Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security Idle Your Rights Online

Hacker Posts His Crime On YouTube, Lands In Jail 176

Posted by samzenpus from the bad-ideas dept.
wiredmikey writes "A former contract security guard who admitted hacking into a hospital's computer systems (where he worked), was sentenced to 110 months in Federal prison. Why did he do it? He admits that he intended to use the bots and the compromised computers to launch DDoS attacks on the websites of rival hacker groups. The FBI says he posted video of himself hacking into the hospital computers on YouTube — While the theme of 'Mission Impossible' played, he described his hack, step by step, including the insertion of a CD containing the OphCrack program, which allowed him to bypass all security. The FBI found the CD containing the OphCrack program in McGraw's house and found the source code for the bot on his laptop."
This discussion has been archived. No new comments can be posted.

Hacker Posts His Crime On YouTube, Lands In Jail More

Hacker Posts His Crime On YouTube, Lands In Jail

Comments Filter:

  • Security researchers or confidential informants? (Score:2, Interesting)

    by elucido ( 870205 ) * on Wednesday March 23, 2011 @03:39PM (#35590752)


    "FBI agents have raided the homes of three alleged members of a hacker gang that harassed a security expert who helped put the group’s leader in jail, according to a recently unsealed search warrant affidavit.

    Jesse William McGraw, aka “GhostExodus,” pleaded guilty in May to computer-tampering charges for putting malware on a dozen machines at the Texas hospital where he worked as a security guard. He also installed the remote-access program LogMeIn on the hospital’s Windows-controlled HVAC system.

    Last month’s raids were prompted by the aftermath of McGraw’s arrest. McGraw was the leader of an anarchistic hacking group called the Electronik Tribulation Army, and his bust led to a flood of harassment against the Mississippi computer-security researcher who discovered screenshots of the HVAC access online and informed the FBI."
    http://www.wired.com/threatlevel/2010/07/eta/ [wired.com]

    Has "security researcher" become the code for for confidential informant? Why else would the "researcher" go out of his way to "inform" the FBI?

    Why do articles even call them "security researchers"? Now if this guys job is to investigate hackers, then he should be called a "cyber crime investigator". It's disingenuous to call an a cyber crime investigator/cybercop detective a security researcher.

    What is with this trend? And what is the official function of a security researcher? Are they informants? I'd think maybe not if they aren't pretending to be outlaw/blackhats, so I cannot put them in the obvious informant/snitch category that albert gonzalez [wikipedia.org] is in. An informant/snitch generally is someone who is a criminal hacker or member of a crew, who betrays his or her own crew to provide information to another crew (usually the police). Albert Gonzalez fits the definition of a snitch, the worst kind.

  • The role and ethics of security researchers: (Score:2, Interesting)

    by elucido ( 870205 ) * on Wednesday March 23, 2011 @03:46PM (#35590848)

    This question goes out to security researchers. When is it a good idea to inform the FBI of a crime? Does it depend on whether or not you are white hat, black hat, grey hat? Does it depend on whether or not you are in the same crew as the person, or know the person? And if you do, does it remain just research or does the function of the security researcher change to investigator?

    I keep seeing various different job titles, security researcher, cyber crime investigator, cyber cop, cyber warrior, and I do not understand the different inherent functions of these terms. At the same time you have obvious professional betrayers like Albert Gonzalez being called "agents" and "heroes" by the feds in one sentence and then later on the feds are locking him up and he's a dirty rotten snitch greedy scoundrel.

    So which security researcher, hacker, or cyber crime investigator wants to clear up exactly the different functions and roles?

  • Self-defense (Score:5, Interesting)

    by Anonymous Coward on Wednesday March 23, 2011 @03:47PM (#35590862)

    This is exactly why we don't counter-attack those attempting to penetrate our network. While you *might* have some slim chance of reaching the attacker, chances are equally good you will end up attacking some systems in a hospital or something equally unacceptable.

  • Re:Security researchers or confidential informants (Score:2, Interesting)

    by ElectricTurtle ( 1171201 ) on Wednesday March 23, 2011 @03:56PM (#35591022)
    I don't think you understand how whitehats think. They think they are talented superhero vigilante crime fighters. I've known a few in my time, and they are frequently the kind of Eagle Scout archetype of a neighborhood watch captain. They have no real official power, but they get off on being "the good guys" and will turn in anybody for anything. It's a terrible combination of boredom, a modicum of skill, and an underdeveloped legalist sense of ethics.

    At the same time, blackhats like GhostExodus are pathetic in the opposite dimension. They egotrip on being able to put a live CD into a Windows box to haxx0r its security like that's so hard. As far as I'm concerned the white vs. black drama can keep going as long as they want. Meanwhile the vast majority of grays will mind their own business, neither snitching nor bragging. Both are stupid unless you have a really good reason.

Slashdot Top Deals

Software production is assumed to be a line function, but it is run like a staff function. -- Paul Licker

Close