World's Biggest Hacker Held

Hieronymus Howard writes "The London Evening Standard is reporting that the "worlds biggest computer hacker" has been arrested in London. Gary McKinnon, 39, was seized by the Met's extradition unit at his Wood Green home. The unemployed former computer engineer is accused of causing the U.S. government $1 billion of damage by breaking into its most secure computers at the Pentagon and NASA. He is likely to be extradited to America to face eight counts of computer crime in 14 states and could be jailed for 70 years. Apparently he broke into U.S. military computers to hunt for evidence of a UFO cover-up."

Smart? Yes. A Nut? Perhaps. How about both?

[lecithin]

"Apparently he broke into US military computers to hunt for evidence of a UFO cover-up."

It sounds like an excuse to me.

So is the guy really nutty or is this just an attempt to justify his illegal activities?

Then again, perhaps he was on to something?

Re:Smart? Yes. A Nut? Perhaps. How about both?

[markild]

LOL..

If you're that good you're doomed to either be retarded or wacko.

This obviously proves it ;)

Re:Smart? Yes. A Nut? Perhaps. How about both?

[kpansky]

Sorry. But snooping around a house, checking the door, finding it unlocked and entering without homeowner permission is still illegal.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[Lemmy Caution]

Yep. It's still illegal. But while it's illegal for a burglar to enter your unlocked house, you're no less of an idiot for leaving it unlocked. And exaggerating the scope of the break-in ("he diabolically circumvented the integrity of the house by adjusting the rotational position of the entry affordance!") has as more to do with CYA (in the case of the homeowner, perhaps to collect insurance) than it has to do with the guilt of the burglar.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[h4rm0ny]

And on a related note, what accounts for the $1billion damages? I'd wager a large part of that is plugging security holes that should not have been there in the first place. Although it's stated in the article that fixing the problem and tracking him down cost £570,000 pounds.

In fact, reading the article, I can find no reference to $1 billion. It's estimated that he may be fined £900,000 (that figure makes so much sense), but if that equates to $1 billion at the current exchange rate then I

Re:Smart? Yes. A Nut? Perhaps. How about both?

[menkhaura]

And on a related note, what accounts for the $1billion damages?

I've just read Bruce Sterling's "Hacker Crackdown", in which there is a similar claim by a large corporation (AT&T) of a document being worth almost $80k, while a very similar document was sold for 13 bucks by the same company to anyone who asked for it.

The interesting part was how they arrived to the 80k figure for a 12 page doc. In it they computed, among other things, two weeks of a typist and an observer...

Re:Smart? Yes. A Nut? Perhaps. How about both?

[Dasch]

Sure, that's true! Last year I was standing next to a house, smoking some weed, when I lost my balance, tripped, and fell through a window! I thought I might as well crash there, so I took a nap in the owner's bed.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[Omnieiunium]

He wasn't onto anything. He found nothing. Nothing at all. He did not hack into our databases or steal information. Never happened. Never.

Re:Never?

[mattspammail]

Swamp gas. It was all swamp gas, ladies and gentlemen.

He Got The Wrong System

[Hoi Polloi]

If he was really smart he would have broken into the alien computer system via the link in...ah, forgot I ever said that.

Re:He Got The Wrong System

[Metzli]

That would only work if was using an older model of Powerbook. It might also require that he looks more like Jeff Goldblum.

A Darwin Award nomination, say I!

[Dystopian Rebel]

The guy is smart enough to cobble together scripts and guess passwords so he can get into computers run by US Military Intelligence ("The World's Biggest Oxymoron", by the way)...

And what does he look for? UFO information! Now he's facing 70 years in prison.

Come on, that must be the equivalent of tipping a Coca-Cola machine onto yourself.

It's a good thing he didn't download Eminem songs!

[CyricZ]

It's a good thing he didn't download Eminem songs as well. Then he would have been in deep shit.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[prisonercx]

Don't be too sad for him, he got his wish. He's about to be far more involved with anal probing.

Re:It MOST CERTAINLY is not!

[jellomizer]

Well diffence between hacking and breaking and entering are somewhat simular. The only diffence is no physical damage to system, and potentially no logical damage as well. But that is where the difference stops.

If I owned a shop and I closed the door and forgot to lock it and turn on the security system. But put the closed sign up at the end of the day and a guy walked in and robbed me blind. And the next day we found the theif he would still be arrested for stealing or if he read my books he would still

what?

