In my early 20s, I worked in a nightclub. I wasn't doing anything special, just washing dishes and stuff, but one day, I overheard something that I still remember today. One of the servers was taking a customer's drink order, and for some reason, I heard the order. It was a standard cocktail, and for some reason, I knew this drink cost $4.
When the server came back with a drink, the customer pulled out his cash and asked, how much is it? The server told him it was $5. She was scamming customers who paid in cash. She would pocket the $1 extra and claim it was a tip and then give $4 to the bartender to ring it up. Clever stuff.
I was even a little mad that I didn't think about this, even though I didn't have to deal with money at all. But still, I loved thinking about ways to exploit the system when I was in my early 20s. But whatever, I was now in this new awkward position. Do I tell management about this? I get anxiety about stuff like this. She might lose her job because of me. Or maybe even get arrested because of me.
And I know some of you are thinking, no, no, no, no, no. It was her actions that would cause her to lose her job. But still, do you understand that feeling I'm talking about where if you say something, it can have life-changing results for someone else?
I didn't say anything, but the nightclub figured it out anyway and she ended up getting fired. This is a form of insider threat. She was in a position that she was taking advantage of. Insider threats are people who are hired by a company and then those people exploit the company that they're working for for some kind of extra gain. Over 50% of companies claim to be victims of insider threats. But what does that look like in the hacker world?
These are true stories from the dark side of the internet. I'm Jack Resider. This is Darknet Diaries. Okay, so...
Do you want to talk to me about probably the worst time of your life? You're ready to relive this moment.
Yeah, we can, we can relive it. Let's do this. Okay. So let's start with what's your name? My name is Ghost Exodus. Ghost Exodus. I like the sound of that. It actually does sound like a cool hacker name, doesn't it? But to understand Ghost Exodus, I think it's important to go back to a time, a time where we're all waking up, looking around, looking for answers about life.
I was 19 just turning 20. The year was 2004, and what Ghost Exodus is about to do is going to drastically change his life. Well, I mean, the circumstances involved in my life might surprise you because I've never talked about them to anyone before on the internet. But let's talk about what he's doing just before this big change.
Prior to that, I was a classical concert pianist, and so music was pretty much the center focus of my life. He's actually really good at piano, and what you're hearing right now is actually him playing. And not just that, but he's also really good at violin. Check this out.
When he was two years old, his mom and dad split up. She went to live in another state and gave full custody to his dad. But his dad had other problems and a tough time raising a kid on his own. So by the time Ghost Exodus was 10 years old, he was adopted by the family next door. His mom would send him photos and letters sometimes. But he would only be able to see them during psychological counseling sessions. And eventually, his real mom stopped sending letters and he lost contact with her.
And so when he was a teenager, he hired a private detective to try to find his biological mother. She was living in Texas. He went to see her. They reunited. He got to meet his biological brothers and sisters for the first time at 19 years old. He decided this was the family he wanted to live with. So he moved in with his biological mother to rebuild his long-lost family.
My mother was a pastor, married to a pastor, and because of my music abilities, I became the music director for my family's church. Makes sense, right? He wanted to be part of this family, and he can, by playing music in the church that they're involved with. Okay. But the extent of it was just so extreme that, I don't know, I just felt choked. Like, all creativity was just being bled from me.
The church was very strict and rigid and demanding of ghost exodus. He started wondering if this was a cult even. It was led by a megalomaniac. So my life was very micromanaged at the time.
What the heck kind of recipe is this, a 20 year old? Looking for answers in life, hires a private eye to find his birth mother, meets his brothers and sisters for the first time, moves in with them, gets inducted into a super strict church, and is not happy with how his life is being micromanaged. From 2004 to 2008 is when I was involved with this ministry. But in 2008, I finally got myself excommunicated. So that's when I just, I don't know, I just
Let loose, and that's I became like this eccentric loose cannon. During this time, Ghost Exodus also had an interest in computers, playing video games and downloading pirated software. But he was also seeing what activists like Anonymous were doing at the time raising awareness for injustices in the world. And this interested him. So he gravitated towards where this kind of stuff was taking place online.
There was a lot of injustice that really affected me by this type of ministry. And growing up in our rough neighborhoods that I grew up in, like I saw this need to use hacking as the means to help people who didn't have a voice and to help people who didn't have the technical capabilities to defend themselves. This was during a time
when cyber bullying was this type of epidemic. And there were no real viable means to help people who were experiencing cyber bullying schools did not have a policy that knew how to deal with this. And law enforcement neither had any type of platforms where they could reach out and help people who were being affected by cyber bullying.
In my own life, my life being dominated, being controlled, being constantly subjected to ridicule and injustice, I just took my experience and then tried to find some type of solace by helping others.
