Nickdfresh
07-27-2005, 04:14 PM
Last Updated: Wednesday, 8 June, 2005, 15:20 GMT 16:20 UK
Military 'hacker' freed on bail
Gary McKinnon leaving court
Gary McKinnon (seen through vehicle window) after the hearing
A British man arrested for allegedly carrying out the "biggest military computer hack of all time" has been released on bail by magistrates.
Gary McKinnon, accused of hacking into 53 US military and Nasa computers in 2001 and 2002, appeared before Bow Street magistrates in London.
The 39-year-old, of Wood Green, north London, will be back in court for an extradition hearing on 27 July.
His lawyer said he would contest extradition to the US "vigorously".
She told reporters: "Of particular concern to him is the treatment of other British nationals under the American judicial system which inspires little confidence.
"We believe that as a British national, he should be tried here in our courts by a British jury and not in the US."
Mr McKinnon, an unemployed computer systems administrator, is known on the internet as "Solo".
He is accused of hacking into computer networks operated by Nasa, the US Army, US Navy, Department of Defence and the US Air Force.
Mr McKinnon is charged with the biggest military computer hack of all time
Paul McNulty
US Attorney for the Eastern District of Virginia
One of the networks belonged to the Pentagon.
The US estimates the costs of tracking and correcting the problems he allegedly caused were around $1m (£570,000).
If he is extradited and found guilty, Mr McKinnon faces a long sentence in the US.
The Briton was indicted in 2002 by a federal grand jury on eight counts of computer-related crimes in 14 different states.
It claimed that he hacked into an army computer at Fort Myer, Virginia, obtained administrator privileges and transmitted codes, information and commands.
Unauthorised access
He is accused of then deleting around 1,300 user accounts.
The indictment alleged Mr McKinnon also deleted "critical system files" on the computer, copied a file containing usernames and encrypted passwords for the computer and installed tools to gain unauthorised access to other computers.
At the time of the indictment Paul McNulty, the US Attorney for the Eastern District of Virginia, said: "Mr McKinnon is charged with the biggest military computer hack of all time."
Mr McKinnon's solicitor, Karen Todner, estimates he could face a maximum 70-year jail sentence if convicted in the US.
She says he does not deny infiltrating US systems but says his motivation was to try to prove the existence of UFOs and to expose security failures.
http://news.bbc.co.uk/1/hi/uk/4071708.stm
______________________________________
July 09, 2005
Gary McKinnon interviewed by Jon Ronson for The Guardian
Gary McKinnon has been interviewed by writer and broadcaster Jon Ronson for The Guardian newspaper:
"Gary McKinnon has been accused of committing the 'biggest military computer hack of all time', and if extradited to the US faces up to 70 years in jail. So how did this techno geek from north London end up cracking open the Pentagon and Nasa's systems? He talks exclusively to Jon Ronson as he awaits his fate
Saturday July 9, 2005
The Guardian
In 1983, when Gary McKinnon was 17, he went to see the movie WarGames at his local cinema in Crouch End, north London. In WarGames, a geeky computer whiz kid hacks into a secret Pentagon network and, inadvertently, almost instigates world war three. Sitting in the cinema that day, the teenage Gary wondered if he, too, could be a hacker.
"Really," I say to him now, "WarGames should have put you off hacking for life."
"Well," he replies, "I didn't mean it to actually come true." WarGames ends with the Pentagon telling the young nerd how impressed they are by his technical acumen. He's probably going to grow up to have a brilliant career at Nasa or the department of defence. This is an unlikely scenario for Gary McKinnon. He currently faces 20 charges in the US, including stealing computer files, obtaining secrets that might have been "useful to an enemy", intentionally causing damage to a protected computer, and interfering with maritime navigation equipment in New Jersey. Last month he attended extradition proceedings at Bow Street magistrates court - he had, the American prosecutors said, perpetrated the "biggest military computer hack of all time". He "caused damage and impaired the integrity of information ... The US military district of Washington became inoperable and the cost of repairing the shutdown was $700,000 ... These [hacking attacks] occurred immediately after 9/11 ... " And so on.
This is Gary's first interview. He called me out of the blue on the Monday before last, just as I was screaming at my child to stop knocking on people's doors and running away. "Your son sounds like a hacker," he told me. Then he invited me to his house in Bounds Green, north London. He is good-looking, funny, slightly camp, nerdy, chain-smokes Benson & Hedges, and is terrified. "I'm walking down the road and I find I can't control my own legs," he says. "And I'm sitting up all night thinking about jail and about being arse-fucked. An American jail. And remember, according to them I was making Washington inoperable 'immediately after September 11'. I'm having all these visions of ... " Gary puts on a redneck prisoner voice, "'What you doing attacking our country, boy? Pick up that soap.' Yeah, it is absolutely fucking terrifying. Especially because a friend of mine was on holiday in America once and was viciously attacked and ended up killing the guy who attacked him - he did 10 years in an American prison. He's quite a tough guy, and he said he had to fight tooth and nail every single day, no let up at all. And I'm thinking, 'I'm only a little nerd'."