[professorhojo]

$1 billion damages? honestly - how do they come up with these figures?

they'd do better hiring this guy to teach their sysadmins a thing or two.

Re:what?

[garcia]

$1 billion damages? honestly - how do they come up with these figures?

they'd do better hiring this guy to teach their sysadmins a thing or two.

They hire overpaid techs that do shoddy work. They have to come up with these figures in order to make sure the public doesn't mind them wasting taxpayer dollars to track him down all over the world.

Re:what?

[TripMaster Monkey]

Hey! I'm one of those overpaid, shoddy techs, you insensitive clod!

Re:what?

[BJZQ8]

Exactly. In my time working with school district (a government entity, of course), consultants will come in and make a big deal about "security", and sell a district a PO a mile long with all sorts of unnecessary crap on it. I have even seen them produce port-scanning logs as evidence of "being hacked." The School Boards will happily hand over $100,000 (in a district with a $2 million yearly budget) to remedy this "security hole." It's the same in the huge government boondoggle of departments and agencies. I'm getting more and more convinced that the coming crisis of the world pulling out of US bond markets is the best thing that could happen; right now this country has unlimited money, and is busy making an unlimited bureaucracy to spend all of it...

Re:what?

[jandrese]

From what I've been able to tell over the years, the damages in these cases is almost completely made up. The FBI loves to post huge numbers on cases like these because it makes them look important. More realistic estimates based on administrator time and business lost due to the servers being unavailable tend to be far lower.

Re:what?

[elhaf]

However, in this case TFA on cnn at least, gives a figure of 1300 user accounts deleted in one instance. That probably involved real cost. He wasn't just looking for info, he was also being malicious.

Re:what?

[greg_barton]

The FBI loves to post huge numbers on cases like these because it makes them look important.

That, and it may help in budget appropriations. Your budget is likely to be cut if you don't spend all of the money in a year. If you're behind on spending, say by $100 mil, you could say "but this hacker cost us $1 billion in damages! We're only going to charge $100 mil for our trouble, though..."

Re:what?

[null etc.]

$1 billion damages? honestly - how do they come up with these figures?

Easy. Human life is "priceless", and think about how many sys admins killed themselves after getting fired for letting a UFO spook break into their systems.

Anyways, at least this guy was using his power for good. At least, we hope. Maybe he planted fake evidence of WMD in Iraq.

Re:what?

[nodwick]

The idiot article quoted in the summary got it wrong. See here [digital-lifestyles.info] or here [cnn.com]. The original article also gets the correct number in british pounds.

Using software downloaded off the internet, McKinnon allegedly hacked his way into almost 100 networks operated by NASA, the US Army, US Navy, Department of Defence and the US Air Force, with the US government estimating that his antics have cost around one million dollars (£570,000, 790,000) to track down and fix.

Re:what?

[93,000]

Duh . . .

He compromised over 3 Libraries of Congress worth of information, which costs the government such a large amount of money that, if stacked in $20 bills, it would be the size of four Volkswagen beetles. And if you don't know that it takes 1/4 billion in twenties to equeal a Volkswagen bug, then turn in your nerd card at the door.

Re:what?

[shotfeel]

Remember, this was thought to be a terrorist group attacking the US. Just guessing, but I assume security teams had to be sent out to lock down the facilities, assess damages and begin trying to figure out where these attacks came. That's just the start.

Part of the "lock down" may even include completely replaing large systems not only so you can start clean, but also so the compromised systems can be assessed, studied and used for evidence.

Then you have to figure out what other areas may have been expose

Re:what?

[peterprior]

According to the BBC [bbc.co.uk] it caused $1 million in damages not billion.

Re:what?

[Smidge204]

To be fair, the cost of finding and fixing trhe holes should not be included. After all, it was broken before he got there.

Not to mention that they should be found and fixed regardless of any intrusions.
=Smidge=

Re:what?

[the_bard17]

Not to mention trying to figure out where all those holes in security came from and patching them.

Yeah, that makes sense. Pawn the cost of fixing your security holes on the guy who found them.

If my house ever gets burglarized, I'm going to try to get the burglar to pay the contractor to fix the "hole" the burglar got in through.

Re:what?

