer’s operation to frame me.
I reported Eric and the other collaborators to the internet crime and complaint center (ic3.gov), but they never got back to me.
Other Anons like BuyaDog built online Rainbow Tables for us to use. Internet Death Machine recorded Vigilante Electric for us, a kind of theme song for ETA. He's the artist I posted the youtube music videos on Twitter. A good friend of mine.
I understand how contradictory it all seems. Back in those days, Anons attacking Anons was pretty much the norm. Hackers never have apparent motives. We have motives on top of motives. Appearing one way, to some, another way to others. Sleight-of-hand. Puppetry. We'd make great politicians.
I'm no longer a part of that world. But it's still confusing to me to remember why all this was so important to me once.
A Conflict of Interest
AA: What were your issues with Anonymous?
I was a member of Anonymous, as were several of us in the ETA. But we didn't make this known to many people because of diplomatic reasons. We had a powerful ally, a crew called 0DayExile, and they hated Anonymous. Therefore, publically we had taken a negative view of the collective.
I went by the alias 74k71x, and I hacked for 94chan, which was run by IHM, who used to be my public enemy-turned-friend.
If we wanted to continue enjoying support from 0DayExile, we needed to not join Anonymous.
0DayExile had a botnet pool of over a million machines. Also, it was run by a couple of programming and exploit masters whose skills far outweighed my own. They were worth the trouble.
AA: Had you left Anonymous before you compromised the clinic?
The media had this whole "cyber gang war" blown out of proportion. Back in 2009, a Dallas Morning News reporter, Avi Selk, contacted the Warden at Seagoville Jail in the hopes to interview me. That was my chance. He called several times his calls never got answered. Finally, he just shows up at the jail, and they turn him away, not allowing him access to myself of what I had to say in my defense.
Needless to say, it wasn't a "cyberwar", it was merely a very personal conflict between myself and about four people. One of them was IHM, the other was Eric Spencer.
AA: How old were you when you joined Anonymous?
It was 2007 when I joined. Let’s see. Twenty-three, I believe. Anonymous being a leaderless collective with an open membership policy makes them attractive.
AA: Why did you join Anonymous?
I joined Anonymous because they were something I had never seen before. Growing up in the late ’90s, I was familiar with such groups as the Cult of the Dead Cow (cDc), Legion of Doom, Masters of Deception, and ofc the Chaos Computer Club. Someone runs the crew, a person asks to join, their enlistment/membership is either approved or denied based on certain criteria to determine if they've got what it takes to be a member. Anonymous is different.
Every generation has a hacking crew that takes center stage, then fizzles out into obscurity. Not Anonymous.
AA: And by that time had you already been part of 0DayExile?
That didn't probably begin until the start of 2008. At first, I didn't believe that Anon was leaderless. It didn't make sense to me. They were different back then. Not all of them were cut from the same cloth, however. But the way it was structured made it easy for kids with malevolent tendencies to feel powerful due to a lack of accountability. So initially I harbored a negative perspective of the collective due to the heinous and audacious behavior of many.
I started making friends in the collective, and that's when I began to understand that there was no real indoctrination involved. They weren't being told to behave this way. It just became the perfect vehicle for angry kids to find other like-minded angry kids to do bad things together.
Then there was the other side of the coin: the activists fighting to expose what Scientology is really about. That was intriguing. So, I started building friendships, and that's when I started warming up to Anonymous and seeing the potential to do good.
I almost got myself overthrown out of my own group because I ran ETA like a dictatorship. They wanted free elections. Wanted to go public. That's when everything changed for me. [Laughs]
You have no idea. When I was little, I was fascinated by the CIA, spies, and stuff of that nature. So structured the ETA in a way that the younger members found confusing.
AA: You said you had a conflict because you were a member of both 0DayExile and Anonymous. Can you elaborate?
I never asked 0Day what their problem was. I remember when myself and another started using popular words or phrases from Anonymous. Lulz, and words like “insurgency.” 0Day was like, "are you an Anon fag now?" Sometimes asking questions to ego-driven individuals seems like making excuses. So the few times the issue was brought up, I simply denied that any of us had any involvement.
In fact, I'm still friends with the guy I sent to scope Anon out when I first learned about them in 2007.