The prison sentence the US justice department is seeking - should Gary be successfully extradited - is up to 70 years. What Gary was hunting for, as he snooped around Nasa, and the Pentagon's network, was evidence of a UFO cover-up.
Gary McKinnon was born in Glasgow in 1966. His father ran a scaffolding gang, but his parents separated when he was six and he moved to London with his mother and stepfather, a bit of a UFO buff. "He comes from Falkirk," Gary says, "and just outside Falkirk there's a place called Bonnybridge, which is the UFO capital of the world. When he lived there, he had a dream that he was walking around Bonnybridge seeing huge ships. He told me this and it inflamed my curiosity. He was a great science fiction reader. So, him being my second father, I started reading science fiction, too, and doing everything he did."
Gary read Isaac Asimov and Robert Heinlein - "the golden age of science fiction" - and he joined Bufora, the British UFO Research Association, when he was 15. Bufora describes itself as "a nationwide network of around 300 people, who have a dedicated, noncultist interest in understanding the wide-ranging extent of the UFO enigma".
"So you began to believe in UFOs," I say.
"To hope," says Gary, "that there might be something more advanced than us, keeping a friendly eye on us. Hopefully a friendly eye." Then he saw WarGames, and he thought, "Can you really do it? Can you really gain unauthorised access to incredibly interesting places? Surely it can't be that easy." And so, in 1995, he gave it a try.
He sat in his girlfriend Tamsin's aunt's house in Crouch End, and he began to hack. He downloaded a program that searched for computers that used the Windows operating system, scanned addresses and pinpointed administrator user names that had no passwords. Basically, what Gary was looking for - and found time and again - were network administrators within high levels of the US government and military establishments who hadn't bothered to give themselves passwords. That's how he got in.
His Bufora friends "were living in cloud cuckoo land", he says. "All those conspiracy theorists seemed more concerned with believing it than proving it." He wanted evidence. He did a few trial runs, successfully hacking into Oxford University's network, for example, and he found the whole business "incredibly exciting. And then it got more exciting when I started going to places where I really shouldn't be".
"Like where?" I ask.
"The US Space Command," he says.
And so, for the next seven years, on and off, Gary sat in his girlfriend's aunt's house, a joint in the ashtray and a can of Foster's next to the mouse pad, and he snooped. From time to time, some Nasa scientist sitting at his desk somewhere would see his cursor move for no apparent reason. On those occasions, Gary's connection would be abruptly cut. This would never fail to freak out the then-stoned Gary.
He sounds to me like a virtuoso hacker, although I am someone who can barely download RealPlayer. I nod blankly as he says things like, "You get on to easy networks, like Support and Logistics, in order to exploit the trust relationship that military departments have between each other, and once you get on to an easy thing, you find out what networks they trust and then you hop and hop and hop, and eventually you think, 'That looks a bit more secretive.' " When I ask if he is brilliant, he says no. He's just an ordinary self-taught techie. And, he says, he was never alone.
"Once you're on the network, you can do a command called NetStat - Network Status - and it lists all the connections to that machine. There were hackers from Denmark, Italy, Germany, Turkey, Thailand ..."
"All on at once?" I ask. "You could see hackers from all over the world, snooping around, without the spaceniks or the military realising?"
"Every night," he says, "for the entire five to seven years I was doing this."
"Do you think they're still there? Are they still at it? Or have they been arrested, too?"
Gary says he doesn't know.
"What was the most exciting thing you saw?" I ask.
"I found a list of officers' names," he claims, "under the heading 'Non-Terrestrial Officers'."
"Non-Terrestrial Officers?" I say.
"Yeah, I looked it up," says Gary, "and it's nowhere. It doesn't mean little green men. What I think it means is not earth-based. I found a list of 'fleet-to-fleet transfers', and a list of ship names. I looked them up. They weren't US navy ships. What I saw made me believe they have some kind of spaceship, off-planet."
"The Americans have a secret spaceship?" I ask.
"That's what this trickle of evidence has led me to believe."
"Some kind of other Mir that nobody knows about?"
"I guess so," says Gary.
"What were the ship names?"
"I can't remember," says Gary. "I was smoking a lot of dope at the time. Not good for the intellect."
This was November 2000. By now, Gary was hooked. He quit his job as a systems administrator for a small business, "which hugely pissed off my girlfriend Tamsin. It was the last straw. She dumped me and started seeing this other bloke because I was such a selfish waste of space. Poor Tamsin. And she was the one paying the phone bill because I didn't have a job. We were still living together. God, have you ever tried living with someone after you've split up? It's bad."
