Hacker Posts His Crime On YouTube, Lands In Jail

wiredmikey writes "A former contract security guard who admitted hacking into a hospital's computer systems (where he worked), was sentenced to 110 months in Federal prison. Why did he do it? He admits that he intended to use the bots and the compromised computers to launch DDoS attacks on the websites of rival hacker groups. The FBI says he posted video of himself hacking into the hospital computers on YouTube — While the theme of 'Mission Impossible' played, he described his hack, step by step, including the insertion of a CD containing the OphCrack program, which allowed him to bypass all security. The FBI found the CD containing the OphCrack program in McGraw's house and found the source code for the bot on his laptop."

I think he knows the underwear gnomes.

[gurps_npc]

Step 1) Post a video of yourself committing a crime

Step 2) ????

Step 3) Jail!

Re:Seems a bit excessive

[Nikker]

The network he had access to was a hospital's LAN. He wanted to use it to DDOS which would result in saturating much of the hospital's LAN to begin with and possibly screwing with equipment in the mean time. If he hacked into a Starbucks or a McDonalds to do the same I wouldn't care as much but his stupidity overreached on this one.

Re:Security researchers or confidential informants

[iamhassi]

"The stigma of being a "confidential informant" is quite hazardous. Why do you think there's a Witness Protection Program?"

But... he is a security researcher, here's his security [mcgrewsecurity.com] websites [dissectingthehack.com] and his LinkedIn says he has a PhD in Computer Science and works at the Mississippi State University Center for Computer Security Research (CCSR). [linkedin.com]

I'd say he's qualified. I don't understand why parent automatically assumed he was just an informant. If you're a private detective and with PhD in Criminal Forensics and you see a felony take place wouldn't you call the police? Would /. then assume you're simply an informant instead of being the private detective that the article correctly identified you as being?

Re:110 Months

[fredclown]

Being in the medical IT field I can tell you that almost all medical software is written for Windows. And last I checked I don't think you can arrest anyone for developing for the windows platform. Just because the system is on Windows doesn't automatically make it insecure. There are a number of things that could have been done to mitigate this such as ... super-gluing the USB ports, securing door access, group policy to lock down what can be run. If best practice security was followed this guy would have hard a hard time doing it. If you leave a system wide open for attack it will be ... whether it be Unix, Mac, or Windows.