As international Cybercrime increases, internal threats are still a concern. It used to be that internal threats were your networks primary threat. But with the huge increase of foreign hackers and cyber crime, internal threats have really started to fall from many corporation’s top risk spot.
But unfortunately, internal risks are still alive and well as the above video shows. According to Wired.com, the above video is of Jesse William McGraw installing a botnet on network systems at the Northern Central Medical Plaza in Dallas. When watching the video, it is stunning how he seemingly moves around the facility at will. How can this be?
Well, McGraw is the night security guard.
But that is not all, he also was the leader of a hacker group called the Electronik Tribulation Army. In the video, that he posted to YouTube, you can see him move around the facility with his Ophcrack CD (used for cracking passwords) and the botnet on a usb flash drive. You can also see the blue of his security uniform underneath his grey sweatshirt.
He uses his security card to gain access to different areas, and then proudly shows the viewers a workstation screen as he removes the anti-virus from the system, and then installs the botnet. At the end of the video, you can see that he accesses the newly infected machines remotely. Apparently his hacking group used the botnet machines to attack rival hacking groups which included Anonymous.
The botnet he used, called Rxbot is a variant of the IRC Agobot botnet. According to Wikipedia most agobots have the following features:
- Password Protected IRC Client control interface
- Remotely update and remove the installed bot
- Execute programs and commands
- Port scanner used to find and infect other hosts
- DDoS attacks used to takedown networks
The Agobot may contain other features such as:
- Packet sniffer
- Polymorphic code
- Rootkit installer
- Information harvest
- Email Addresses
- Software Product Keys
He also installed the remote desktop software “LogMeIn” on the hospital’s Windows based HVAC system. The combination of the two is not really the kind of software you want sitting around on your corporate network.
Cudos go out to R. Wesley McGrew, of McGrew Security, who notified the FBI of McGraw’s antics when he found screenshots of the hospital’s HVAC system online. McGraw has since been sentenced to 9 years and 2 months in prison.