Hacker Gary McKinnon Interviewed

G0rAk writes "The BBC World Service has a half hour audio interview with British hacker Gary McKinnon. As recently reported on/. and BBC News, Gary was arrested and freed on bail pending extradition proceedings to the U.S. There, he faces charges of gaining unauthorised access and causing criminal damage to military computers in his search for evidence of UFO coverups and anti-gravity technology of extra-terrestrial origin. In a very candid interview, Gary re-affirms that he had no malicious intent, was amazed at the ease with which he penetrated the networks, explains in detail what evidence of UFO coverups he saw, describes a personal journey through hell as he became obsessed with the project and how very scared he is that he could be facing up to seventy years in a Virginian jail. A bit of a nut, perhaps. But a fascinating listen that helps a lot in making that judgment. The Interview can be listened to with RealPlayer from 11:32 GMT (06:32 EST) on Saturday until the same time next week."

He's in for it

[confusion]

The US government is going to make an example out of him, assuming he actually gets convicted.

I have to say, though, that even if the government computers were wide open, finding documents about UFO's seems like looking for the proverbial needle in a haystack.

Jerry
http://www.cyvin.org/ [cyvin.org]

Re:Thank you Gary

[thelost]

I found a recent interview [smh.com.au] with him interesting as in it he mentioned that he was far from the only one nightly sneaking into US Gov computer networks, saying that he saw many others from all over the world doing exactly the same as him. How well protected are these systems really then?

Poor Goofball

[Kr3m3Puff]

The guy thought that 9/11 was a hoax and thought he found evidence of UFO's and "Non-Terrestrial Officers" being transfered, thinking that there is some fleet of Anti-Gravity Spacecraft. Now he is facing 70 years in an American federal prison. That is a lot of work for nothing really show for it.

Silly American military for setting up Windows with blank administrator passwords too. Whole thing is kinda silly.

Non-terrestrial Officers

[mnemonic_]

A Guardian article [guardian.co.uk] interviewing McKinnon with much of the same information in the audio interview. The most interesting part of his XYZ conspiracy "evidence" that McKinnon describes is the "non-terrestrial officers" mentioning he found in US military documents. He seems to believe that a complete U.S. space army already exists, with those involved based in military orbiting stations.

Re:Thankful only trying to extradite him

[sholden]

No he didn't deserve to die. Given the situation though it's not surprising or unexpected that he did.

Re:70 years is too much but....

[Lothsahn]

Actually, you really need to listen to the interview.

He doesn't consider what he did okay, and he even says feels bad for it. Maybe you call bullshit on this one, but I don't honestly think so... I don't think he's lying, he's just insane--not like (most) of the people at your school.

The man is a complete nut (really, listen to the interview)... he talks about the proof of UFO's he's seen, and most importantly, he isn't defending himself like a sane person would. Instead of making up a story, or letting a lawyer handling his defense, he's being completely open about what he's done. He's interacting with the world in a way that indicates that he doesn't think his message will be at all rejected or ridiculed.

What's really disturbing is the fact that he was so easily able to break into the computer networks of US military organizations. That is what REALLY scares me.

Re:Anti-Grav?

[itistoday]

I understand you're joking, but listening to the interview reveals that he did not find any information in regards to anti-gravity. However, he claims to have found plenty of evidence for UFOs, mainly in the form of very high-resolution images. Whether or not the owner of that particular system he was on intentionally left those images there for conspiracy theorists like him to find remains unknown...

Re:Thank you Gary

[James McGuigan]

His crime was to show up the US Military, somebodies head has to roll.

LOD tried something like this at Hohocon '91

[merc]

At hohocon (this was Defcon before there was such a thing as Defcon), in 1991, in Austin TX, Erik Bloodaxe and Doc Holiday from LOD announced "project green cheese", designed to entice hackers to to break into military systems to uncover evidence of extra-terrestrial activity. I don't think anyone took it seriously, but this is the first time since that in where I've heard of someone actually attempting something similiar to this (or at least with this type of motive).