[Zeebs]

If you call any of your doors the "hole" you might want to get your contractor to come and fix it anyway.

Re:what?

[rokzy]

>Not to mention trying to figure out where all those holes in security came from and patching them.

that's BS. you didn't see Ford suing its customers that discovered the flaws in their cars and forced fixes did you?

counter argument: Ford's customers paid for something and were then endanged.

counter counter argument: citizens pay taxes to be protected and the government fails at this job when it uses crap systems.

Re:what?

[yotto]

*there is a cost to recovering and reconstructing those accounts. Not to mention trying to figure out where all those holes in security came from and patching them.*

While I don't condone in any way what this guy did, you can't charge the guy who cracked your poor security system with fixing it. If someone breaks into your house becasue you never bought a lock for your door, you can't throw 'lock for the door' in with what he took.

Re:what?

[TripMaster Monkey]

While not $1 billion in damages there is a cost to recovering and reconstructing those accounts.

That's what backups are for. With proper backups, those deleted accounts could have been restored in hours.

NBD.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:what?

[arkanes]

If this is what you do everytime theres a break-in at your company, I fear for your security. First off, you're presuming that he didn't delete the accounts beyond ADs ability to restore them, which is a pretty big assumption. And you're ignoring the work involved in auditing the restores of all the users data and privledges, to make sure that you don't accidently restore any tampering. Dealing with a large scale security breach is complicated and a major task, and while it's not fair to pin the total cost on the hacker (like fixing the hole he came in through), the secondary costs can be quite large - auditing and figuring out how he came in in the first place, deciding exactly how much of your infrastructure you can trust after the breakin, what a safe date to restore off tape is, etc, etc.

Obligitory Slashdot Discussion

[DeadSea]

I don't believe that this guy is the world's biggest hacker. Have you seen Cowboy Neal??? Now that's big!

This guy was looking for UFOs. In Soviet Russia, UFOs look for you!

We all know that if he was an uber-hacker he would have created a Beowulf cluster of all the computers he hacked.

One billion in damages? That number has to be inflated. (Actually the article says 570000 pounds which is only about 1 Million US dollars according to my currency calculator [ostermiller.org])

1. Get paranoid about UFOs
2. Hack into the US government
3. Get caught
4. ????
5. Profit!

Re:Obligitory Slashdot Discussion

[rokzy]

you must be new here.

No, I'm New Here

[New Here]

No, I'm New Here

Re:Obligitory Slashdot Discussion

[zenneth]

heh, that's great irony... the six-digit guy telling the five-digit guy he's a noob.

Re:Obligitory Slashdot Discussion

[Paul Crowley]

Well, there's at least one instance of someone buying a three-digit (IIRC) /. account on eBay.

For how much?

Re:Obligitory Slashdot Discussion

[Thuktun]

Actually the article says 570000 pounds

Wow, that guy IS big.

Re:Obligitory Slashdot Discussion

[The Jon]

I for one welcome our newly arrested soon to be extradited worlds biggest hacker overlord. ...and maybe he has a thyroid problem, you insensitive clod.

Sweet Jesus.

[newrisejohn]

If you do $1 Billion worth of damage just to look for UFO conspiracy information, you deserve to be locked up.

Although this could help his insanity plea.

"Damage"

[Mr Guy]

Possibly, or is that "damage" in the sense of "music theft". Used in a sentence here:

He exposed how inadequate our systems are and upgrading them cost $1 billion dollars; therefore he did $1 billion dollars worth of damage.

Re:"Damage"

[Perl-Pusher]

Obviously you have never had all work completely stop while the sysadmins wiped every machine clean and restored files from backup. A hacker at Langley Research Center easily wasted $1 million dollars a day for 4 days, just in the pay to unproductive employees.

Insanity plea indeed...

[Gadgetfreak]

All he needs to do is start running at the mouth about how he knows who really killed JFK, or where Jimmy Hoffa's body is. Maybe claim that Amelia Earhart was abducted by aliens, that the gov't is controlling people with flu shots, and that Coke and Pepsi are the same thing. If he keeps going, he's bound to be labeled insane. Either that, or eventually guess something correctly.

This just in

[yotto]

The police have apologized to his mother for kicking in her door, but it was the only way they could reach the basement.

UFO cover-up

[iocc]

Did he find any evidence of a UFO cover-up?

