Hacker Conversations

Hacker Conversations: Jesse McGraw (GhostExodus), From Blackhat Hacker to Redemption

Once a notorious blackhat hacker, McGraw shares his journey from high school hacking and prison to redemption as a cybersecurity advocate.

Hacker Conversations: Jesse McGraw

Jesse McGraw isn’t a hacker; at least, not by his own definition. He accepts he was a hacker, and a blackhat hacker, and that he still retains the mindset of a hacker. But he is no longer a hacker, he says.

Early days

He realized he was a hacker while in high school. “My one and only friend was a hacker, and I had never seen anything like what he did.” Before then, McGraw had thought computers were just something used for word processing; a tool that could be used for its intended purpose. Then he saw this person programming in math class.

“He was programming, and I’d never seen anything like that. Then he’s using a tool that he programmed in math class to pivot across the network into some type of protected file system used by the school. And I just thought, ‘What are you doing?’”

That was McGraw’s first introduction into hacking, even though he didn’t understand what it was. “He and I became friends, and the longer I spent around him, the more I began to understand that technology, for want of a better phrase, can be bent to one’s will. It can be circumvented. All the rules can be broken.”

He soon learned he didn’t really need the tools to do this. “In the beginning, I used social engineering in order to gain access to remote systems when I was just a teenager. But it was that mentality that helped me understand systems based on rules can have those rules broken to produce unexpected outcomes.”

But how and why did he grow from this relatively innocent introduction to become the blackhat hacker who was later convicted and imprisoned for eleven years?

Advertisement. Scroll to continue reading.

For background, it is worth noting that McGraw’s childhood was similar to many other hackers – a deep sense of isolation. For some, this stemmed from their ASD. McGraw is similarly neurodiverse (as we shall discuss later), but he primarily attributes his own isolation to a lack of bonding with his parents. 

At the time he was born, “My father was a heroin dealer. My mother was a dancer. They were both very young parents, very irresponsible. And I guess you could say I didn’t really bond with my parents. I didn’t have an emotional connection with them.” By the time he got to school, “I didn’t know how to look normal. I was received in high school like someone who did not belong there.”

This explains his earlier comment, ‘My one and only friend…’, and how important the relationship was to his development as a hacker.

“As hackers grow in skills and experience,” he explains, “they start to expand and hit bigger targets. I never hacked for monetary gain, I didn’t steal people’s identities or their data, I just did it for the thrill of joyriding on their systems.” At that time, he had no concept of morality in what he was doing: “I didn’t have any set of standards that would have said, ‘Hey, this is where I would be crossing the line.’”

This is interesting on two counts. First of all, many hackers have no initial perception of morality or immorality in what they do – it just doesn’t occur to them. 

Jesse McGraw (GhostExodus)

“Fundamentally, I was still a blackhat because I didn’t have any rules. But if I could do it, I would do it – that’s the mentality I had. It had a lot to do with being young, and not fully understanding the consequences of my actions, the legal repercussions, the impact, the victim impact. These are things that hackers often don’t consider, because they’re sitting behind a computer. They don’t see the human being on the other side of the machine, the life that has been disrupted. So, you know, hackers do these things because they don’t see the victim impact.”

Secondly, it helps explain his later perception of hacking. Hacking is simply breaking the rules. Intention or motivation is irrelevant. Breaking rules is the defining characteristic. Intention and motivation indicate sub-classes of a hacker used to influence society’s desire for complex labels, so that good intent is ‘whitehat’ while bad intent is ‘blackhat’. This is slightly complicated by the suggestion that if the rules being broken are legal rules rather than technology rules, it is blackhat hacking regardless of the intention or motivation. 

His definition is then further complicated by ‘subjectivity’: actions are often categorized by the viewpoint of the observer. Consider activism. A description of activism alone will depend on the observer’s own standpoint, whether as a supporter of change, or a supporter of the status quo. Hacktivism is activism by computer that incorporates breaking the rules of computing. Such hacktivism is automatically hacking. But the intent is subjective to the observer, and only those opposed to the intent are likely to automatically consider it bad.