This was the same con where John Draper gave his speech about phreaking in eastern Europe, and the old days of blue boxing.

Does anyone else remember Hohocon?

-merc

When does it become hacking?

[ancientt]

Okay, I can't argue that this wasn't hacking, but having recently been accused of it myself, I'm curious where other people stand.

intentionally vague but true

In my case, I was given a username and password and address of a server for ftp. I wondered what else was out there so I logged in via ssh. No special trick needed, the firewall was open, I had a server account, had a shell and all I did was gather a little basic info on what the server was and what it was running. Apparently nobody realized they had set all that up for me. Some admin panicked, somebody in authority (over me) panicked and next thing I know I'm sitting in an office explaining my actions to somebody that has a LOT more authority.

I certainly wouldn't argue that uploading root kits/security cracking tools, downloading encrypted files to attempt to crack encryption isn't wrong but what exactly is?

My questions (is it legal/is it hacking):

• Pings and traceroutes aren't hacking are they?
• What about port scans?
• Is it hacking and illegal to attempt a connection? Does it matter what port?
• When it it okay to try a generic username/password? anonymous:youremai@whatever.com: is generally okay, why not administrator::?
• How about viewing what is viewable? Is directory structure okay? What kinds of files?
• How far do you have to go before you've committed an actual punishable crime?
• How far is it ethical to let your curiousity take you?

My Experience

[techsoldaten]

I have experience working with the U.S. Federal Government as an IT contractor in various capacities. While I find it completely possible Mr. McKinnon penetrated a system using a default password and was able to access various documents, I strongly doubt people's interpretations of what he saw.

This is based on several factors in his story, including the ease with which he was able to penetrate this system as well as the total lack of understanding of the English language common to people in positions of authority in the U.S. Federal government.

First off, I have had the displeasure of being party to audits by the Office of the Inspector General and am familiar with their standards for assessing IT policy based on the security level of content being housed on the server. They are fairly standard, highly regimented, and include every possible protection someone could have imagined 3 years ago.

While these requirements do not automatically extend to military networks, they are regarded as being less stringent than military networks (for instance, you will commonly see references to 'military grade standards' when receiving proposals from other contractors).

One specific requirement of an OIG assessment is evidence of the enforcement of a password security. They check to see whether users are required to have passwords, how often passwords expire, how many characters should be in each password, the minimum number of characters that must be non-alphanumeric, etc.

The type of content Mr. McKinnon accessed surely would have been classified secret if it referred to a non-public military capability, and would probably be top secret if it referred to something of extraterrestial origin. 100% of servers containing secret documents are hardened against attack in public agencies, and I would assume the same is true with the military.

All this leads me to believe it is extremely unlikely Mr. McKinnon saw what he thinks he saw, or else he is probably not being truthful in his description of how he cracked the system. I prefer to think of this in the former, but cannot really render judgement without seeing the source materials.

The other reason I am extremely skeptical of the idea Mr. McKinnon understood what he was seeing is that people in positions of authority in the U.S. Government and in the military tend to be unable to understand English to the point they are bordering on illiterate. This is not an exaggeration, I know of several agencies that require all of their SES officers to attend remedial English classes as a requirement for employment. These people commonly use words with total disregard for their meaning, their memos often communicate instructions which are exactly the opposite of their intended message, and most importantly, they give names to things which are wholly inappropriate.

If Mr. McKinnon saw a memo referring to non-terrestrial officers, we can only guess at what that term may mean. My guess is that it refers to aerial or naval forces, but it really could be anything.

M

Air Gap?

[sharopolis]

This May be redundant, but surely even the most cynical appraisal of US Military security would admit that if they were going to have ultra secret UFO documents stored anywhere, it wouldn't be on the sodding internet.