Everyone has their own soft spot for something. And you know it's your soft spot when you see someone or something suffer and it just tears you up inside. You can't stop thinking about it. And ghost exodus didn't like seeing people getting bullied online because the results are horrible.
like a naive kid might make a YouTube video and speak his mind about something but he looks a little funny or talks a little funny and he gets mocked and made fun of and somebody from the internet decides to get his real name and phone number and try to call him and mock him more and maybe even call his parents and mock them and this kind of thing can easily result in years of depression all because you made one stupid video on YouTube
Ghost Exodus hated to see when the internet trolls would dog pile on someone and ruin that person's life. So he wanted to do something about it. I originally was a member of the insane masterminds crew, and I had always been a lone wolf my whole life. And I really didn't want recognition. I didn't want to join my peers doing any type of activities. I was completely content hacking on my own and learning on my own, but.
I had bought some books and I realized like how much more I could learn if I had joined a crew. So I found the insane masterminds crew and they had recruited me. And so I enjoyed this great camaraderie. And I was able to expedite or, you know, greatly know and vastly learn more in a group setting.
From there, I was like, well, if I could be a member of this really cool ass group, why don't I start a group of my own? You know, that is fueled with my own ideas. No.
that I could recreate it in my own way." So Ghost Exodus became better at hacking. He learned a lot from this crew so much that he was able to start his own hacking group, and he named it ETA. The Electronic Tribulation Army. Social injustice was the forefront, but that was like our buckler and sword.
And this is really legitimate. Like, I'm not trying to sell myself here. Like, we became vigilantes, and that's what I saw myself as, as some type of social justice mechanism to try to reach out and find people who are being affected. Because it was so easy to try to rectify what they were going through.
and then try to empower them by teaching them ways to defend themselves. And it's, I don't know, it started really monologue with just us doing stupid shit, like learning SQL injections and cross-site scripting and phishing, and we didn't really have
any type of modus operandi, we were doing these things for the sheer exploration of it. You know, I come from a generation when hacking wasn't to make a name for yourself. And so that was kind of like the direction I was taking the group. We did things for the sheer curiosity of it. I mean, the internet was like this great nexus of infinite puzzles and
That's what kept me going is that every single like, you know, Nexus in this great vast network, you know, called the internet was like this great, just amazing puzzle. And I'm always really drawn to puzzles. And so hacking for curiosity is where I started. And that's where the ETA originated with.
I kind of took, you know, the vestiges of my generation and brought it with me. But as we became more sophisticated and, you know, we started bringing in these crazy Jedi hackers, you know, we seen that we could do more. So we started evolving into hacktivism, and then hacktivism took us into, like, fiber-visual land-ism, and then that just took us
into some really dark places where I started to kind of lose control of myself. And we kind of lost sight of what we had originally wanted to accomplish in those original stages. Like many activist groups, ETA grew and gained momentum. But the members of the group were getting sloppy, cocky, or trying to outdo each other. And it was this sort of TikTok swing that became unsustainable. We just lost control.
I mean, I lost control. Let's just be honest. I was probably the one who lost control. Oh, yeah. How so? It just, it started really getting to my head and it started to take control of my life. Like this megalomaniac, like church cult, like took everything from me. Like it left me with a self-esteem that was completely broken and hacking was a way to rebuild myself. But in so doing, like I became this narcissist,
this ego driven just maniac. And I just became this pathological hacker. And the more I did it, the more I boasted of it. It just, I lost control of who I was until like I didn't have an offline life anymore. And at the time I was married, I just had a kid like, and I didn't know how to stop. And so by like 2009, I really realized I had a problem.
He started playing around with botnets, which simply defined a botnet is a large group of computers that you control, but you don't own. So you really don't have permission to control them. When I seen what they could do, I don't know, my mind was blown. Like they're so versatile. Like you can do them, you can use them for good purposes. You can use them for bad purposes. You can sell them. You can lease them. You can rent them. I mean, they,
superseded anything that we were doing, like p-log, you know, host booters, denial of service. Just, I see the potential for using them as this bad ass freaking weapon that can pretty much, you can do anything, you can use it to leverage other people. It's like, it's just too much power in the hands of, in my hands.
Now, the story goes, another guy named Isaac, starts messing with ghost exodus at this time, doing things like doxing ghosts and calling the cops on him, stuff like that. But not just that, Isaac was targeting other members of ETA too, like finding out where one of them lived and going and vandalizing his house.