Biggest Hacker?

[LS]

There are a lot of chubby mo-fo's sitting in front of computers late at night these days. This guy must be pretty damn big...

LS

Whoah

[LegendOfLink]

OMG, they finally caught JeffK [wikipedia.org]!?

World's Biggest Hacker?

[Dagny Taggert]

Really? Because he broke into a Pentagon network? That just makes him stupid; if he were really a big hacker, he'd be doing blackhat corporate work. UFOs! Yeah...whatever.

Re:World's Biggest Hacker?

[ArsonSmith]

No really he weighs almost 700lbs. RTFA!!! They haven't yet found a hacker that big. Although many are close.

One beeelllliiioonn dollars?

[bc90021]

1 Beeelllion Dollars?

Where do they get that from? If that's really the case, it would only take about 6,000 people to cause enough damage to double the national debt!

The article doesn't mention anything anywhere about pure damages, for starters. It mentions the costs associated with tracking and capturing the guy, and costs correcting some of the problems - combined. Those costs are listed as 570,000 pounds. At the exchange rate I just looked up (1.83 dollars to a pound), that's still only 1,054,500 dollars, which is more like a meeelllion dollars. Even if they tack on the 950,000 pound in fines, that's still not even three million.

That's a far cry from a billion... and about two million less than the damages Kevin Mitnick was supposed to have caused.

Frankly, they should have just let this guy find some "evidence" of UFOs. Then he might have spent his time trying to convince people of it instead of looking for more!

Re:One beeelllliiioonn dollars?

[bobbis.u]

The BBC article [bbc.co.uk] says $1 million.

I think some chump is getting confused about millions and billions. He probably thought the US million was a UK billion or something like that. It is now generally accepted everywhere that a billion is a 1,000 million, not a 1,000,000 million.

The wikipedia article [wikipedia.org] clarifies

In other news . . .

[ndansmith]

. . . Halliburton has won a no-bid contract from the Bush administration to fix the "$1 billion" of damages.

Re:One beeelllliiioonn dollars?

[newfoundry]

From the BBC report [bbc.co.uk]:

"The Briton was indicted in 2002 by a federal grand jury on eight counts of computer-related crimes in 14 different states.
It claimed that he hacked into an army computer at Fort Myer, Virginia, obtained administrator privileges and transmitted codes, information and commands.

Unauthorised access
He is accused of then deleting around 1,300 user accounts.
The indictment alleged Mr McKinnon also deleted "critical system files" on the computer, copied a file containing usernames and encrypted passwords for the computer and installed tools to gain unauthorised access to other computers.

A loss of over $5,000 (£2,725) to the Army stemmed from the alleged damage, according to the indictment."

So in the space of three years, $5K becomes $100M? Nice rate of return, if you can get it...

1 billion $ damage?

[vidarlo]

How does they measure the damage done by a single person. 1 billion sounds awful, and if it is this single person that has done so much damage, one must ask how he can do that. I have a feeling it falls back to relaxed security, lazy sysadins and such. And how does they compute how much damage he has done? I guess some corps use the chance to do changes when restoring, so they might in fact get a lot new, which might be incorporated into the costs. Also, destroying a solution that costed $1M to make does not mean it'll cost $1M to reimplement it... So my guess is that those costs is a bit bogus, at best.

World's biggest computer hacker

[wolfemi1]

Sooo......


Exactly how large is he?

Re:World's biggest computer hacker

[BenBenBen]

Not bigger than Kim Schmitz, surely.

Huh?

[The-Bus]

Man they need to do their fact checking a bit more. That guy looks like he's 160 lbs. tops. I know I've seen some hackers top over 300 lbs. They're a bit wilier though.

Don't they mean cracker?

[JaF893]

Surely they mean the world's biggest cracker?

Re:Don't they mean cracker?

[Morgon]

Why's it always gotta be about race?!

Re:Don't they mean cracker?

[Datamonstar]

Yes, a saltine of massive proportions.

Re:Don't they mean cracker?

[fdiskne1]

That must be it. Here [recordholders.org]'s a picture of him.

Re:Don't they mean cracker?

