British hacker shines light on poor IT security
The British hacker facing extradition to the US on charges of hacking and causing damage to US defence sites has highlighted poor security as a major factor in his ability to wander through the IT systems of some key defence establishments.
Far from intending to cause harm, Gary McKinnon says it all started as an innocent attempt to prove that the US defence department knows of the existence of extraterrestrials.
In an interview with ZDNet UK, McKinnon, who is on bail pending a hearing over his extradition case later in July, said that he was "frightened" to find US defence systems were open to "people from all over the world".
He claims that in one system he found that the local system administrator's password was blank. Those in charge of the system had used "an image based installation techniques where most of the machines have the same BIOS, the same hard drive, the same hardware specification" just applied across different systems, he said.
"So you don’t even need to become domain administrator. That’s 5,000 machines all with a blank system level administrator password".
McKinnon claims that there was no malicious intent in anything he did. "They might say that my installing a remote control program opened them up," he said, "but it didn't. The access was already there. I didn’t even have to crack passwords".
The charges McKinnon faces are serious, alleging "fraud and related activity in connection with computers" and covering the US Army, Navy, Air Force and NASA. Some of the most serious allegations are that he did "intentionally cause damage without authorisation by impairing the integrity and availability of data, programs systems and information" which possibly cost the authorities $35,000 (£20,000).
If extradited and convicted, McKinnon could be sentenced to up to 70 years in jail.
McKinnon now faces a long battle to stay out of the US courts but says he is starting to receive a lot of support. "For a few days [after the extradition attempt was announced in June] it was very dark but I am feeling quite up now”, he said. “We have been talking to [Conservative MP] Boris Johnson who is leading an early day motion against the 2003 Extradition Act along with the Enron Three — or the NatWest Three, as they are called now, so together we are trying to get a judicial review going and to change the law".
The NatWest Three is a group of bankers who are fighting extradition to the US to face charges of embezzling £3.8m from the London bank in a deal involving Enron.
While others have taken up the fight on McKinnon’s behalf he is left to do what he can at home — without the use of the Internet, as this would violate his bail conditions. He was first investigated under the Computer Misuse Act in 2002 and released without charge. McKinnon maintains that he has done nothing wrong with computers ever since and the US charges relate to his activities before he was investigated by the UK authorities.
Click here to read the full interview, including details of the UFO evidence and antigravity technology McKinnon says he found.