“All My Case is Based on What I Had the Potential to Do”
AA: A ten-year sentence for installing a botnet sounds gross. What was the actual damage you inflicted?
Damage? Not in the conventional sense. But the legal definition of what constitutes "damage" may be different than how we typically perceive it. The fact that I had gained unauthorized access alone constitutes damage in the legal sense.
But no physical damage.
AA: According to the court files you shared with me, the prosecution spoke mostly about potential damage.
All my case is based on what I had the potential to do. What could have happened, however, isn't what actually happened.
I was forced to appear a certain way. I "knowingly intended to cause damage to protected computer systems" sounds really evil. When you plead guilty, you have to plead guilty to their terms, and the words they use. Legalese is the language they speak.
My activities were not on par with the kind of hacking attacks we are seeing today. This was a victimless crime, in the sense that it was not a monetary crime. Caging me for a decade is not rehabilitating.
I may be making excuses for myself, though there is a lesson that could have been learned with the same amount of value for justice if the sentence was 2 years, 3 years, 5 years, even 6 years. I mean, Kevin Mitnick was on the FBI's most wanted list, and his activities were pretty heinous, his sentence was just a few years and it served the interest of Justice.
This was a time during Wikileaks, Assange, and the "Anonymous Army". Anonymous was on a hacking rampage in a response to defend WikiLeaks founder, and the level of cybercriminal activity was at an all-time high.
Did you know that the chief public investigator for the public defenders' office inadvertently revealed to me who the confidential informant was?
Like, he didn't even realize it was Wesley McGrew. He showed me print outs from mcgrewsecurity.com and asked me if it was MY website. It was largely my experiences with that idiot forensic investigator that inspired me to want to become a computer forensic consultant for criminal defense lawyers.
AA: Tell me more about McGrew.
Wesley McGrew's invested interest in my case appeared to many as obsessive. After he publicly revealed his role and dismissed the CI designation that was given to him by the FBI, it seemed very clear that his motivation was to gain public recognition, at my expense. This was a very humiliating experience for me.
This became a one-sided story. I was informed that he was lurking in the ETA forums, mirroring their posts on his own security blog, and exposing them and myself to unnecessary public humiliation. His presence was very antagonistic to my compatriots, considering the turn of events. I don't resent him any longer.
But in 2011, I emailed him for the very first time, this was before my email was revoked. And I asked him if he was aware if I had been involved with witness intimidation, but he never responded to the question.
Only my prosecutors own sworn oral testimony says inside it. However, she makes mention of non-existent phone conversations that I supposedly had with ETA members, ordering them to attack McGrew. However, no such evidence exists. And if you spend any amount of time on my case, requesting Discovery evidence CDs, you will never find such phone conversations.
AA: So, are you on a supervised release, at this point?
No. I am 100% free. The courts decided to nullify my three years of supervised release because I kept trying to flee the country.
There were a lot of circumstances transpiring at the time. Fleeing the U.S. by cargo ship is easy. "IF" you have money. I went through a lot while I was imprisoned. One of your ex-presidents [one of former presidents of Russia]
back in 1994, I believe, once said, and I paraphrase, the U.S. operates some of the cruelest and most degrading prisons.
Anyways, it wasn't the best idea at the time, but I felt I needed to do this. I was going to restore my own sanity.
I had been ruminating on it for a very long time. Those in the employ of the federal government really altered my patriotic impression of this country. I grew up in a patriotic home, with a family who served in the military. I wanted asylum, but I didn't want to try and seek it at an embassy in the U.S.
Our government is morally defunct and without conscience. You might spend an entire lifetime and never see it. They do a fantastic job concealing it from the general population. We are basically guinea pigs here.
“The U.S. Operates Some of the Cruelest and Most Degrading Prisons”
AA: I read a court file you shared with me, that says that you and one of your inmates accused the jail's staff of rights violation, false imprisonment, intentional infliction of emotional distress, among other things. It seems they didn't let you communicate with your attorney as well, did they?
The court file was a class action lawsuit
because I was unlawfully detained without due process and housed in an 8x10 cell for 13 months.
AA: Why were you housed in an 8x10 cell?
My email privileges had been revoked on account of my hacking charges. I had no way to communicate with my appellate attorney, so a friend of mine offered to let me use his account. He got caught and was questioned by prison investigative services. The investigators determined that I was the one using his account. He lied to the investigators and claimed that he wasn't aware I was using the account, that I must have hacked into it.