Isaac's motives aren't clear to me, and I tried to message him, but he never messaged me back. I've watched some of his streams and videos online, and he does things that just don't make sense to anyone. Like, he makes cringy internet prankster videos. And it wasn't just Isaac who was doing this. There were a few other people working with Isaac to do this too. So my guess is that they were just trying to cause chaos, maybe take over ETA, or dissolve it somehow, or just flex in some weird internet way.
I don't know. But when Isaac was doxing and calling the cops on Ghost Exodus, this was really freaking him out. And when these things started to escalate, I really started to panic. So I made the decision to risk everything and make a complaint with the Internet Crime and Complaint Center, hoping that they might involve themselves and try to, you know, put an end to what Isaac was doing.
but they never followed through with it. And because at this time I had a 13 month old child, you know, and my wife at the time, she was stressing, I didn't know how to stop this. And so what led to my crime was my crime in a nutshell was my taking, you know, this circumstance into my own hands, taking the law into my own hands. And so what I thought of doing was infecting as many computers as possible.
in order to launch this botnet attack against some of the websites that these guys were using as a platform to communicate, to collaborate. As it means to send a message to try to show them, hey, back off.
Now, at the time, Ghost Exodus was working as an overnight security guard in the Carroll Clinic in Dallas, Texas. This place is huge. It looks like a hospital. It has six stories, and it's a big building. But it closes down at night, so there's no patience in the building overnight or anyone, except security. This is a clinic that treats spine, shoulder, knee, and ankle injuries. And Ghost Exodus was the night security guard for this building. He would walk the grounds and make sure the doors are locked, and no vandalism was occurring.
He would often sit in the front lobby of the building where he could watch the security cameras for the entire clinic. Now, where I worked in the foyer, in the entrance at the Quill Clinic, they had a wireless access point that was really, really weak. And at night time, you know, that was the time when I did my studying, that's when I did my hacking. And that's the time I used to, you know,
really, you know, direct my crew. But the access point was so weak, it would always draw up my connections. So we started hunting and poking in the network, looking for a computer that had a more reliable internet connection. I ended up finding this computer which turned out to be a server. In this server he got access to, controlled the heating, ventilation, and cooling for the whole building.
It ran, you know, the scatter software used to control, you know, the heating, ventilating, and air conditioning system for the quail clinic. But, you know, the idea was, I'm going to use this computer. I'm going to install a log mean so I can access it remotely from my laptop at my guard station. But the firewall was blocking the incoming connection.
And instead of reconfiguring, you know, log me in, excuse me, reconfiguring TeamViewer, I decided to use, you know, the browser that logged me in. And with that, he was able to establish a persistent remote connection to this HVAC server. And so basically, I used it for, you know, chatting on AOL and some Messenger, you know, using it from MySpace. And I used it to buy card magnets off of VistaPrint.
definitely against the rules of what he should be doing as a security guard. But I'm not sure if it's against the law.
No, sitting there. In a large medical clinic all night long, he started to realize how many computers are in this building. And at the same time, he's fascinated with botnets and is trying to build one himself. So he gets the idea to try to get some of the computers in this clinic to join his botnet. All he would need to do is execute one tiny program on that computer and this would make it join his botnet.
So, during his night patrol, he would wander the halls and look for potential computers he could exploit, but each computer he came across was locked. Password protected. Unless you were a nurse or a doctor, you would not be able to unlock it, so he looked up how he could get into a locked computer and found a tool called off-crack.
See, Windows stores your password as a hash. Windows creates the hash when you set the password by running it through a special algorithm. But a hash only works in one direction. You can't take a hash and convert it back to a password. So whenever you enter your password, Windows runs it through that same hashing algorithm. And if the resulting hash matches the hash from when you created the password, the Windows knows you entered a matching password.
Offcrack looks at the hashes stored in Windows and tries to find a password that matches that hash. It's sort of a brute force password cracking method because it's going to look at millions of hashes to try to find one that matches the one in Windows.
Basically, off-crack is a way to find passwords for Windows computers. But what's more is that you could put an off-crack CD in a computer and boot to it and it'll try to search through the hashes in Windows to find a matching password to it. So, Ghost Exodus loaded off-crack on a CD and is botnet on a USB drive and he made his rounds through the clinic looking for a computer to sit down and use.
And he would put the off-crack CD in the tray, reboot the computer, wait for off-crack to find a password, then he'd write that password down, take the CD out, reboot the computer, and now he has the password to log in with. Once he's in, he'd pop the USB drive into the computer, and run the malware to join this computer to his botnet. And from there, he'd take the USB drive out, lock the computer, and walk away. He did it. It worked.
He had a new node on his botnet, so he went and did it again. But while he was doing it again, he realized this could be a good motivator for some of the other people in his hacking group to do this too. So he brought a little laptop with him to work, turned on the webcam for it, and made a video. Hey, what's up everybody? It's Coach Texas. You're on a mission with me, infiltration.
