In 2009, the leader of the Electronik Tribulation Army (ETA) hacker group, Jesse William McGraw, also known as GhostExodus, hacked over ten computers at the WB Carrell Memorial Clinic orthopedic clinic, where he worked as a night guard.
McGraw installed programs with the help of which he got remote access to the SKKO (ventilation, air conditioning and heating system) and the computer of the nurse's post.
In addition, on some computers, McGraw installed a botnet to use it to perform a DDoS attack on the websites of competing hacker groups. The attack was scheduled for July 4 — he gave the code name “Devil's Night” to this operation.
The further course of events is set out in a press release of the court ruling:
“McGraw made video and audio recordings of the process, which he called“ botnet infiltration. ” [...] McGraw consistently talked about all his actions, step by step. He illegally gained access to the office and the computer, inserted a CD into the computer with the OphCrack program, which allows using the device bypassing the password and protection, as well as a storage device with removable media, which, he said, contained malicious code or a program. ” |
In May 2010, federal district judge Jane Boyle accused McGraw of computer fraud and sentenced to 110 months in prison.
In announcing the verdict, Boyle sent a message to cybercriminals stating that “people who commit crimes using computer technology should be aware of the potentially devastating consequences of their actions, promote respect for the law, and prevent others who are already involved in computer crimes from computer crimes or they are plotting. ”
In January 2020, Jesse McGraw was released from federal prison, and on April 28, he left the social adaptation rehabilitation center for people released from prison.
When forklog.media correspondent Ana Alexandre asked McGraw for an interview, he said: “It can hardly be said that my life is going according to some planned scenario. "I have not discussed my business with anyone for more than five years, so it can be difficult for me to put together fragments of it together."
Ana Alexandre spent a week talking with Jesse McGraw. During the conversations, he told his story and shared his thoughts about the years spent in prison, the objectivity of the sentence and how it all affected him.
“I wanted not to attack the clinic, but to launch an attack from the clinic” |
Jesse McGraw (hereinafter referred to as DM): The hacking of the SVCO and the nurse post shown on the YouTube video are two episodes that have been charged with me. In fact, these events are not interconnected, but the prosecution decided to pile everything up and link them to the "Devil's Night". The fact that I did not install the botnet on the SVKO server indicates that I was not going to use the server to operate the botnet.
I used the SVKO server for personal purposes. This is confirmed by the magazine keylogger (keylogger) of several hundred pages. According to investigators, it was installed on the SVKO server. Yes, I became his victim. It turned out that SKKO was hacked before I even started working in the clinic. It was the Perfect Keylogger program. She tracked all my actions.
I used the SKKO for reasons of convenience. At the post of the guard in the clinic premises there was a weak WiFi signal, which constantly disappeared. Therefore, I found a convenient access control system in the form of CMSS and installed TeamViewer on it. But the firewall blocked the incoming signal, and I did not want to change the system configuration, so instead of TeamViewer I installed LogMeIn, after which I could log in and do my thing without leaving my post.
Through SVKO I could correspond in the AIM messenger, use MySpace and buy magnets for the car on vistaprint.com. All these actions are recorded in the log files included in the report of the pre-trial investigation of evidence collected by the FBI.
The SVKO account did not require a password, but there were administrator accounts of another user. I don’t remember what they were called. I found the p2p program in one of the user accounts and downloaded media files with it. Perhaps this is how the device was originally hacked, but this is just a guess.
FLM: What were you planning to do on Devil Night on July 4th?
DM : Launch a DDoS attack against 4chan, 94chan and the IRC server used by people who intended to set me up. It turned out they did not even have to do this.
Before that, I already used botnets. I regularly ran them against 94chan, and also used them in # OpIran . The investigation claimed that my botnets could cause serious damage if they hadn’t arrested me before the Devil’s Night. This is not a fact at all. I already said that I ran them regularly.
My goal was not to attack the clinic, but to launch another attack from the clinic on July 4.