So while Tamsin was trying to get on with her new relationship, Gary was in the living room of her aunt's house, hacking. He snooped around all the Forts - Fort Meade, Fort Benning, etc - reading internal court martial reports of soldiers getting imprisoned for rape and murder and drug abuse. At the Johnson Space Centre he spied on photographs of cigar-shaped objects that might have been UFOs but - he says - were probably satellites. "You end up lusting after more and more complex security measures," he says. "It was like a game. I loved computer games. I still do. It was like a real game. It was addictive. Hugely addictive."
It was never really politically motivated. The most political he's ever got is to attend a Noam Chomsky lecture. A John Pilger book sits on the coffee table next to his bed. Yes, he was hacking in the immediate aftermath of September 11, but only because he wanted to see if there was a conspiracy afoot. "Why did the building fall like a controlled series of explosions? " he says. "I hate conspiracy theories, so I thought I'd find out for myself."
"And did you find a conspiracy?" I ask.
"No," he says.
He strenuously denies the justice department's charge that he caused the "US military district of Washington" to become "inoperable". Well, once, he admits, but only once, he inadvertently pressed the wrong button and may have deleted some government files.
"What did you do then?"
"I thought, 'Ooh, bloody hell,' " he says. "And that's when I stopped for a while. And then my friend told me about Darpa. And so I started again."
Darpa is the Defence Advanced Research Projects Agency, an intriguing collection of brilliant military scientists, funded by the Pentagon. Darpa has been widely credited with inventing, among other things, the internet, the global positioning system, the computer mouse, and - somewhat more boneheadedly - FutureMAP, an online futures market designed to predict assassinations and bombings by encouraging investor speculation in such crimes. The US Senate once described FutureMAP as "an unbelievably stupid idea". Darpa has long been of interest to conspiracy theorists because it is semi-secretive, bizarre (they have put much effort into creating a team of telepathic spies) and occupies that murky world that lies between science and war.
Gary heard from a friend that Darpa might have invented a robot soldier, so he hacked in and claims he found evidence of "an autonomous machine that would go in and do the dirty work. These things could go upstairs and look for bombs. You wouldn't have to send in real people. And I also found these awful special forces training videos of guys running around, doing close-quarter battle. It was ridiculous. These yellow words would flash on to the video: 'BRUTALITY! REMEMBER BRUTALITY! SHOCK! DOMINATION!' You're thinking, 'Oh my God!' It was like Batman." I tell Gary that I've seen videos like that - incredibly fierce special forces training videos - when I was researching my book about US psychological operations.
"It's as if investigative journalism has died," he replies. "That's all I was doing. The only difference between you and me was that you were invited."
Gary was caught in November 2002. He says it was inevitable, in retrospect, because he was "getting a bit sloppy". He pauses. "I'd never have envisaged this happening to myself, but I did get a bit megalomaniacal as well. It got a bit silly. I ended up talking to people I hacked into."
"Saying 'I'm a hacker'?"
"No," he says, "I'd instant message them, using WordPad, with a bit of a political diatribe. You know, I'd leave a message on their desktop that read 'Secret government is blah blah blah.' " They found Gary in the end because he'd used his own email address to download a hacking program called Remotely Anywhere. "God knows why I used my real email address," he says. "I suppose it means I'm not a secretive, sophisticated, checking-myself-every-step-of-the-way type of hacker."
On the night before his arrest, Gary had been up playing games. "Maybe I'd been doing a bit of weak, fun hacking, too," he says. "I'd had one hour's sleep, and I woke up completely muddled, and suddenly at the bottom of my bed there was this voice: 'Hello, my name's Jeff Donson from the National High Tech Crime Unit. Gary McKinnon, you're under arrest!' They put Tamsin and me in the meat-wagon. They took my PC, Tamsin's PC, three other computers I was fixing for friends. They went upstairs and took my girlfriend's auntie's daughter's computer."
Gary was kept in a police station overnight. Then the Americans offered him a deal, via his British solicitor. "They said, 'If you incur the cost of the whole extradition process, be a good boy, come over here, we'll give you three or four years, rather than the whole sentence.' I said, 'OK, give me that in writing.' They said, 'Oh no, we can't do that.' So they were offering a secret trial, no right of appeal on the outcome, no comment to the newspapers, and nothing in writing. My solicitor, doing her job, advised me to take it, and when I said no, she was very, 'Ooh, they're going to come down heavy.' "
In return, Gary offered a somewhat hare-brained counter deal, via a Virginia public defender. "I made a sort of veiled threat to them. I said, 'You know the places I've been, so you know the stuff I've seen' kind of thing." He pauses and blushes slightly. "That didn't work."