His video has this mission impossible music in it and he's got a hoodie on and he's walking around the building acting super suspicious like he's a spy. He's claiming it's an office he broke into. But you and I know this was the clinic where he worked as a security guard. I actually purposely avoid that video because it makes me really embarrassed.
It's a it's a propaganda video that was aimed at some of the younger generation some of the younger hackers because they're so easily impressionable. So I was trying to make this video to inspire them to emulate the things that I was showing in the video.
because I wanted them to spread our bots. He shows a key card that has the word security written on it with a marker. I tell my viewers that this was a key card that I swiped. In other words, I want them to believe that I stole it. He holds up a CD for the camera. It says off-crack on it. And he holds up a USB drive, which he says has the botnet on it.
He goes up the elevator, walks the halls, uses his keycard to get into places, finds a desk, and sits down. It's actually a nurse's station, but the video just seems like it's a typical office. He starts typing stuff on the keyboard, but then he stops and puts on latex gloves. Yeah, you know what's funny is I already start touching the computer before I put on the gloves. All of that was just theatrics.
He gets into the computer using off-crack, then plugs the USB stick into it, and begins copying files over to the computer. You can see all this on the video. The botnet he was using was called RXBot. It's an open source botnet made in C++ that anyone can just download and use. We had done our research with antivirus software, would detect the RXBot. And on some of these systems, you might actually
I don't know if it's in the video, but they had a McAfee antivirus, so I was disabling it. So he disabled the antivirus and ran the program to join his computer to the botnet. The script runs, then deletes itself, job's done. And there it goes, it's melted.
Now he was building this botnet so he could wage a denial of service attack on Isaac on July 4th, which was about a month away. So he released this video on YouTube to get other people to be inspired, to do similar acts, to build up his botnet. And what is the reaction from people when you dropped this video?
Um, it was mixed. There were some who had the right mind to tell me, you know, ghost, I don't think this is a good idea. Ghost, I think this is going to backfire. I'm like, no, no, it's not going to backfire. You know, I've never been caught. I'm never going to get caught. I'm too careful. Then there was other people, you know, those to who it was catered for was like, Oh, you're such a badass.
Oh, you know, you're so cool. No, where can we get this bot net? And that's what drove me is that type of reaction. I wanted people to, I wanted it to be controversial. You know, I didn't want it to just always go my way. And that was my objective to be controversial and to really just create this persona.
of controversy and I certainly did that to a T. Ghost Exodus would eventually install this botnet on 14 computers within the medical clinic. And then once they were installed, he would go back to the lobby where he would normally sit to do his job and he would open up his tiny laptop and from the security desk, he would tell his botnet to attack. Flooding the target computer with so many packets that it would take the target offline. I tested out the bots.
the botnet pool that we had accumulated back in June of 2009 during the Iranian presidential elections op Iran. So I used these bots in op Iran and in response to the death of Neda Agal Sultan that peaceful woman's rights professor had murdered. You know it didn't cause any significant damage
to the systems. I had actually used the bot several times from there. But yeah, after I had installed them, yeah, we had tested them out. On several occasions, I attacked 94 Chan with them, but I especially used them, like I said, in Op Iran.
When he would have his botnet all put together and enter a target victim and hit launch and see his target go down, this was the feeling of winning. It's euphoria. It's like winning the lottery.
Whatever chemicals are secreted by the brain whenever you're gambling, that's the same feeling. That's the same chemical reaction that is going on in my mind that just keeps me pathologically doing it over and over and over. It's this great gratification that it's like if you're not gratifying yourself in this fashion, then you're not relevant. Basically, you're like,
I don't know. It was a feeling of relevance, of the utmost relevance. I mean, you can't be thinking that this is going to play out right. You know, in some of my... I kept an online journal on vampirefreaks.com. This was a...
a feeling I had on the forefront of my mind at the time. I believe I'm going to be arrested. I knew that time was coming. After the break, we'll find out if Ghost Exodus' premonition comes true.
At this point, Ghost Exodus was posting screenshots of this HVAC computer that he hacked into in the clinic. He didn't say where this HVAC computer was that he accessed. He just wanted to flex a little and get some street cred that he hacked into a computer, and this one happened to control the heating and cooling of a building. There was a new recruit in the ETA, went by the moniker Immortal, and he had taken the screenshots of the HVAC
scatter software that I had taken and posted it on a security blog that
was seen by Wesley McGrew. So my name is Wesley McGrew. So that was 2009. At that time, I was a research associate at Mississippi State University, where I was working on a PhD dissertation on control system, industrial control system, and SCADA security. And so there was a tie in with that. And that's partially how I got involved with it.