My case has set a precedent. For the first time in US history, a person was convicted of hacking a process control system. My sentence was unreasonably harsh. The Justice Department seemed to want me to get the full amount for my misconduct, given what was happening in the world at that time: the case of Chelsea Manning, WikiLeaks, Anonymous.
FLM: Why was it like filming a video and uploading it to YouTube?
DM : It was a rash step, but then I did not understand it. My goal was propaganda. By my example, I wanted to motivate and inspire others.
FLM: Going back to hacking, you say that the main reason was the conflict between you and four other people, right?
DM: That was the only reason, yes. Usually, we distributed botnets through p2p networks, embedding the EXE file in the game’s installation file, patch or mod. This is almost the same as infecting, say, an important Microsoft update. But that year, the ETA began to break up. I wanted to leave her ranks so as not to see how she was losing ground, so I had to do the routine myself and did not have time to distribute botnets in some sophisticated way.
FLM: What caused the conflict?
DM : First of all, that the ETA wanted publicity. But most importantly, one of the members of my group arbitrarily hacked Eric Spencer (name changed).
FLM: Why did he do this?
Dm: One girl - we knew her as Shad0w - became a victim of virtual harassment / bullying. After we helped her, she wanted to join the ETA, and we taught her everything we knew. In the end, she found this guy on Paltalk, hacked his email inbox, and then mutilated his MySpace page.
He wrote to me, poured threats and carried all kinds of nonsense. I blocked it for about a year. Then, out of sheer curiosity, I unblocked him and saw that he was still sending threats, declaring that he would get my arrest, etc. This all started.
At first I did not take him seriously. The conversation logs were preserved in the investigation materials. Perhaps my last lawyer even has them.
Eric Spencer was a nasty type. At Paltalk, he constantly excelled, calling himself a super-mega-cool hacker. His chip was social engineering. He could get into your head like some CIA agent. He really was mad at hurting me. He faked chat logs, and then showed them to my team members. He even managed to convince some that I was plotting intrigue behind them.
Eric tried to quarrel us, to deprive of mutual trust. He began to connect with other hackers from the Anonymous group, who also wanted to get me out of the game.
He was desperate to find out my real name. At some point, I managed to feed him false documents using the name of my late friend from Oceanside in California. Eric even tried to attract the police, but attempts to reveal my identity were unsuccessful.
Another incident happened. Chilly, a hacker from Anonymous, managed to hack the Gmail account of Fixer, one of the founders of ETA, and found documents related to his divorce process with his real name, address and other personal data, and then hired a person to pogrom in Fixer’s house.
In addition, he downloaded a photo of Fixer’s son and photoshopped him on pornographic images. I found out where Fixer worked, called his boss and tried to get him arrested. He also threatened to rape and kill both Fixer himself and his young son.
Internet Haet Macheen (IHM) claimed that she had incriminating evidence against me and she would merge it with the FBI. I called her as a private detective and found out that it was a bluff.
FLM: Did any of Eric's actions cause you to be arrested?
DM : No.
Some Anonymous members tested the strength of the ETA website. At that time, in 2008, Tw | zT3D joined our ranks, who had previously been an important member of the Insane Masterminds Crew (IMC) team.
It provided IMC web security. The guy was just a Jedi, a first-class hacker, and I could not refuse his membership (I declared war on IMC and destroyed it, after which most of their team passed to me). Tw | zT3D turned out to be a mole. It was introduced to fix what we did with IMC leader Graham Fisher. So, he transferred our database to these Anonymous members. It was then that our pseudonyms and passwords fell into their hands.
Other Anonymous members attacked us too, but that was not connected with Eric and IHM, Chilly, etc. We made an agreement with the H2K team and moved our sites to a safe place. I acted under the nickname 74k71x, but no one ever recognized this. Again, I did not fight with Anonymous, just some particularly entrepreneurial individuals tried to make a name for themselves. Well, Eric Spencer tried to set me up.
I complained about Eric and others to the Internet Fraud Complaint Center (ic3.gov), but there was no reaction.
Other Anonymous members, in particular BuyaDog, created Rainbow Tables for us and uploaded them to the network . Internet death machinerecorded for us the composition Vigilante Electric, which became a kind of anthem ETA. The performer of Internet Death Machine is a close friend of mine.