But for McGraw it is simple: “Fundamentally, it is still criminal, whether the attack feels justified or not; so, it would still fall under a blackhat label.” While activism isn’t automatically bad, hacktivism always is.

The subjectivity element becomes even more complex if the act covers two separate jurisdictions with two possibly different legal rules. In 2017, Putin said that “patriotic Russian citizens acting independently” may have been involved in the alleged Russian interference in the 2016 US presidential election. Whether they were patriotic Russians or elite nation-state attackers, it was effectively hacktivism on an industrial scale.

“To Americans, they would be bad guys from Russia. But if we were Russian, we would probably consider them good guys. It’s difficult to put it into a moral box, but in the grand scheme of things, it’s still hacktivism.” Which in McGraw’s definition is a criminal act and automatically blackhat hacking regardless of jurisdiction or motive.

Neurodivergence

Beyond early amorality, another characteristic common to many hackers is neurodivergence. Is McGraw neurodivergent? 

“Yes, I am. And it’s funny you ask that, because this is something I look out for. In all the hacker spaces I observe or interact with, most of the people I come across are neurodivergent. I think neurodivergence is an important component of what we find in hacker spaces.” Neurodivergents sometimes simply refer to neurotypical people as ‘normies’.

Given the high percentage of neurodivergence among hackers, it is easy to speculate on any relationship between the two. Most hackers do not accept there is any causal relationship involved – but does it influence the direction of individual people, hackers in general, and McGraw in particular? “It probably did,” he suggests.

“One of the things that keeps hackers going is the jackpot thrill, the dopamine effect you get when you hit a huge target. It feels absolutely incredible, but then you’ve got to do it again and again and again, until that dopamine starts to wane. So, you try to hit bigger targets, you raise the bar and chase the thrill and hit bigger and bigger and bigger.”

An important element here is that most neurodivergents believe the variance delivers a ‘superpower’, the ability to hyperfocus on a single subject over a long period. If a person has an interest in how computers communicate, a hyperfocused neurodivergent person could obsess, and a neurodivergent hacker could find flaws that a normie might miss.

“My ability to hyperfocus and obsess for days on end without sleep… I could stay up for days. No drugs.” (Apart, perhaps, from caffeine and sugar.) “I’d just stay awake on pure excitement and thrill, and just keep going and learning, and then burn out, and then do it again.” The implication is that neurodivergence does not create hackers but assists hackers in hacking – and for McGraw it was an important part of chasing his dopamine hit from ever-bigger targets.

The redemption of a blackhat

Jesse McGraw was redeemed by being caught. His attacks were getting bigger and bigger, and risks were more and more outrageous. At the time of his arrest, he was known online as GhostExodus and led a hacker group called the Electronik Tribulation Army (ETA). A separate group, Anonymous – or parts of it that have little association with the somewhat romantic view that has grown around Anonymous – was attacking ETA, and went so far as to dox one of the members, leaking personal family details including SSN, court records, divorce details, address, etcetera.

This was too much. ETA needed to respond but needed a powerful botnet to do so. At the time, McGraw was working as a night security guard at the North Central Medical Plaza in Dallas. Lots of computers with no one else around. He easily hacked into more than 14 individual computers, including the HVAC (SCADA) computer. It should have been a successful insider attack – but for the risk he took: “the infamous, ridiculous and impossibly stupid video that I made”, and posted on YouTube. Such videos were common practice among hackers; but he exposed his face.

Meanwhile, Wesley McGrew was a researcher. “He was working on his PhD – I think it was at Mississippi State University – and he was doing a dissertation on SCADA systems, and I was actually attacking a SCADA system.” McGrew recognized the equipment in the background of the video, realized it was a genuine medical facility, and contacted the FBI. “He used open source intelligence to assist the FBI in de-anonymizing my identity to the best of his ability, and the FBI did the rest.”

He had planned the attack for July 4, 2009. The ETA called July 4 ‘Devil’s Night’, “the day that we would celebrate our independence from the government, from tyranny and all this other stuff that anarchists idealize.” That’s why he needed the video, to make ETA’s response to Anonymous something big, viral. 