No, Wesley, being a smart student, had a blog where he was just writing stories about information security. And sometimes hackers would write to him and call out other hackers or brag about what they did or just send him weird stuff to see if he would post it. Another member of the group who went by the name Immortal later, Hex, got in touch with me and was in touch with me for a good period of time, apparently just to brag about different things to see if I would write about them.
Immortal was claiming to be part of the electronic tribulation army and was boasting about what he had done and wondered Wesley to write about it. I guess Immortal wanted to be famous.
I was in touch with immortal over a period of I don't even know how long he would he would message me various things. The most memorable one of which being around about that time there was a North Korean missile test and he had it in his head that he wanted to to to hack North Korea just being very difficult due to their limited attack service. But he thought he'd done it. He thought he had found a target
for his attacks and he showed it to me by MSN messenger, AOL instant messenger, whatever it was at the time. And I had to let him know that, hey, this is a South Korean side. He didn't know the difference between North and South Korea. So that sort of sets the stage there for immortal. Later on, probably a few weeks after that, he was aware either from my side or from something that I had published that I was interested in.
industrial control systems and security. And so he sent me some screenshots of a system that he had claimed to have hacked. And it was screenshots of an HVAC system at a hospital. Wesley was writing his PhD thesis on the security of industrial control systems. So this really interested him. He began investigating it further. So at that point, all I had was a set of
PNG or JPEG screenshots, it's static screenshots. And what I saw in this was sort of the human machine interface of the SCADA system, showing operating rooms, showing the heating, ventilation, air conditioning, chillers for medicines and medical equipment and implants and things like that, that sort of stuff. And so that piqued my interest right there.
And I wanted to find out more about it, but not through talking to a moral. And so I started doing image searches and open source intelligence based off the pictures that I was seeing in these HMI screenshots. I was able to identify it as being the carol clinic. And I believe, I've never physically been there, but there are other facilities connected to it that use the same HVAC system.
And I was also able to find a forum post on a hacker forum where Ghost Exodus had posted these screenshots saying that he had hacked into these things. And while it was a thrill for Ghost Exodus to launch a DDoS attack on his targets, it was also a thrill for Wesley to try to track down who Ghost Exodus was.
Oh, it's very exciting, right? I mean, I don't think anybody, you know, I tell folks even now, you know, I don't do anything I don't enjoy, right? And so back then we worked for the forensics training center and loved investigating things, loved doing computer forensics, loved doing the open source thing, and still loved doing the open source intelligence thing. And so, so yeah, it was very, it was very exciting and interesting to do that sort of stuff. So much fun that it practically consumed Wesley.
From there, you know, I wanted to find out as much about ghost exodus as I could. That being a Thursday, I spent the rest through that weekend amount of time, so three, four days gathering as much as I could through open source intelligence, through searches and various anything I could.
to put together what wound up being two burned DVD pools of information about Ghost Exodus, who I didn't even know. Despite finding eight gigs worth of information, I didn't know his name.
I knew that he was a security guard at that hospital. I had the videos from YouTube of him putting malware onto the nurse's station computer. I had other videos that he had recorded while he was at work. Just, you know, gigs and gigs of stuff about him.
That following Monday, we contacted the Jackson, Mississippi FBI and handed that information over.
Now, the FBI likes handling bigger cases than this. Threats against the country or civilians or crimes over $1 million in damage. But the evidence that Wesley collected made it real easy for the FBI to follow up on. Like Ghost Exodus, how do you two video of him breaking into office buildings? I mean, come on, if a hacker is going to post videos like that and show their face and everything, they're definitely asking for a knock on the door, right? But also, the way Wesley framed it to the feds made it seem pretty important.
Right. Well, you know, I think this is a little bit different than a website defacement or some some active activism and that it from all the information and it's visible about this. It's a.
It's a health care facility, right? And so it's patient information. And so people's personal health care records are sensitive. And there is a potential for that to be exposed here or to be accessed in some unauthorized way, right? The HVAC system, the controls on that had the potential to spoil medicines, to cause them to have to
to re-sterilize equipment, to cause them to have to throw away implants that had gone above or below acceptable temperatures, things like that. So there's an impact to this to the victim organization. And I did not see this as sort of an act of activism that
had any particularly positive result, right? And so that sort of factors into the decision to report this, right? And so it's a report because, I mean, it's a crime and it seems to have, like it'll have a potential real impact on organizations and individuals.