I was being detained over suspicion of hacking. The prison authorities referred the case to the FBI, who found no evidence of tampering on my part. But because I had been writing appeals to the Regional office, my appeals found their way on the warden's desk.
She decided to hold me there arbitrarily in retaliation. I showered in ice water in the winter. I had completely gone mad. Prolonged confinement in conditions like these is very destructive to the psyche.
Seagoville's special housing unit (SHU) is notoriously known as a killer. The slag we refer to such units is called a hot box.
It has no AC/Fan or adequate vents. In the summer of 2012, it reached 125 degrees Fahrenheit in my cell. To make matters worse, one of the guards even turned the heater on us a couple of times. I had heat rashes all over my body. Every year someone dies there.
The prison used to serve as a Japanese internment camp during WW2. That part of the facility is very old.
The Prison Legal News (PLN) newsletter is an excellent source on such things, lawsuits inmates have won because of such conditions. There are lots of women who are molested by guards, and when they have the courage to fight back, get a lawyer, the story usually ends up in the PLN.
AA: But nothing changes, does it?
It changes for that person. But in the whole grand scheme of things? No.
The Bureau of Prisons has a habit of hiring really screwed up people. People who enjoy the suffering of others, who feel it is their duty to humiliate, antagonize, or inflict hurt upon the guilty. A psychopath? That's the way we perceive these people. Without conscience. It's really sad. It's a strange world.
Putting humans in cages really sucks.
This is a BP-8 grievance form. Every year I submitted one. Trying to get my email privileges reinstated.
A BP-8 grievance form. Source: Jesse McGraw
Their response at the bottom reads "Your instant offense is the determining factor precluding you from using the computer. According to your PSI, you defeated firewalls and adversely affected the integrity of a hospital HVAC system. We have a duty to protect the public which includes precluding your access to computers."
AA: So they didn't let you use an email service at all for almost 10 years, did they?
Pretty much, though I had authorized computer access during my whole time. Just no means to conveniently communicate with people.
AA: As the FBI was involved, did they come to the jail to talk to you?
No, the FBI didn't interview me.
Special Agent (SA) Allan Lynd. He was the leading case agent. However, SA Ajeet Singh was the present FBI agent at my sentencing hearing. I liked him. He's got a conscience.
I was going to get myself arrested eventually.
SA Lynd knew of me anyways. We ran into each other a year before, by accident. He had just arrested one of my members, 2008. A kid we called Punizzl. He'd performed an unsanctioned hack that brought the heat on all of us.
He's trashed his school's entire network, just to see if he could do it. A government-funded school. They'd caught him. We sent a car to his address to extricate him from the situation if he wanted an out. He didn't. After the FBI arrested him, they were using his cellphone. Hadn’t logged out of AOL IM. So I sent a cheeky message to the FBI and told them that I did not condone them using his phone as a means to entrap the rest of us. I told them that I was going to send an SMS flood, and clog the network.
Back in those days, phones couldn't handle too many packet requests being sent to a phone. It would freeze the phone. The only way to unfreeze it was to pop the battery out.
Effectively logging Punizzl out of AOL IM. SA Lynd was the one holding the phone.
Lynd bragged about it the night he arrested me. Other than that, the FBI was not building a case at the time.
But to answer your question, I simply was out of control.
A white three-ring binder packed with screenshots I'd printed out was confiscated from my apartment. In it, I cataloged every hack I'd done, and those of my crewmates. My activities went far beyond the fool play with botnets.
There were many shades and aspects of my life. Sometimes capturing and presenting the story in part helps not to overload people with too many details. You can clearly see how confusing and kind of strange my life was at that time.
The FBI only know about some of it because of that stupid ego-library I kept as a trophy. Well, they know most of it, to be perfectly honest.
Those were different times, then. A couple of old ETA members kept all the screenshots. They're around, but hard to get to, apparently. My ex-wife had the 3 ring binder until about 2 years ago. Those images are in my discovery evidence. My prosecutor has it. Possibly my last attorney.
I don't like the person I became on account of what I was doing. But that's neither here nor there.
Thank you, Jesse.
Jesse McGraw was interviewed by Ana Alexandre
Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.