Student's Research Leads FBI to Foil Planned Attack on Medical Clinic

Mississippi State computer science student Wesley McGrew's cooperation with the FBI led to the recent arrest of a Texas man accused of planning a major attack on a Dallas medical facility on Saturday.

McGrew, a doctoral student in computer science at MSU, turned over his research related to a computer hacker to a FBI agent in Jackson about two weeks ago, who then passed on info to the Dallas bureau to investigate possible federal crimes.

McGrew, also a research assistant at MSU's Critical Infrastructure Protection Center, often communicates with hackers but researches only a small percentage of those he interacts with online. However, one element proved different this time-a hacker showed evidence of threatening public health and safety. The hacker used multiple aliases, including "GhostExodus" and "PhantomExodizzmo" when posting threats on online forums about breaking into the Carrel Clinic in Dallas.

Online bragging by the hacker mentioned control and escape computer systems responsible for critical infrastructure that could jeopardize lives, if compromised. The hacker bragged about breaking into the facility's heating ventilation and air condition computer system with plans for a serious attack that could harm patients at the clinic, along with affecting medications kept at specific temperatures.

The hacker's arrogance, including a public MySpace profile and YouTube videos, among other online public information, coupled with McGrew's digital detective work, assisted the FBI in preventing a major crime.

FBI special agents identified the computer hacker as Jesse William McGraw of Arlington, Texas, who posted detailed information about plans for a "Devil's Day" attack, referring to an organized "distributed denial of service," a type of computer attack in which an unauthorized person takes control of secured computers and uses them for malicious attacks. McGraw remains in federal custody waiting for a grand jury to determine whether to issue an indictment.

While only one letter separates the spelling of MSU student McGrew and former security guard McGraw, worlds separate actions and intent of the two men.
Having earned bachelor and master's degrees in computer science, McGrew focuses on computer security in his doctoral studies with particular interests in vulnerability analysis and penetration testing in computer systems.

By contrast, McGraw is accused of leading a double life while he worked as a guard in Dallas for a security company providing security services for the Carrell Clinic, which specializes in orthopedic surgeries and other medical services. A member of a computer hacking group called Electonik Tribulation Army, McGraw posted videos and online comments boasting of breaking into classified computers where he worked and his plans for a larger attack, an FBI affidavit reports.

Further, McGraw informed his supervisor at the security company that his last day of work at medical clinic would be Friday, a day before the scheduled attack. Thanks to McGrew's sleuthing abilities and assistance to the FBI, McGraw's employment ended even sooner.

While an MSU student, McGrew has gained notoriety in the department of computer science and engineering for some of his work in computer vulnerability. He discovered a major software flaw in 2008 found in many major critical infrastructure computer programs. In fact, the flaw he discovered then is similar to the flaw found in the computer security system of the Dallas clinic. The National Security Agency was notified immediately of McGrew's discovery. Shortly thereafter, the Department of Homeland Security broadcast an alert that included information on how to correct the issue related to the software flaw.

Ray Vaughn, head of MSU's department of computer science and engineering and director of the Critical Infrastructure Protection Center, said McGrew is one of the most capable students he has mentored. He said young researchers like McGrew ensure the university's reputation in the field remains strong.