So the FBI took Wesley's report and got to work. They did some Google searches and found Ghost Exodus' Gmail address. And from there, they searched for his Gmail address and found a Craigslist post that Ghost Exodus made, which had his resume on it, but not Ghost Exodus' real name. They contacted the security companies on his resume and then cross-referenced it with the security guards working for the Carroll Clinic. And just like that, they had the name of their suspect. Ghost Exodus was Jesse McGraw.
The FBI created an indictment for Jesse McGraw and got a warrant for his arrest. It's Friday evening at 11 o'clock PM on June 26, 2009. And one of the things I used to do was drive around the clinic just to make sure nobody was breaking in
into the underground parking garage. And I see this van and I'm thinking, ah, that's got to be the cleaning crews van. So I don't think much other. It's my last night. And I'm training a new employee who has never worked to shift the day in his life. It's my last night because I'm also about to start my new job at Global Data Guard as an entry level network security analyst.
So I'm driving around a park, I go inside and I meet the new employee and suddenly out of nowhere, I'm surrounded by about three FBI agents and two, I don't know, state police or senior police officers just shouting, you know, where's the gun? Where's the gun? Where's the gun? And I'm like, I mean, I lock up. I don't even know what's going on. I mean,
I still reel from that night. And I'm like, what gun? I'm like the one from your video. I'm like, which video? Now we're having a shouting match because we're trying to figure this out. It's like the one from your Myspace. I'm like, which Myspace? He pulls up his phone and looks. And I was like, oh, that's fake. Besides, I can't carry a gun here anyways.
And he's like, are you, are you Jesse McGraw? And I'm like, yes. It's like, are you ghost exodus? Like maybe? I can't remember, but I think that's what I said. But anyways, what I'm going to tell you is like being raided by the FBI, there's nothing quite like it. There's a, there's a level of sheer terror that they use to, you know, to immobilize
you know, people that they're putting under arrest and to get them to cooperate, to get them to confess. Just being swarmed like that, I still look over my shoulder to this very day. Even though I know that that type of thinking is irrational, I still get those feelings. It pretty much ended very quickly. Oh, they take me down to this station and then they interview me.
and never been arrested before. He says, if you confess to everything that you've done here, then maybe the judge will go easy on you. Here's a paper and pen. I know you're a good writer. And so I'm thinking, maybe if I confess to what I have done, I can go home. I didn't know that I would be incriminating myself. Like, this is what really sealed my fate. There was no way I could fight this case after I had self-incriminated.
You know, a lot of people think that once you've been arrested by law enforcement or the FBI or the Secret Service, that they've been watching you, they know everything about you, but that is not true. Because if they knew, then they would not need you to confess. And that's something that I had learned years later, was that one of the tactics that law enforcement use
other than fear is to convince you that things are going to go lenient, things are going to go and work in your favor as long as, you know, you confess. But by self-incriminating, like you're basically handing them, you know, you're basically signing your life away. I just didn't see it at the time. So you passed up? I confessed to everything that I had done in
you know, relation with the Crow clinic. The one thing I didn't do, and this is pretty well known, is that I did not give up my friends. The police didn't let him go home that day. They just put him right in jail. I'm transferred to Seagaville jail, where I remain for two years, as I'm fighting my case. And my first weekend jail, I was just so terrified.
I didn't shower for a week. I didn't eat hardly. I actually had my cellmate bring me food for a while." Once news spread of his arrest, Wesley blogged about this case, claiming he was the one who called the FBI and ghost exodus. As you can imagine, this had some consequences for Wesley.
You know, I had sex toys mailed to me. I had lots of phone calls. I had I have, you know, just gigs and gigs of crap here on my computer of logs of them talking about, you know, coming to my house and and kidnapping me and just various attacks just, you know,
Overall, more bluster than anything. I don't know that I ever felt personally, physically threatened by any of them, but there was a lot of talk and a lot of harassment from other members of McGraw's hacker group, the electronic tribulation army. Various members of that group would try to attack my website, denial service attacks,
And one of them, he went by the handle fixer. He was the main bad actor along those lines along the harassment lines.
And eventually he pled guilty to charges of CFA, Computer Fraud and Abuse Act, for denial of service attacks against my website in order to, is part of an agreement to have charges against him dropped for witness intimidation. And so that was sort of the, he was the main bad actor on that.
I mean, so when you're posting it publicly, did you kind of expect something like that?
I mean, I really don't know what to expect one way or the other. Obviously, that's the sort of thing that can happen. You would think that with the leader of your hacking crew, such as it is being arrested and having given the feds all the information about all the members of the group,
You'd think they'd be on their best behavior and wouldn't want any additional bad attention, but you know, there you go.
