Hacker Conversations: Jesse McGraw (GhostExodus), From Blackhat Hacker to Redemption
Jesse McGraw isnât a hacker; at least, not by his own definition. He accepts he was a hacker, and a blackhat hacker, and that he still retains the mindset of a hacker. But he is no longer a hacker, he says.
Early days
He realized he was a hacker while in high school. âMy one and only friend was a hacker, and I had never seen anything like what he did.â Before then, McGraw had thought computers were just something used for word processing; a tool that could be used for its intended purpose. Then he saw this person programming in math class.
âHe was programming, and Iâd never seen anything like that. Then heâs using a tool that he programmed in math class to pivot across the network into some type of protected file system used by the school. And I just thought, âWhat are you doing?ââ
That was McGrawâs first introduction into hacking, even though he didnât understand what it was. âHe and I became friends, and the longer I spent around him, the more I began to understand that technology, for want of a better phrase, can be bent to oneâs will. It can be circumvented. All the rules can be broken.â
He soon learned he didnât really need the tools to do this. âIn the beginning, I used social engineering in order to gain access to remote systems when I was just a teenager. But it was that mentality that helped me understand systems based on rules can have those rules broken to produce unexpected outcomes.â
But how and why did he grow from this relatively innocent introduction to become the blackhat hacker who was later convicted and imprisoned for eleven years?
For background, it is worth noting that McGrawâs childhood was similar to many other hackers â a deep sense of isolation. For some, this stemmed from their ASD. McGraw is similarly neurodiverse (as we shall discuss later), but he primarily attributes his own isolation to a lack of bonding with his parents.
At the time he was born, âMy father was a heroin dealer. My mother was a dancer. They were both very young parents, very irresponsible. And I guess you could say I didnât really bond with my parents. I didnât have an emotional connection with them.â By the time he got to school, âI didnât know how to look normal. I was received in high school like someone who did not belong there.â
This explains his earlier comment, âMy one and only friendâŚâ, and how important the relationship was to his development as a hacker.
âAs hackers grow in skills and experience,â he explains, âthey start to expand and hit bigger targets. I never hacked for monetary gain, I didnât steal peopleâs identities or their data, I just did it for the thrill of joyriding on their systems.â At that time, he had no concept of morality in what he was doing: âI didnât have any set of standards that would have said, âHey, this is where I would be crossing the line.ââ
This is interesting on two counts. First of all, many hackers have no initial perception of morality or immorality in what they do â it just doesnât occur to them.
âFundamentally, I was still a blackhat because I didnât have any rules. But if I could do it, I would do it â thatâs the mentality I had. It had a lot to do with being young, and not fully understanding the consequences of my actions, the legal repercussions, the impact, the victim impact. These are things that hackers often donât consider, because theyâre sitting behind a computer. They donât see the human being on the other side of the machine, the life that has been disrupted. So, you know, hackers do these things because they donât see the victim impact.â
Secondly, it helps explain his later perception of hacking. Hacking is simply breaking the rules. Intention or motivation is irrelevant. Breaking rules is the defining characteristic. Intention and motivation indicate sub-classes of a hacker used to influence societyâs desire for complex labels, so that good intent is âwhitehatâ while bad intent is âblackhatâ. This is slightly complicated by the suggestion that if the rules being broken are legal rules rather than technology rules, it is blackhat hacking regardless of the intention or motivation.
His definition is then further complicated by âsubjectivityâ: actions are often categorized by the viewpoint of the observer. Consider activism. A description of activism alone will depend on the observerâs own standpoint, whether as a supporter of change, or a supporter of the status quo. Hacktivism is activism by computer that incorporates breaking the rules of computing. Such hacktivism is automatically hacking. But the intent is subjective to the observer, and only those opposed to the intent are likely to automatically consider it bad.
But for McGraw it is simple: âFundamentally, it is still criminal, whether the attack feels justified or not; so, it would still fall under a blackhat label.â While activism isnât automatically bad, hacktivism always is.
The subjectivity element becomes even more complex if the act covers two separate jurisdictions with two possibly different legal rules. In 2017, Putin said that âpatriotic Russian citizens acting independentlyâ may have been involved in the alleged Russian interference in the 2016 US presidential election. Whether they were patriotic Russians or elite nation-state attackers, it was effectively hacktivism on an industrial scale.
âTo Americans, they would be bad guys from Russia. But if we were Russian, we would probably consider them good guys. Itâs difficult to put it into a moral box, but in the grand scheme of things, itâs still hacktivism.â Which in McGrawâs definition is a criminal act and automatically blackhat hacking regardless of jurisdiction or motive.
Neurodivergence
Beyond early amorality, another characteristic common to many hackers is neurodivergence. Is McGraw neurodivergent?
âYes, I am. And itâs funny you ask that, because this is something I look out for. In all the hacker spaces I observe or interact with, most of the people I come across are neurodivergent. I think neurodivergence is an important component of what we find in hacker spaces.â Neurodivergents sometimes simply refer to neurotypical people as ânormiesâ.
Given the high percentage of neurodivergence among hackers, it is easy to speculate on any relationship between the two. Most hackers do not accept there is any causal relationship involved â but does it influence the direction of individual people, hackers in general, and McGraw in particular? âIt probably did,â he suggests.