[guitaristx]

Everyone, please send emails to this address [mailto] of a similar nature:

Dear editor,

I am a computer hacker. By this, I mean that I enjoy learning and exploring computer technology. I have a degree in computer science, and am involved in many not-for-profit computer-technology endeavors. I am not a criminal. I do not violate computer security, I do not write malicious software, and I do not intentionally cause harm to the computer systems that I have access to. Any computer system access that I have has been given to me through legitimate means. It has come to my attention that you have used the term 'hacker' in the article linked below to indicate a person who intentionally violates computer security systems: http://www.thisislondon.co.uk/news/articles/191647 14?source=Evening%20Standard&ct=5 [thisislondon.co.uk]

The proper term for such a person is 'cracker' or 'security breaker', i.e. one that "cracks" computer security. By using the term 'hacker' in the way that your publication has done, you spread misinformation about me, and people like me. You are demeaning and destroying a culture that, above all, values learning, knowledge, and wisdom. Please stop insulting hackers by equating them with criminals. For more information, see here: http://www.catb.org/~esr/jargon/html/appendixc.htm l [catb.org]

Please issue a correction, and please make sure that a clear distinction is made in the future.

(your name here)
A Proud Hacker

And my reply, if I were an editor would be

[Sycraft-fu]

Dear Person,

As it turns out, that is not correct. According to the Merriam-Webster Unabridged Dictionary, the American Heritage Dictionary, and the Oxford English Dictionary the word hacker has two meaning in relating to computers. One of them is a person who is an expert with computer and/or someone who peruses computer knowledge for its own sake, the other is a person who uses their skill with computers to gain unauthorized access to systems.

This is not an uncommon situation in English, for a word to have two related connotations, one positive and one negative: For example the word exploit. When used as a verb it can be used to mean a full positive use of something, such as to exploit one's talents means to make full use of your talents in a good way to achieve a goal. It can also be used in a negative way, such as to exploit illegal immigrant financial gain means to take unfair advantage of someone's position to your own selfish benefit. Both uses are not only accepted, but common. It is the context that dictates the meaning of the word.

The same is true with the word hacker. Your special interest sites like Slashdot do not set the stage for the English language, nor are they the authority on its correct usage. Thus in our article using hacker to describe someone who uses computer skill to gain illegal entry to systems is in every way as correct and accurate and a skilled programmer calling themselves a hacker. Thus we will not be issuing a correction, as there is nothing to correct.

In the future if you believe a word is being used incorrectly, I suggest you make a quick check with a dictionary to ensure that you are not confused. There are several online websites including www.dictionary.com, www.oed.com, and www.webster.com that will allow you to look up the definitions of words with ease.

Sincerely,

Editor-in-Chief person.

Re:And my reply, if I were an editor would be

[guitaristx]

Good thing you're not an editor. First, www.dictionary.com shows that the malicious definition of 'hacker' is deprecated. Next, www.webster.com shows both meanings, as you say, but (as with most lexicons) the more common or more proper definitions are listed first. Notice that the malicious definition is listed last. Furthermore, in the context of the offending article, the term 'hacker' is jargon, and is therefore subject to definition by the particular field to which the jargon term belongs: computer technology. Therefore, Webster, OED, and any other general-knowledge dictionaries' definitions of said term are superseded by the generally-understood meaning within the field of computer technology.

A respectful computer expert (that is, a computer expert that respects the skills, opinions, and decisions of other computer experts) would understand the distinction between the usual news article's use of the term 'hacker' and the more correct term as I have described it. However, the average lay-person will not understand the distinction, and will be left with a negative connotation whenever encountering the word 'hacker'. Therefore, as a hacker (in the non-malicious sense), it is my duty to defend myself, and others like me, by communicating to insensitive publications the inherent offensiveness of careless use of the term 'hacker'. If a publication receives a request like mine (see GP), and chooses to respond to it as you have, it is an indication of the publication's insensitivity and intentional alienation of a significant non-malicious worldwide subculture. Therefore, if I do receive a response from either of the publications I've contacted today, and it's similar to yours, I will do whatever is in my power to spread the word about their discriminatory practices. Not that I want to do that - I hope that my letters will incite changes in the treatment of the term 'hacker'. In any case, I'm doing my part to ensure that 'hacker' loses its negative connotation, since the correct definition of it describes me, and others like me, much better than 'computer expert', 'computer enthusiast', 'geek', 'nerd', 'programmer' (et. al.). If ethnic groups can be defensive about what they wish to be called, then subcultures should have the same right.