Ghost Exodus' court case dragged on and on. You might wonder why there would be such a lengthy trial, considering he had already confessed to hacking the clinic. Well, they were trying to pin extra things on him, like the cops were saying he hacked into NASA, but he was saying he didn't do that, and they wanted him to turn in other members of ETA so he could get less time, but he wasn't gonna turn anyone else in. So this went on for two years before his sentencing, and that whole time he was in jail.
On March 17th, 2011, is your sentencing. What did it give you? 110 months, which equals nine years. Nine years for two counts. One was hacking into that HVAC server, and the other was installing malicious code on the nurses stations. But remember, he only got into that HVAC computer because his Wi-Fi was spotty, and he wanted to browse the internet faster.
Not because he did anything bad to the HVAC system. I mean, okay, yes, he did. He wasn't supposed to install remote control software on that server, and he wasn't even supposed to access that system, and he did that. But he did it only to chat online and to shop. Not to be malicious and attack the clinic or anything else. You could compare this to him breaking into an office that he shouldn't have gone in just to watch TV or something.
But he was charged as if he stole stuff, caused damage or ruined something. So it's just odd here that his intent had nothing to do with his sentence.
The court was harsh on him because this was a medical clinic because what kind of jerk hacks into a medical clinic, right? The court showed how he had access to patient records and private info, but he insisted he never took any of that or looked at any private info at all. And he just used these computers to wage a denial of service attack on other computers. Nine years seems like an awfully long time.
But I think the court didn't recognize or understand the intent and use of these computers. They simply saw that someone hacked into a bunch of computers at a medical clinic, and this seemed to cloud their judgment of what that meant. I mean, people who are convicted of manslaughter often serve less than nine years. Not that I think ghost exodus should go without punishment, but nine years? Really? That just seems extra harsh.
So, he went to prison for a long, long time. And spending that long of a time in prison can really mess you up. Whenever you spend a long time in prison, you get used to the environment. You get used
It becomes a part of you, a part of your psyche. You're controlled on a minute-to-minute day-to-day, hour-to-hour basis. You become accustomed to violence, you become accustomed to all types of things that are only exclusive if you've ever been a prisoner.
At some point, he somehow sneakily borrowed a computer to contact his lawyer while he was in prison. When he was caught doing this, they threw him in the shoe, solitary confinement, where he had almost no interaction with other people, very little activity, and it's extra strict. He stayed a whole year in the shoe.
This affected him physically and psychologically fluids began collecting in his lungs and he began to lose weight and became very frail. He describes this experience as torture.
But after 13 months, he got out of the shoe and was able to serve normal prison time. And after seven and a half years in prison, they let him out on good behavior. And when he got out, he was able to connect with his wife. But he was a different person now. And she was a different person too. My family was very worried that I was playing them. Like, I hadn't really changed at all. Anytime I sat down at a computer,
Like my wife immediately began to panic. She thought I was hacking. And if I said I wasn't, she thought I was lying. Because these are things she was revisiting because that's how we used to be over a decade ago. So in her mind, I'm still playing the same games. I'm still, you know, playing them. But I wasn't. And while I was on home confinement, well, you know,
serving home confinement through a halfway house. You know, she's so afraid that I'm doing this again, that she kicks me out of the house, threatens to call the FBI to search my laptop. And I now realize like I'm in a dangerous situation. I'm financially codependent. I have nowhere to go.
At the same time, he had a friend who wanted to go to Nigeria to visit some friends and ultimately end up in Israel, which would be quite the adventure. Ghost Exodus knew this guy and thought this guy is not going to be able to make this kind of trip on his own. He was just a mama's boy, a cosmopolitan type of kid, very preppy. He'd never had any
and he doesn't have any street smarts. So the combination of ghost exodus needing a place to go and being afraid of the FBI and this guy wanting to leave the country, go to Nigeria, ghost decides to go to Nigeria with him. That's one of the things that I picked up in prison. It's like this need to escape because you spend years ruminating on leaving. And just the environment is so depressing, so stressful.
you constantly just daydream and fantasize about escaping. And so when you leave prison, sometimes you find yourself in that same feeling because you haven't fully acclimated back to society yet. And so I kind of carried that over when I was released.
And so the extremity of those thoughts or those actions were based on thoughts I had originally had while incarcerated. So what I ended up doing is I started doing research on cargo ships. Well, come to find out, leaving the country by cargo ships is the easiest way to come in and go. Undetected.
And so I end up getting this commercial marine tracking software and I end up finding a ship that just so happens to disable its automatic identification system. And usually when ships disable the AIS system, it's because they're engaged in some type of illegal, you know, trafficking activity in international waters. So I'm tracking this ship. I hop on a plane, go to Florida and
I amazingly manage to slip past border patrol and customs agents to actually get to the ship without a ticket, without, you know, being authorized, you know, with a passport ticket and a shuttle. And we go up there and I pose as an Israeli American.
