July 13, 2005 7:11 AM PDT

Alleged hacker: U.S. defense sites poorly secured

Related Stories

Alleged hacker faces extradition to U.S.

June 8, 2005

DOJ indicts alleged British hacker

November 12, 2002
A British man facing possible extradition to the United States says poor security was a major factor in his ability to have wandered through the IT systems of some key defense establishments.

Gary McKinnon, who is accused of hacking and causing damage to federal defense systems, also said that his actions, far from intending to cause harm, all started as an innocent attempt to prove that the U.S. Defense Department knows of the existence of extraterrestrials. Later he was driven by suspicions about federal policies and actions in the wake of the Sept. 11, 2001, terror attacks.

Gary McKinnon
Gary McKinnnon

In an interview with ZDNet UK, McKinnon, who is out on bail pending an extradition hearing later in July, said that he was "frightened" to find U.S. defense systems were open to "people from all over the world."

He claims that in one system he found that the local administrator's password was blank. Those in charge of the system, McKinnon said, had used "image-based installation techniques where most of the machines have the same BIOS, the same hard drive, the same hardware specification" just applied across different systems.

"So you don't even need to become domain administrator," he said. "That's 5,000 machines all with a blank system-level administrator password."

McKinnon said that there was no malicious intent in anything he did. "They might say that my installing a remote control program opened them up," he said, "but it didn't. The access was already there. I didn't even have to crack passwords."

McKinnon faces charges alleging "fraud and related activity in connection with computers" and covering the U.S. Army, Navy, Air Force and NASA. Some of the most serious allegations are that he did "intentionally cause damage without authorization by impairing the integrity and availability of data, programs systems and information," which possibly cost the authorities $35,000.

If extradited and convicted, McKinnon could be sentenced to up to 70 years in jail.

McKinnon now faces a long battle to stay out of the U.S. courts, but he says he is starting to receive a lot of support.

"For a few days (after the extradition attempt was announced in June), it was very dark. But I am feeling quite up now," he said. "We have been talking to Boris Johnson (a Conservative member of Parliament), who is leading an early-day motion against the 2003 Extradition Act along with the (NatWest Three)...so together we are trying to get a judicial review going and to change the law."

The NatWest Three is a group of former workers at U.K.-based NatWest Bank who are fighting extradition to the United States on charges related to the Enron financial scandal.

While others are fighting on McKinnon's behalf, he is left to do what he can at home--without the use of the Internet, as this would violate his bail conditions.

He was first investigated under the U.K.'s Computer Misuse Act in 2002 and released without being charged. McKinnon maintains that he has done nothing wrong with computers ever since. He maintains that the U.S. charges relate to activities he engaged in before he was investigated by the U.K. authorities.

Click here to read the full interview, including details McKinnon said he found of UFO evidence and antigravity technology.

Colin Baker of ZDNet UK reported from London.

4 comments

Join the conversation!
Add your comment
Is there a lesson to be learned here for the Government
I think so. Instead of looking at this guy like he was trying to
help, you turn it around on him. Thats' not right.

It's the government's IT system that is at fault here, not this guy.
So I hope that all branches of the Government learned
something from this story.

How about working with the guy to make sure our systems are
secure, rather than creating a rash of angry hackers (information
specialists) who's already disgruntled at an already unstable and
devious govenment.

Maybe it's time to start looking at people like this as assets,
people you can use to better yourselves and your systems. Or is
throwing them in jail and wasting taxe money a better
alternative than security?

Only our government can answer these questions. Image this,
what if he didn't get caught, maybe the next hacker to exploit
the government will be working for terroists?

-Justin
Posted by OneWithTech (196 comments )
Reply Link Flag
Is there a lesson to be learned here for the Government
I think so. Instead of looking at this guy like he was trying to
help, you turn it around on him. Thats' not right.

It's the government's IT system that is at fault here, not this guy.
So I hope that all branches of the Government learned
something from this story.

How about working with the guy to make sure our systems are
secure, rather than creating a rash of angry hackers (information
specialists) who's already disgruntled at an already unstable and
devious govenment.

Maybe it's time to start looking at people like this as assets,
people you can use to better yourselves and your systems. Or is
throwing them in jail and wasting taxe money a better
alternative than security?

Only our government can answer these questions. Image this,
what if he didn't get caught, maybe the next hacker to exploit
the government will be working for terroists?

-Justin
Posted by OneWithTech (196 comments )
Reply Link Flag
Hire him! Duh!
Put him to work and fix the system. Why goverment data is not on Internet 2 instead I dont know...

Kieran Mullen
Posted by kieranmullen (1070 comments )
Reply Link Flag
Hire him! Duh!
Put him to work and fix the system. Why goverment data is not on Internet 2 instead I dont know...

Kieran Mullen
Posted by kieranmullen (1070 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.