I understand how much this all seems contradictory. It was commonplace in those days when some Anonymous members attacked others. Hackers never have obvious and unambiguous motives. Some motives flow from others. Manipulation. Pretense. Hackers could make great politicians.
I no longer belong to the hacker world. But, recalling that period, I still wonder why all this was so important to me.
Conflict of interest
FLM: What was your conflict with Anonymous?
Dm: I, like some other ETA members, was anonymous. But few knew about this, we hid this fact from diplomatic considerations. We had a powerful ally in the team 0DayExile, and they could not stand Anonymous. Therefore, in public, we showed a negative attitude towards Anonymous.
I acted under the nickname 74k71x and helped 94chan, which was managed by IHM. She was my sworn enemy, who later became a good friend.
To continue to receive 0DayExile support, we did not have to join Anonymous.
The 0DayExile group managed a botnet pool of more than a million cars. Also, the pool was controlled by programmers and experts on exploits. I was significantly inferior to them in qualifications. For their sake, it was worth playing by their rules.
FLM: Did you leave Anonymous before hacking the clinic?
DM: None.
The media has inflated the scale of all these “hacker wars" beyond measure. In 2009, a Dallas Morning News reporter, Avi Selk, turned to the warden of a prison in Sigovilla, hoping to interview me. That was my chance. He called there several times, but they did not even answer him. In the end, he personally came to prison, but he was wrapped up, not allowing to meet with me. I could not speak out in my defense.
Of course, this was not a “cyber war,” but simply my conflict with four people, which was very personal.
FLM: How old were you when you joined Anonymous?
DM : I joined them in 2007. Anonymous is a team without a leader; it pursues an open membership policy, which makes it attractive.
FLM: Why did you join Anonymous?
DM : Because I have never encountered anything like it. My youth came in the 90s, and I knew such groups as Cult of the Dead Cow (cDc), Legion of Doom, Masters of Deception, and, of course, Chaos Computer Club. When recruiting new members, all of these teams decided whether the recruits met certain criteria. Anonymous has a different model.
In each generation there are cult hacker groups that first go to the forefront and then dissolve into nothingness. Anonymous is different.
FLM: And at that time you were already a member of 0DayExile?
Dm: I did not establish the first contacts until the beginning of 2008. At first I did not believe that Anonymous did not have a leader. It seemed nonsense to me. Then they were different. However, the people there were different, but the very structure of the organization easily allowed schoolchildren with destructive inclinations to feel "powerful" because there was no control.
The more I spoke with the participants from this group, the more I realized that there was no hierarchy in it. No one gave them instructions to act in one way or another. Simply, this group gave teenagers angry at peace a great opportunity to find like-minded people and do nasty things together.
There was another side to the coin: activists tried to open people's eyes to the grim truth about Scientology. This intrigued me and I began to get closer to them. It was then that I began to feel warm feelings for Anonymous, because I saw the potential to do good.
My ETA associates almost overthrew me because I ran the group as a dictator. They wanted free elections. We wanted publicity. Then everything changed. [Laughs]
Who knew that would be so .... As a child, I was addicted to the CIA, spies and similar things. Therefore, it gave the ETA such a structure that it was not easy for the younger members to understand it.
FLM: You said the conflict was caused by your simultaneous membership in 0DayExile and Anonymous. Could you please explain?
Dm: I have never been interested in 0Day, what are they unhappy with. I remember that I and another guy started using the words and phrases that are popular with Anonymous - lulz, insurgency, and 0Day they say to me: “Are you spinning at Anonov?”
Often, when this topic popped up, I simply denied any connection with Anonymous.
By the way, I am still friends with a guy whom I sent to take a closer look at the Anons, when I first found out about them in 2007.
“I was convicted of what I could potentially do.”
FLM: Ten years for installing a botnet is harsh. What real damage did you cause?
Dm: Damage? If we understand "damage" in the generally accepted sense, then no. But the legal definition of damage is different from what we usually mean by that. The fact that I got unauthorized access, from the point of view of law, already qualifies as damage.