Article sounds flimsy/fake

[StephanTual]

Am I the only one to actually read the article before posting? 3 bullet points you should consult before drawing conclusions:

- it states that the got caught because he downloaded a 'hacking program called Remotely Anywhere'. Uh? since when?
- Quoted from the article: "Q: What were the [UFO] ship names? A: I can't remember, I was smoking a lot of dope at the time."
- finally, the secret, l33t command he's using to hack in the pentagon is called 'netstat'

That article sounds flimsy and unresearched at best - in fact it has been doing the round of the free newspapers in england... you see it popping back from time to time. If the editor had taken the time to read it, it would have saved 30 minutes of everyone's life.

Re:70 years is too much but....

[G0rAk]

The British government is big enough to tell our government to piss off if it felt such a thing weren't warranted.

Actually it's only since 9/11 that we (ie the British) have relaxed our extradition proceedings for the US with a new fast track system designed (in theory) to assist in terrorist-related prosecution.

We used to be pretty stringent because we don't like extraditing anyone to countries where the person in question could face the death penalty, torture or some other inhuman form of punishment.

I don't blame Uncle Sam for our change in policy - it was our own parliament's stupid fault. But there it is.

The alarm is set. Please wake up.

[Spyral999]

I fully support Gary McKinnon for looking around piss-poorly secured military machines. I WORK for a military subcontractor, and they NEED a kick in the ass to get things right and get them secure.

If it takes someone to split their world in half and taunt their clueless admins, then so be it.

70 years in jail? Just give him a subcontractor job and get over your pride.

Not entirely convinced by his anti-gravity claims, but I'm fully convinced he can pwn the mil. It's not as hard as it sounds, believe me.

Re:70 years is too much but....

[KillShill]

yeah, in sensible britain, they shoot people to death in the back with 5 shots after they were found not to be carrying a gun, weapon or explosives and guilty of running away when several heavily-armed men came towards him in a hurry.

Extradition

[shrewtamer]

That interview was a good listen. Thanks for the link.

I am concerned that the alleged crime did not take place on American soil. So far as I know this bloke hasn't even been to the States. Certainly the "hacking" seems to have been done from a London flat.

If it happened on British soil the Americans should have the decency to respect the British courts to deal with it under British law. However decency is not something that we've come to expect from America in it its dealings with the rest of the world.

I suppose this does raise a serious question about where it actually did happen. Personally I'd say that while the effects were in the states, the direction and motivation happened in the UK and so this is where the crime took place. This seems to be by far the simplest and most pragmatic legal interpretation.

The ammount of damage he is being charged with doing seems to be ludicrous. Ok I can see how the compromised systems needed to be rebuilt....but their state of security was patently so shocking that this was required in any case - he saved them money by pointing this out sooner rather than later.

It also seems clear that this guys motivations were not malicious to the United States. I think the British courts should tell the US to stop whinging and concentrate on securing their systems. Even if their systems were unlawfully penetrated they lacked dillegence in insuring that data, particularly confidential data was not in the plain on any machine ever connected to a network.

The revelation that there exists a fleet of American spaceships is rather worrying. Is the American military under alien control? I don't believe these people could've sorted out a space fleet by themeselves - not without a blue room. Was the bombing of Iraq carried out under alien orders? If Bush and his supporters think they can get away with planting a load of goof on some computers and saying "I didn't do it", they've got another thing coming. I don't believe a word of it.

Seriously though this guy is obviously harmless. If he did any harm then its not his fault. If someone nipped into an army base and made off with some missiles and tanks then blew a few small towns up then it would be right to be more concerned with military security than the actions of the passing nutter. In fact I'd hold the military wholly responsible. I demand my right to be a passing nutter! Whether u grant it or not there will always be passing nutters.

Re:70 years is too much but....

[arkanes]

For comparison: This guy caused 900k of damage (figure inflated, because you always inflate damages). He's looking at 70 years of maximum security. Nasty.

Ebbers caused *11 billion* in damages. Over 1000 times as much. He got 20 years of soft time. Yes, Ebbers could have gotten more, but anyone want to place bets that this guy will get 20 years in a low security prison near his home so his family can visit?

Patrick Quinlan, the CEO of MCA financial, led a fraud scheme worth $256 million. He got the maximum sentence - 10 years.