Security threats Toolkit

The NASA hacker: Scapegoat or public enemy?

Tags:
Hacking NASA

Colin Barker ZDNet.co.uk

Published: 13 Jul 2005 13:35 BST

Gary McKinnon has a lot to worry about. His job prospects are bleak. He will shortly have to leave his home in North London and could be facing up to 70 years in a US federal prison — a prospect that terrifies him.

His actions have been well recorded. Over a period of years he managed to bypass the security of what should be the most sophisticated IT systems on the planet, many of which belong to the US Department of Defense (DoD) and NASA.

That was back in 2002 and he has already been investigated thoroughly by the legal authorities in this country and released without charge. No one in the UK justice system considered him a threat. But the slow-working cogs of the US legal system have finally clicked into action leaving him hanging in limbo awaiting an extradition hearing later this month.

The unemployed UFO enthusiast was, metaphorically speaking, able to walk right in, look around and make himself at home in what are supposedly some of the most secure systems in the world. Although breaking into the DoD required a combination of ingenuity and hours of mindless drudgery, ultimately it was the "dangerously lax IT systems" that made it possible, he claims. And as for the "minor" damage to the systems concerned, it was not deliberate but happened accidentally while he was trying to cover his tracks.

Mckinnon, now 39, admits that there was a period of his life when he was "addicted" to computers. It threatened his life, his health and his relationships at the time, but he couldn't leave them alone.

His interest in IT was sparked, as it was for many others, by an interest in science, science fiction and the unknown. It was the search for proof of extraterrestrial life and a potential cover-up around the events of 11 September, 2001, that led him to the restricted government sites to begin with.

His story raises some critical issues around the rights of British citizens accused of committing a crime in the US, the state of IT security internationally and the possible existence of antigravity technology in a US military establishment.

Q: Why do you think the US authorities behaved the way they did, with an extradition order?
A :Well, the reason they give is that I, on my own, closed down the entire metro district of Washington for a few days, including a weapons station, which I dispute. My thing was being quiet and not being seen and getting the information out. And also, when I was there, you do a NetStat routine and you see all the other connections to that machine and there is a permanent weakness for foreign hackers because their security is not even lax, it is non-existent. You wouldn’t believe it.

They might claim that by installing a remote control program, I opened them [the systems] up, but the access was already there. I didn't even have to crack passwords.

What about the damage you are said to have caused?
What they call damage is really just them realising that they have been accessed without authorisation. Then they say things like I deleted 300 users, deleted systems files and such. That was one instance when I did a batch file to clean up all my stuff. I think once and only once, though perhaps I ran it on the root drive of the "c:" drive. But it certainly wasn’t every machine I was on and, if you believe them, they talk about 94 networks being damaged.