But no physical damage was done.
FLM: According to the case file that you forwarded, the prosecution forced the idea of potential harm that you could cause.
DM: The charge is based solely on what I could potentially do. However, “could” and “made” are two big differences.
I was imposed a certain position. “I deliberately intended to cause damage to secure computer systems” - sounds like a villain's confession. When you plead guilty, you are obliged to formulate your confession in that language and using those terms on which the prosecution insists. Use their legal jargon.
My work cannot be compared with the hacker attacks of our day. I committed a crime without victims in the sense that I did not seek profit.
To consider that a ten-year conclusion will benefit a person is not a good idea.
Perhaps I am justifying myself, but I would have learned a lesson, sentenced me to two or three years, and even to five or six. Say Kevin Mitnickwas among the most wanted by the FBI. He committed high-profile crimes, and served only a few years, and his punishment served the interests of justice.
My business came at a time when the scale of cybercrime in the world reached its maximum. The release of secret documents through Wikileaks, as well as the pursuit of Assange, to which Anonymous Army responded with a flurry of hacker attacks.
Did you know that an investigator from the Department of Public Defenders accidentally revealed to me who the informant was?
FLM : Nope.
JM : He showed me printouts of mcgrewsecurity.com and asked if it was MY site. In many respects, thanks to my communication with this idiot, I had a desire to start advising lawyers in criminal matters.
FLM: Tell me about McGrew.
DM : Wesley McGrew’s interest in my business seemed to many to be manic. After he publicly revealed his role and violated the position of the FBI on secret informants, his motivation became apparent. He wanted to get public recognition at my expense. It was a very humiliating experience for me.
He also behaved unethically towards me. They told me that he secretly appeared on the ETA forums, duplicated their posts on his security blog, and subjected the guys and me to public humiliation. His presence affected my associates extremely negatively, given the further development of events. However, I no longer hold him angry.
In 2011, I first sent him an e-mail, this was before my mailbox was blocked. I asked if the witness was intimidated in my case, but he did not answer.
Only the sworn oral evidence of my prosecutor, let’s say, “confirmed” this. However, she mentions the non-existent telephone conversations that I supposedly had with ETA members, ordering them to attack McGrew. But there is no such evidence. And if you spend a little time studying my case, requesting a CD with judicial evidence, you will see that there were no such telephone conversations.
FLM: Are you under surveillance now?
Dm: No. I am completely free. The court decided to annul the three years of the supervised release regime, as I did not give up attempts to flee the country.
FLM: Why?
DM : A lot of things were happening at that time. From the USA it is easy to escape on a cargo ship. “IF” you have money. I went through a lot in prison. I remember a politician in 1994 said that American prisons are one of the most cruel in the world, with inhuman conditions of detention of prisoners.
One way or another, it wasn’t the best thought in the circumstances, but I felt that I should do it. I wanted to restore peace of mind.
I thought about this step for a very long time. Collision with the system deprived me of faith in it, but I grew up in a family of American patriots who served in the army. I wanted to get political asylum, but did not want to apply to embassies in the United States.
Our government has decayed morally, which perceives us as experimental rabbits. You can live here all your life and not understand this. They perfectly learned to hide this fact from the population.
“American prisons are one of the most violent in the world, with inhuman conditions of detention of prisoners”
FLM: I looked at a document from your case file that says that you and a friend of the other prisoners accused the prison staff of violating your rights, unlawful deprivation of liberty, intentionally leading to stress or nervous breakdown, as well as punishment of disproportionate severity crime. They also did not allow you to speak with a lawyer, right?
DM: This is a group civil action - I was illegally, in violation of the regulations, put in solitary confinement 2.5 × 3 m for thirteen months.
FLM: For what?
DM: I was denied the right to use email because I was convicted of hacking. I could not communicate with my lawyer from the court of appeal, so one friend suggested that I use his account. A friend was caught on this and interrogated. Investigators found that I used the account. He lied to them, saying that he did not know, and that I must have hacked the account.