Re:Don't they mean cracker?

[RobotRunAmok]

The media will never start using "hacker" and "cracker" the way we'd like them to

"We?" What's all this "we" stuff? The adoption of "cracker" by the script-kiddies to mean something else in addition to saltine and Southern racist and illicit-vault-opener remains among the dopey-est linguistic forays of the past twenty years. For many of "us," "cracker" can't cease having any IT-related meaning fast enough.

Of course, if "war-driving" enters the popular lexicon of national newsrooms with any meaning bey

Dreams do come true!

[geoffeg]

Well, it looks like this guy's dream will come true and he'll get that anal probe he's been searching for. Too bad it'll be by some big, hairy dude instead of a big, hairy alien dude.

Ok, but the big question isn't answered

[Weaselmancer]

Apparently he broke into US military computers to hunt for evidence of a UFO cover-up.

Did he find any?

Will they plea??

[mbathgate]

The question now is whether the government will attempt a plea deal and put him to work like we've seen in other cases. With jails full, it seems rather silly to put such useful talent behind bars when he really isn't a threat to society. Plus, he could be our secret weapon against those vicious North Koreans. He's got to be worth at least 100 NK's if he's the "biggest in the world, right?"

Re:Will they plea??

[meringuoid]

Plus, he could be our secret weapon against those vicious North Koreans. He's got to be worth at least 100 NK's if he's the "biggest in the world, right?"

What are we going to do, drop him on Pyongyang?

Translation ....

[argoff]

Now that they have him, they're bringing him back to the states to work for the US government!

Say it one more time...

[ravind]

"World's Biggest Hacker", yes we get the idea. We don't need to read it 4 times before we get to the end of the second sentence.

Free On Bail (BBC)

[Anonymous Coward]

According to this, he's free on bail:

http://news.bbc.co.uk/2/hi/uk_news/4071708.stm [bbc.co.uk]

Re:Free On Bail (BBC)

[magarity]

Free on bail + facing 70 year sentence = run awaaaaaay! run awaaaaaay!

Say G'bye to Gary

[Gadgetfreak]

If he gets extradited, I'm sure he'll be covered up along with the rest of the evidence of UFOs.

It'll be the next conspiracy...

Most secure?

[Mille Mots]

...The unemployed former computer engineer is accused of causing the US government $1billion of damage by breaking into its most secure computers at the Pentagon and Nasa...

Maybe it's just me, but any device connected to any other device is no longer to be considered as secure.

I would have guessed that the gubbermint's "most secure computers" would be airgapped, but apparently that is not the case. Or, perhaps, the author of TFA is being just a bit sensational and overdramatic. ;)

Re:Most secure?

[Rorschach1]

Even stuff classified at the 'Secret' level is kept on separate networks. If you find any SIPRNET traffic on unclassified networks, it's using NSA-approved encryption devices [fas.org] to tunnel traffic.

Of course, something as Earth-shattering as UFO proof wouldn't get anywhere near a computer only approved for 'Secret'. Think secure facilities with guards, shielded rooms and computers, and vaults. Where classified networks do exist, you'll see mandatory physical separation distances between cables to avoid crosstalk, heavy use of fiber optics, pressurized conduits, and so forth.

Fortunately I don't often have to deal with that stuff. As exciting and mysterious as classified data processing might sound, it's mostly boring and a freaking pain in the ass to deal with.

A more reputable UK Paper

[tezza]

The Independent [independent.co.uk]. They have the decency to say 'Hacker'

The Evening Standard releases The Metro and Evening Standard Lite. All are rubbish.

Photo of worlds biggest hacker finding UFOs

[hoggoth]

Here is the photo [weeklyworldnews.com] that Reuters released for this news story. It shows the worlds biggest hacker successfully getting into the Pentagon's secret UFO research labs.

He looks kinda feminine to me...

Odd facts in this case

[FunWithHeadlines]

What an incredibly odd story. Look at these quotes from the article:

"Most of the alleged hacking took place in 2001 and 2002. At one stage the US thought it was the work of the al Qaeda terror network. "

OK, so this must have been some serious stuff going down for them to think that he was al Qaeda. Or was it?

"Friends said that he broke into the networks from his home computer to try to prove his theory that the US was covering up the existence of UFOs. "

Uh oh, we're talking mentally off here.