And I explained to him that I am an ivory dealer and that I want them to take me to Nigeria.
To take me to Nigeria because my main goal was to try to start over in Israel, and I was afraid that customs would turn me back. No, I should point out here that when he flew from Texas to Miami, he violated his probation, wasn't allowed to leave the state. But at this point, he's standing at the docks with his traveling partner, talking to the captain, trying to get on this ship. I managed to get on this ship.
This ship was very interesting because this company is one of the biggest cargo shipping companies in the world, but they're also one of the dirtiest. This is why we specifically selected this as our means to leave the country because they don't have much of a conscience.
They've been busted several times, trafficking, you know, weapons to Russia, a disassembled tank to North Korea, and ivory to Florida. So I was like, you know what? This is the shipping company we need. So we get on board, and I explain to them, look, I know that you're disabling your AIS system. I know you won't really have a big problem, you know, taking us to Nigeria. But here's the deal.
I'm into ivory. I know that you're into ivory. You want to make a buck, take us to Nigeria. The captain said, you're going to have to pay if you want to ride, you know. And so the captain gave them a price. They tried to haggle this down, but they just couldn't get the price down to an amount that they could actually pay. So they didn't get a ride out of there. And they waited in Miami for the next ship to arrive, hoping that they might find a better rate. But by that time,
His travel partner had called his mom and told her what they were doing. And his mom thought it was Ghost Exodus, his idea to leave the country. So she called the police on Ghost Exodus. The police saw this was a violation of his probation to leave the state. So they issued a warrant for his arrest and went down to the docks and arrested him there. When I was leaving prison the second time, I had nowhere to go. I had basically burned every bridge I had.
And I still had probation to serve three years. So in my mind, I was thinking, you know what? I've been locked up for so long. I'm constantly worried. You know, I've never really decompressed from this experience. I just, even in society, I felt like I'm still locked up. I still feel that way. So having nowhere to go, I just said, you know what? Screw this. I'm just going to go on the run. And when they pick me up, they'll pick me up.
During that time, I lived in Teeterhill State Park. He was actually living in a forest, homeless at the time. My wife notified my mother. My mother was the one who notified my probation officer who called park authorities. And they actually freakin sent a drone to come and try to find me. Can you believe that?
I've never seen that before. I've never heard that type of wine that those drones made before. Just the thought of it just scared the living daylight out of me. And they did this for the better part of about a week looking for me, but they never found me. But then I found myself on a Greyhound bus going to Onalaska, Texas, which is by Goodrich and Lake Livingston. And I stayed there for about five months living in the forest. Then on my way back is when I got picked up.
Because of like a traffic stop or something. Exactly.
He was given two more years of prison time, but this time he would have no probation when he got out. The judge saw that he couldn't serve his probation, so he had to just stay in prison until all of his time was served. But after about a year and a half, he was let go on good behavior, which means now, in 2020, he's finally free, no probation, no prison, and he can focus on rebuilding his life.
He's currently a fry cook since he doesn't have a car and needs a job within walking distance. In total, he served nine years, eight months in prison, all because he installed malicious software on 14 nurse's stations and gained access to that HVAC server.
And it's ironic, since he did all that, inside the very building, he was supposed to be protecting from threats. As for what he plans to do next, he tells me he thinks his forensic examiner for his case was not very good, and it was one of the reasons why he got such a long incarceration. So he'd like to study digital forensics because he doesn't want an incompetent forensics examiner to ruin anyone else's life.
A big thank you to Jesse McGraw, Ghost Exodus, for coming on the show and sharing your story. Stay safe out there and good luck in your future. Also, thanks to Wesley McGrew for coming on and telling us your story. Wesley has finished his PhD in computer science and is now a director at Cyber Operations for a cybersecurity company.
If you're all caught up on Dark Knight Diaries episodes and want more, you're in luck. There are now six bonus episodes for Patreon subscribers. By supporting the show through Patreon, it tells me that this show brings value to you. It also shows a new ethic in supporting something you appreciate. So please visit patreon.com slash Dark Knight Diaries to unlock bonus episodes and an ad-free feed. Thank you very much.
The show is made by me, the local ghost, Jackary Cider. Original music and sound design was done by the Quickblade and Drew Meriwether. Editing helped this episode by the megabyte-er, Damien. And our theme music is by the bloop, bloop, bloop, brake master cylinder. And even though there's some CEOs somewhere out there that are just now figuring out what blockchain is and think it's a cutting-edge technology. When actually it's 10 years old now, this is Darknet Diaries.