I was charged with suspicion of hacking. Prison authorities handed over the case to the FBI, where evidence of hacking was not found. The fact is that I filed appeals to the regional office, but none of them went beyond the table of the head of the prison.
In retaliation, she put me in a punishment cell, where in winter I had to wash with ice water, among other things. There I was completely crazy. A prolonged detention in such conditions destroys the psyche.
The penitentiary in the Sigovilla prison is notorious for the killer. We call such insulators "gas chambers."
There are no air conditioners, no ventilation system. In the summer of 2012, the temperature in my cell reached 125 degrees Fahrenheit (51.6 degrees Celsius). To make the conditions even more unbearable, one guard even turned on and pointed the heater at us a couple of times. My whole body was covered with thermal burns. Every year people die there.
During World War II, this prison served as a camp for Japanese prisoners of war. That part of it that I am talking about is very old.
The Prison Legal News (PLN) newsletter contains a ton of stories about episodes when prisoners sued due to inhuman conditions and won the trial. Guards often rape female prisoners, and when they have the courage to fight back, find a lawyer, such stories are usually featured on PLN pages.
FLM: But nothing changes, right?
DM : Varies for a specific person. Is the system changing? No.
As a rule, the Federal Bureau of Prisons takes on uniform thugs. Sadists who feel that it is their responsibility to humiliate prisoners, arouse hostility in them, and torture them psychologically and bodily. Psychopaths? Yes, that’s what we call such people. People without any morality. This is very unfortunate. This is a strange world.
Putting people in cells is crap.
Here is the BP-8 complaint form. I served it every year. Tried to restore the right to use e-mail.
Form BP-8 with complaint. Source: Jesse McGraw
At the bottom of their answer: “The offense that you are serving the sentence is the main factor preventing you from using the computer. According to your PSI (Presentense Investigation Report, pre-sentence report), you cracked the firewall, which negatively affected the structural integrity of the SLE system in the clinic. We have a duty to protect citizens, which includes preventing you from accessing computers. ”
FLM: So they haven't allowed you to use email for almost ten years, right?
Dm: Yes, although I had access to a computer under supervision during the whole period of my detention. Only there was no means of convenient communication with people.
FLM: Your business was with the FBI. Did Bureau staff come to jail to chat with you?
DM : No, the FBI did not interrogate me.
Special Agent Allan Lind had a decisive influence on the court decision in my case, but Special Agent Ajit Singh was present at the stage of sentencing. I liked him, he gave the impression of a highly moral person.
Everything was going to get me arrested in the end.
FLM: Why?
DM: I knew Special Agent Linda. We accidentally collided a year before my arrest. In 2008, he arrested a member of my group, we called him Punizzl. He committed an unauthorized hack, which we all suffered from.
Punizzl hacked into the network of the school he studied in, just to see if he was capable of it. Moreover, it was a public school. He was caught. After the FBI arrested him, Bureau officials used his mobile. He did not end the session at AOL Instant Messenger, and I dared agents in the messages. He said that I did not approve of using his phone to hunt us. He promised to spam them with SMS messages and bring down the network.
In those days there was a limit on the processing of batch requests. Exceeding it could lead to the phone freezing. The only way to get it working again was to remove the battery.
Lind boasted of this successful operation on the night of my arrest. With the exception of this episode, the FBI wasn’t digging under me then.
But, answering your question, I’ll say that I just lost control.
In my apartment they found and confiscated a huge folder with printed screenshots. It was a catalog of everything we did. My activity went far beyond wacky fun with botnets.
I have done everything in my life. Sometimes not overloading people with details is the only way to convey the meaning of your story. Now do you understand how controversial and strange my life was at that time?
The FBI found out about its individual sides only thanks to that stupid folder that I kept as a trophy in order to amuse my vanity. Well, to be completely honest, they learned almost everything.
It was a completely different time. A couple of old ETA members saved all the screenshots. They are somewhere, but getting them will not be easy. These files are in my case file. My prosecutor has them. Perhaps my last protector.
Now I can say that I do not like the person I was then. But this is irrelevant.