"He is accused of a series of hacking offences including deleting "critical" files from military computers. The US authorities said the cost of tracking him down and correcting the alleged problems was more than £570,000. The offences could also see him fined up to £950,000 if found guilty on all charges. "

Here it comes, the big bill for this mentally off "al Qaeda" operative. "Lesse, captain, I spent my lunch hour running a scan." "Aha! We'll bill that time as worth £50,000!"

"Prosecutor Paul McNulty alleged that McKinnon, known online as "Solo," had perpetrated "the biggest hack of military computers ever". He was named as the chief suspect after a series of electronic break-ins occurred over 12 months at 92 separate US military and Nasa networks.

Ah, it gets better. This guy must have been hot stuff! They think he's some kind of master criminal or something. Or al Qaeda maybe.

"It is alleged that he used software available on the internet to scan tens of thousands of computers on US military networks from his home PC, looking for machines that might be exposed due to flaws in the Windows operating system.

Many of the computers he broke into were protected by easy-to-guess passwords, investigators said. In some cases, McKinnon allegedly shut down the computer systems he invaded. "

WHAT?! He's just a script kiddie??! All this fuss over some guy port scanning Windows boxes??

"The charge sheet alleges that he hacked into an army computer at Fort Myer, Virginia, where he obtained codes, information and commands before deleting about 1,300 user accounts.

Other systems he hacked into included the Pentagon's network and US army, navy and air force computers. "

So let me get this straight. Some nutcase into UFOs uses script kiddie technology to port scan Windows boxes and somehow manages to get into the Pentagon and the military? Are you kidding me? Either they are running Windows boxes with easy to guess passwords and insecure networks, or else they should have charged him with a lot worse stuff than standard port scanning. Or maybe the reporter has no clue what he did, but this doesn't add up.

The only thing that does make sense is the U.S. military thinking a script kiddie UFO chaser was a master criminal at work...

Re:script kiddie technology?

[Johnny Mozzarella]

or alien technology?

Re:Odd facts in this case

[jd]

I've done some work for NASA and the DoD in the past, and all I can say is I'm surprised by how few break-ins the guy is tied to. Typical system administration passwords are "password" according to the agency-wide briefing I was in on, the use of .rhosts on mission-critical systems is scary, and the preference of rsh/telnet over secure protocols is beyond belief.

The evidence so far is that the guy IS a skript-kiddie, and probably not a very good one at that. If, after countless reviews and endless debate, many Federal agencies are still scoring D or worse on their own evaluations, I cannot find any reason to have any confidence in their ability to secure their systems.

Perhaps, instead of wasting time chasing UFO spotters, they should be putting more time and effort into getting their own house in order. Windows machines are rated for standalone security, not network security, and Windows is only C-class even then. That may be fine for a desktop hosting seriously unimportant files, but I would not regard that as nearly good enough for servers or desktops likely to have files of significance.

For the sorts of establishments we're talking here, I would say that a minimum of B3 on internal security and something comparable for network security should be the minimum for anything beyond the kiosks they've been pushing people onto.

Error

[DigitalOSH]

Theres an error in the summary. No one claimed he was the world's biggest hacker. The quote [bbc.co.uk] was in fact "Mr McKinnon is charged with the biggest military computer hack of all time"
-Paul McNulty, US Attorney for the Eastern District of Virginia

"Most secure computers" - I doubt it

[Lemming Mark]

Unless the Pentagon and NASA have VERY VERY silly systems, their *really* important computers are simply *not* accessible to hackers. I really can't believe that truly ensitive systems wouldn't just be air-gapped from the world.

Sure, it's possible to hack intelligence agencies but it I'd put money on it failing to get you the really juicy stuff!

Re:"Most secure computers" - I doubt it

[javaxman]

Unless the Pentagon and NASA have VERY VERY silly systems, their *really* important computers are simply *not* accessible to hackers. I really can't believe that truly ensitive systems wouldn't just be air-gapped from the world.

You've never worked for the government, have you ? It shows.

Believe, my lemming friend, and try to use those critical thinking skills every once in a while. The feds can hardly even define "really important", and certainly have a hard time keeping track of their own doings. Breaki

World's Biggest Hacker

[prodangle]

I thought that at 330 pounds [newsbits.net], that title was safely held by Kim Schmitz [apechild.com].