âOne of the things that keeps hackers going is the jackpot thrill, the dopamine effect you get when you hit a huge target. It feels absolutely incredible, but then youâve got to do it again and again and again, until that dopamine starts to wane. So, you try to hit bigger targets, you raise the bar and chase the thrill and hit bigger and bigger and bigger.â
An important element here is that most neurodivergents believe the variance delivers a âsuperpowerâ, the ability to hyperfocus on a single subject over a long period. If a person has an interest in how computers communicate, a hyperfocused neurodivergent person could obsess, and a neurodivergent hacker could find flaws that a normie might miss.
âMy ability to hyperfocus and obsess for days on end without sleep⌠I could stay up for days. No drugs.â (Apart, perhaps, from caffeine and sugar.) âIâd just stay awake on pure excitement and thrill, and just keep going and learning, and then burn out, and then do it again.â The implication is that neurodivergence does not create hackers but assists hackers in hacking â and for McGraw it was an important part of chasing his dopamine hit from ever-bigger targets.
The redemption of a blackhat
Jesse McGraw was redeemed by being caught. His attacks were getting bigger and bigger, and risks were more and more outrageous. At the time of his arrest, he was known online as GhostExodus and led a hacker group called the Electronik Tribulation Army (ETA). A separate group, Anonymous â or parts of it that have little association with the somewhat romantic view that has grown around Anonymous â was attacking ETA, and went so far as to dox one of the members, leaking personal family details including SSN, court records, divorce details, address, etcetera.
This was too much. ETA needed to respond but needed a powerful botnet to do so. At the time, McGraw was working as a night security guard at the North Central Medical Plaza in Dallas. Lots of computers with no one else around. He easily hacked into more than 14 individual computers, including the HVAC (SCADA) computer. It should have been a successful insider attack â but for the risk he took: âthe infamous, ridiculous and impossibly stupid video that I madeâ, and posted on YouTube. Such videos were common practice among hackers; but he exposed his face.
Meanwhile, Wesley McGrew was a researcher. âHe was working on his PhD â I think it was at Mississippi State University â and he was doing a dissertation on SCADA systems, and I was actually attacking a SCADA system.â McGrew recognized the equipment in the background of the video, realized it was a genuine medical facility, and contacted the FBI. âHe used open source intelligence to assist the FBI in de-anonymizing my identity to the best of his ability, and the FBI did the rest.â
He had planned the attack for July 4, 2009. The ETA called July 4 âDevilâs Nightâ, âthe day that we would celebrate our independence from the government, from tyranny and all this other stuff that anarchists idealize.â Thatâs why he needed the video, to make ETAâs response to Anonymous something big, viral.
But he was arrested just days before Devilâs Day, and in 2011 he was sentenced to 110 months, amounting to 11 years with his pretrial detention. This was a heavy sentence for hacking, but in effect he was sentenced not for what he did, nor why he did it, but because of the potential damage to the medical clinic and its patients if anything went wrong.
So, is fear of the law what stopped him continuing as a blackhat? âNo,â he says. âI donât have a fear of the law. What I would say is that it was a consequent understanding of the mechanics of causality. This is not a mindset that I had in my youth. I never questioned what the legal consequences could be, or who it could affect. The victim impact is now central to what I do today.â
The realization of the consequence of causality didnât simply stop McGraw hacking, it reversed the motivation part of his mindset. The victims are now uppermost in his mind, and his purpose is to prevent victimization and to protect victims. He does this entirely without hacking; that is, without breaking any rules around computers and their use. And he uses the same methods to expose the worst predators as Wesley McGrew (who he now considers a friend) used to expose him: OSINT, not hacking.
âMy group specializes exclusively in open source intelligence for online child safety work. So, we try to empower child victims. We identify predators on the internet and report them to authorities. We also provide educational material for parents and children.â
He adds, âInstead of gaining unauthorized access, I just use OSINT to gather data from information already in the public domain instead of stealing it. I have no desire to be my old self and call myself a hacker or to break the law.â If anything, he describes himself as a âred hatâ, an emerging term that is neither blackhat nor whitehat because it doesnât involve hacking, but nevertheless âtargetsâ bad or potentially bad guys.
âIâm forty-one now, and my joyriding days on other peopleâs computers have long expired. Now I use my knowledge to help people, to empower victims, and to help current activists understand what the law says and what they shouldnât be doing â to help keep people from attacking industrial control systems, the healthcare sector, education, and things like that.â
He has become an advocate for legal and responsible computer use, acting as a bridge between the legitimate security industry and the underground hacker scene. He does podcasts. He takes part in a feature-length cyberwar documentary produced by Semperis, and also featuring David Petraeus, Jen Easterly, Richard Stiennon, Marcus Hutchins and more.
âIâve found my place in the world after my time spent in prison and am now a cybersecurity researcher and advocate. I still think outside of the box like an adversary, but part of what I do now is to understand the infrastructure that we daily rely on, in order to protect it.â
Jesse McGraw has been redeemed. He is no longer a blackhat hacker and doesnât think of himself as a hacker. But he still has the mindset of a hacker, and he uses that to the full in his advocacy. I would be tempted to suggest he is still a hacker â the hacker mindset is sufficient â just no longer a computer hacker.
Related: Hacker Conversations: Alex Hall, One-Time Fraudster
Related: Hacker Conversations: McKenzie Wark, Author of A Hacker Manifesto
Related: Hacker Conversations: Frank Trezza â From Phreaker to Pentester
Related: Hacker Conversations: Joe Grand â Mischiefmaker, Troublemaker, Teacher
How it works
Once you click Generate, Ollama reads this article and crafts 5 comprehension questions. Your answers are graded against the article content â general knowledge won't be enough. Score 70+ to count toward your certificate.
Questions are cached â you'll always get the same 5 for this article.