Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Posts His Crime On YouTube, Lands In Jail

Posted by samzenpus on from the bad-ideas dept.

wiredmikey writes "A former contract security guard who admitted hacking into a hospital's computer systems (where he worked), was sentenced to 110 months in Federal prison. Why did he do it? He admits that he intended to use the bots and the compromised computers to launch DDoS attacks on the websites of rival hacker groups. The FBI says he posted video of himself hacking into the hospital computers on YouTube — While the theme of 'Mission Impossible' played, he described his hack, step by step, including the insertion of a CD containing the OphCrack program, which allowed him to bypass all security. The FBI found the CD containing the OphCrack program in McGraw's house and found the source code for the bot on his laptop."

15 of 176 comments (clear)

  1. I think he knows the underwear gnomes. by gurps_npc · · Score: 4, Informative
    Step 1) Post a video of yourself committing a crime

    Step 2) ????

    Step 3) Jail!

    --
    excitingthingstodo.blogspot.com
  2. Ladies and Gentleman by Tigger's+Pet · · Score: 4, Funny

    Do we have a winner for the prize of "stupidest person alive"? Who, with the slightest semblance of common sense, would think that posting a video of themselves doing this was a good idea? This ranks up there with the guy who used a camera mounted to his motorbike to record himself doing 140mph+ in the UK, then posted it on YouTube with his face and licence-plate.

  3. Self-defense by Anonymous Coward · · Score: 5, Interesting

    This is exactly why we don't counter-attack those attempting to penetrate our network. While you *might* have some slim chance of reaching the attacker, chances are equally good you will end up attacking some systems in a hospital or something equally unacceptable.

  4. Re:Seems a bit excessive by Nikker · · Score: 3, Informative

    The network he had access to was a hospital's LAN. He wanted to use it to DDOS which would result in saturating much of the hospital's LAN to begin with and possibly screwing with equipment in the mean time. If he hacked into a Starbucks or a McDonalds to do the same I wouldn't care as much but his stupidity overreached on this one.

    --
    A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
  5. Re:Security researchers or confidential informants by chemicaldave · · Score: 3

    Has "security researcher" become the code for for confidential informant? Why else would the "researcher" go out of his way to "inform" the FBI?

    If you saw people breaking into a home wouldn't you report it? Or would the stigma of "confidential informant" be to much?

    Why do articles even call them "security researchers"? Now if this guys job is to investigate hackers, then he should be called a "cyber crime investigator". It's disingenuous to call an a cyber crime investigator/cybercop detective a security researcher. What is with this trend?

    Who cares if the person was a "security researcher" or "cybercop detective"? What's it matter?

    And what is the official function of a security researcher? Are they informants? I'd think maybe not if they aren't pretending to be outlaw/blackhats, so I cannot put them in the obvious informant/snitch category that albert gonzalez is in. An informant/snitch generally is someone who is a criminal hacker or member of a crew, who betrays his or her own crew to provide information to another crew (usually the police). Albert Gonzalez fits the definition of a snitch, the worst kind.

    You took the term "security researcher", substituted your own definition of "confidential informant", and then hinted that the person might be a snitch...

  6. Re:Seems a bit excessive by Americano · · Score: 3

    Why is it excessive? From TFA:

    While hacking into the HVAC computer, McGraw knew the risk of affecting the facility’s temperature, and the treatment and recovery of vulnerable patients. In addition, he could have affected the efficacy of all temperature-sensitive drugs and supplies. Although he denies, it, access to the nurses’ station computer could have opened the door to patient records.

    Given the fact that his actions could have breached confidentiality of medical records, or, you know, even killed someone due to the HVAC system going haywire and not controlling the temperature in a patient's room, or a storeroom containing temperature-sensitive medications, I'd say that 9 years and 2 months (probably being served in a minimum-security federal prison camp) doesn't sound all that unreasonable.

  7. Re:Security researchers or confidential informants by SuperKendall · · Score: 4, Insightful

    That depends on whose home it is. If it's a rich assholes home, probably not

    You do realize that this means you, too, are an asshole, and that someone even lower on the moral chain than yourself will watch someone break into your house and do nothing for the same reason?

    The chain of violence only stops when people like you stop demonizing based on external factors.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  8. Re:Seems a bit excessive by betterunixthanunix · · Score: 4, Funny

    Are we going to imprison the people who decided to use Windows as the operating system for a critical, safety-sensitive computer? Why are we acting like the problems here end with this guy? Computers are not some magical object that dark wizards vie for control over; the fact that this guy could have endangered hospital patients because he was interacting with the HVAC computer (and ultimately, that is what he was doing: interacting with the computer) says more about the problems with the HVAC controller than about the hacker.

    --
    Palm trees and 8
  9. Re:Security researchers or confidential informants by ElectricTurtle · · Score: 4, Insightful

    Exactly. As Cullen Hightower said: "There's always somebody who is paid too much, and taxed too little - and it's always somebody else."

    I always ask people, at what magical number does 'theft' become 'economic justice'?

    --
    I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
  10. Re:110 Months by WrongSizeGlass · · Score: 4, Funny

    That's not that bad. People could get much worse for having the police catch them with crack in their home!

    That sentence is the least of his problems. Wait until the MPAA & RIAA find out he used the theme from 'Mission Impossible' in his YouTube posting without paying the appropriate licensing fees.

  11. Re:You are ridiculous by DurendalMac · · Score: 3, Insightful

    Accidentally hitting someone with a car and accidentally hitting someone with a car after you've swilled half a bottle of Gold Schlager would be treated differently. Accidents happen. Deliberately fucking with hospital systems in a way that you KNOW could cause damages and even get someone killed is not an accident.

  12. Re:Come on, dude. by Hatta · · Score: 5, Funny

    Don't be too hard on them. Any HVAC system can be circumvented using windows.

    --
    Give me Classic Slashdot or give me death!
  13. Re:Security researchers or confidential informants by ElectricTurtle · · Score: 4, Insightful

    This is the worst kind of thinking. 'The poor don't get justice so I'll make sure the rich don't get it either! Then we'll all be equal!' Equally fucked. Such an great thing to which to aspire. Equality is not the sacred thing you seem to think it is. To paraphrase Margaret Thatcher, it is better to have a higher standard of living for the majority in a society with a high disparity than it is to have a lower standard of living for the majority in a society of greater equality.

    --
    I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
  14. Re:Security researchers or confidential informants by iamhassi · · Score: 5, Informative

    "The stigma of being a "confidential informant" is quite hazardous. Why do you think there's a Witness Protection Program?"

    But... he is a security researcher, here's his security websites and his LinkedIn says he has a PhD in Computer Science and works at the Mississippi State University Center for Computer Security Research (CCSR).

    I'd say he's qualified. I don't understand why parent automatically assumed he was just an informant. If you're a private detective and with PhD in Criminal Forensics and you see a felony take place wouldn't you call the police? Would /. then assume you're simply an informant instead of being the private detective that the article correctly identified you as being?

    --
    my karma will be here long after I'm gone
  15. Re:110 Months by fredclown · · Score: 3, Informative

    Being in the medical IT field I can tell you that almost all medical software is written for Windows. And last I checked I don't think you can arrest anyone for developing for the windows platform. Just because the system is on Windows doesn't automatically make it insecure. There are a number of things that could have been done to mitigate this such as ... super-gluing the USB ports, securing door access, group policy to lock down what can be run. If best practice security was followed this guy would have hard a hard time doing it. If you leave a system wide open for attack it will be ... whether it be Unix, Mac, or Windows.