He didn't commit a crime in the US

[thogard]

He only committed a crime in the UK even though the effects that crime where in the US. There are already enough laws in the UK about breaking into military sensitive computers that can put him in jail for a very long time and there are enough treaties with the US so that breaking into a US military computer in the UK can get you thrown in jail forever.

The judge should rule that he can't be extradited to the US until he has been tried in the UK and then only if the US has charges that don't fit into double jeopardy.

Re:MOD PARENT UP

[Doc Grimm]

Except that if it ISN'T a crime where I did the action is it still a crime? IE if I crack a US CD in the UK am I inviolation of the DMCA? What if that CD was in a drive on a PC in the USA? The question comes down to at which computer did the crime take place? The one he used, or the one he broke into? If the argument is the doing what he did at his computer is a crime, then UK should have jurisdiction with all the leagal-ese the comes with it. If, on the other hand, the crime takes place at the site o

seems he didn't find any evidence

[aurelian]

so I guess the evidence of a massive UFO cover-up must be in some even more secure US military computers, the ones he wasn't able to get into..

70 years? Nope! Offer of employment? Yes!

[Linker3000]

Methinks he might be on the NSA/FBI payroll within the month - mind you of course he will 'go' to 'prison', it's just that he'll be snuck out the back almost immediately and only return when someone he knows wants to visit.

.

One Beeelion Dollars!!!

[mojoNYC]

while i only stfa, the sum total of monetary damages seems to me to be RIAA-esque... meanwhile, why don't we hear about how much something like this costs?

3.9 Million Citigroup Customers' Data Lost [slashdot.org]

the corporate mentality never ceases to disillusion me--where's the class action lawsuit?

Good!

[Cervantes]

The little bastard deserves everything he gets. No defense coming from me here.

It's bastards like this that screw things up for grey-hats everywhere. Ok, you were curious, you wanted information, and the information wanted to be free... good enough. But you don't go deleting files and user accounts! How fraggin dumb can you be? "Hmm, I just hacked NASA and no-one knows.... I think I'll fuck things up!".

If he'd just gone looking for the information and gotten busted, I would have had sympathy for him. But he just went to wreck shit up. "Looking for UFOs" is just AOL-Speak for "Shit, I got caught being a dick and I need an excuse, quick!"

The UK should *not* extradite anyone to the US...

[johansalk]

The extradition agreement signed between the US's Ashcroft and the UK's Blunkett over terror is seriously flawed; it doesn't require the the Americans to provide *any* evidence, but demands so from the Brits, and American authorities have proved too willing to misuse it, far beyond "terror". Furthermore, the treaty removes key protections, and the UK parliament was *not* consulted at all http://tinyurl.com/4yph4 [tinyurl.com]. For all I've seen, it's all been one-sided so far, with Brits extradited for various reasons, even to a Brit CEO demanded by the Americans for "price-fixing"(!!) http://tinyurl.com/7tdkv [tinyurl.com]. The UK should *not* extradite any Brits to the US, at all!!! This American Gitmo administration is not fit for any role of justice!

Re:So...

[hamburger lady]

goes by the name of 'Brasky'. i'd say he's about 8'5", 750 pounds.

Re:So...

[eric_brissette]

I also thought it was a strange use of the word "big"

A really fat nerd was the mental picture that came to mind first.

Re:At least make an attempt to hide it...

[SirSlud]

Agreed. This is the first time in 6 years of /. where I'll actually complain about the article summary. Its confusing as hell to read, and it looks like nobody actually proof read it before it went live.

Re:"World's biggest hacker"

[CTalkobt]

Just an offtopic thought...

I'm currently listening to NPR right now and they're talking about terrorists. The question of weight brought up this question to me:

Do they have any fat suicide bombers? My thinking is no, as their bellys would cushion the impact of the bomb.

Wellcome to cynicsville, population: Me.

[Scrameustache]

I think its interesting how computer crimes (even ones that technically do no physical damage, like destroying of files/property, etc) can warrant these huge jail times, yet a confessed convicted rapist, child molester, or other misc. violent criminal can sometimes get as few as 5 years in prison.

What does that tell us? We care more about our files than our children. While I don't think that breaking into a computer system just to prove you can is a smart idea (not saying that was the case in this situati