But he was arrested just days before Devil’s Day, and in 2011 he was sentenced to 110 months, amounting to 11 years with his pretrial detention. This was a heavy sentence for hacking, but in effect he was sentenced not for what he did, nor why he did it, but because of the potential damage to the medical clinic and its patients if anything went wrong.

So, is fear of the law what stopped him continuing as a blackhat? “No,” he says. “I don’t have a fear of the law. What I would say is that it was a consequent understanding of the mechanics of causality. This is not a mindset that I had in my youth. I never questioned what the legal consequences could be, or who it could affect. The victim impact is now central to what I do today.”

The realization of the consequence of causality didn’t simply stop McGraw hacking, it reversed the motivation part of his mindset. The victims are now uppermost in his mind, and his purpose is to prevent victimization and to protect victims. He does this entirely without hacking; that is, without breaking any rules around computers and their use. And he uses the same methods to expose the worst predators as Wesley McGrew (who he now considers a friend) used to expose him: OSINT, not hacking.

“My group specializes exclusively in open source intelligence for online child safety work. So, we try to empower child victims. We identify predators on the internet and report them to authorities. We also provide educational material for parents and children.”

He adds, “Instead of gaining unauthorized access, I just use OSINT to gather data from information already in the public domain instead of stealing it. I have no desire to be my old self and call myself a hacker or to break the law.” If anything, he describes himself as a ‘red hat’, an emerging term that is neither blackhat nor whitehat because it doesn’t involve hacking, but nevertheless ‘targets’ bad or potentially bad guys.

“I’m forty-one now, and my joyriding days on other people’s computers have long expired. Now I use my knowledge to help people, to empower victims, and to help current activists understand what the law says and what they shouldn’t be doing – to help keep people from attacking industrial control systems, the healthcare sector, education, and things like that.”

He has become an advocate for legal and responsible computer use, acting as a bridge between the legitimate security industry and the underground hacker scene. He does podcasts. He takes part in a feature-length cyberwar documentary produced by Semperis, and also featuring David Petraeus, Jen Easterly, Richard Stiennon, Marcus Hutchins and more.

“I’ve found my place in the world after my time spent in prison and am now a cybersecurity researcher and advocate. I still think outside of the box like an adversary, but part of what I do now is to understand the infrastructure that we daily rely on, in order to protect it.”

Jesse McGraw has been redeemed. He is no longer a blackhat hacker and doesn’t think of himself as a hacker. But he still has the mindset of a hacker, and he uses that to the full in his advocacy. I would be tempted to suggest he is still a hacker – the hacker mindset is sufficient – just no longer a computer hacker.

Related: Hacker Conversations: Alex Hall, One-Time Fraudster

Related: Hacker Conversations: McKenzie Wark, Author of A Hacker Manifesto

Related: Hacker Conversations: Frank Trezza – From Phreaker to Pentester

Related: Hacker Conversations: Joe Grand – Mischiefmaker, Troublemaker, Teacher

Related Content

Hacker Conversations

Chris Thompson's journey took him from hacking game controls as a teenager to founding IBM’s X-Force Red team.

Hacker Conversations

From building LED bulbs to graduating college and buying a house with money earned from bug bounties.

Artificial Intelligence

AI red team specialist details his methods for manipulating AI guardrails through jailbreaking and data poisoning, helping developers harden machine learning models.

Hacker Conversations

Harris is a hacker with a rebellious spirit and a willingness to break rules in the pursuit of his purpose – but without causing...

Hacker Conversations

A Belgian national, De Ceukelaire’ did not set out to be a hacker. Like many hackers he was born with the potential to become...

Hacker Conversations

Day became a professional hacker by choice. But that doesn’t mean he isn’t a natural hacker.

Hacker Conversations

From dismantling online games as a child to uncovering real-world vulnerabilities, Katie Paxton-Fear explains how autism, curiosity, and a rejection of ambiguity shaped her...

Fraud & Identity Theft

A first-person journey from undetected fraud to defending trust—how life events, neurodiversity, and hard-won insight shaped a former fraudster into a fraud fighter.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version