"So you were saying, 'If you go heavy on me, I'll tell people what I found'?"
"Yeah," he says. "And I found out that my landline was being bugged, so every time I was on the phone talking to a friend about it, I made sure I'd say, 'All I want is a quiet life, but if they really want to drag me through it, I'll drag them through the shit, too.' "
"And what would you have dragged them through the shit about?" I ask.
"You know," says Gary, "the, uh, Non-Terrestrial Officers. The spaceships. 'The whole world thinks it's cooperating in building the International Space Station, but you've already got a space-based army that you refer to as Non-Terrestrial Officers'."
There is a silence.
"I had very little evidence," he admits. "It's not a very good bargaining chip at all, really, is it?"
Given that the justice department has announced that the information Gary downloaded was not "classified", and he was stoned much of the time, perhaps we can assume that Nasa is not too worried about his "discoveries".
I ask Gary what's he's going to do next. He says on Friday he's off to the Trocadero in Piccadilly Circus, for the London 2600 meeting. He explains that they're known as a hacking group, but really they're a bunch of "unqualified experts who drink lots of beer and tell you all the funky undocumented things you can do with your mobile phones. They wire up PlayStation 2s and X-Boxes to dance mats. They play with technology and bend stuff without breaking it."
I ask Gary if they see him as some kind of mythical hero, now that the US government has described him as the biggest military hacker of all time. He says, no, they see him as a complete idiot. And, in some ways, he is indeed a complete idiot. Well, he is a likable and intelligent geeky man who did many, many idiotic things. What he is not, his friends and supporters reckon, is someone who deserves extradition and 70 years in an American jail. They've set up a Free Gary McKinnon website (spy.org.uk/freegary).
Gary's never spoken publicly before, but now, with the extradition proceedings, he says there's nothing left open to him. For a while, it crossed his mind he might end up like the computer nerd from WarGames, having a brilliant career working for them. "They need people like me," he says. But that's not going to happen.
He's also chosen to talk now because his chances of getting a job have diminished to practically zero. "For the first time in the past few years, I just had a solid work offer," he says. "Game-testing. Which would have been a dream for me. I'm still a big kid like that. I'd love to do that for a job. But now, as a condition of this bail, I'm not allowed to touch the internet. So that was out of the window. So. Yeah. I thought, fuck it."
He and Tamsin have split up. He no longer lives in Crouch End but in the nearby, slightly more down-at-heel Bounds Green, and has given up smoking dope. He is not allowed near the internet, not allowed a passport, and spends a lot of time reading and sitting in the pub, awaiting his fate.
Nothing much happened in the years since his arrest in 2002 under the Computer Misuse Act - no charges were brought against him in the UK. Then on June 8 this year, he suddenly found himself in front of Bow Street magistrates, the target of extradition proceedings. That's when the panic attacks kicked in again, the horror visions of life in an American jail. He had poked around, he says, but he hadn't broken anything, besides that one inadvertent mistake. He thought he was going to get a year, max. Now they're talking about 70 years.
"You know," he says as we finish the interview, "everyone thinks this is fun or exciting. But it isn't exciting to me. It is terrifying."
His next extradition hearing is on July 27"
Posted by wtwu at 09:18 PM | Comments (27) | TrackBack
US Army Computer Crime Investigation Unit
Government Computer News has an article on the US Army’s Computer Crime Investigative Unit:
“CCIU agents respond to and investigate network intrusions and other computer-related felonies across the globe,” Andrews said. “Given the so-called borderless nature of Internet-based crime, many of CCIU’s cases involve investigative leads in foreign countries, adding even more complexity to cases that can often involve hundreds of thousands of dollars in damages."
One such case occurred three years ago.
Gary McKinnon, a computer administrator from London, faces extradition for charges that he hacked into military and NASA computer systems, deleting files and blocking access to the Internet, officials said. The incident occurred over a 12-month period during 2001 and 2002. CCIU gathered evidence and led the international investigation that resulted in McKinnon’s arrest.
Special agent Brent A. Pack, operations officer of the Fort Belvoir, Va.-based unit, said nabbing the hacker involved “collecting, examining and reporting more than 1T of electronic evidence.”
McKinnon was indicted by a U.S. grand jury in 2002 on eight counts of computer crimes and is scheduled for an extradition hearing on July 27 in London."
Posted by wtwu at 08:55 AM | Comments (4) | TrackBack
June 17, 2005
FCW: Army rebuilds network defenses after hacks
It looks as if the US Army has still been having problems with computer intrusions via NIPRNET:
Army rebuilds network defenses after hacks
CIO responds with enterprise consolidation initiative
BY Frank Tiboni
Published on Jun. 13, 2005
Federal Computer Week
The Army has spent millions of dollars in the past year and a half to rebuild networks at major U.S. bases after hackers penetrated its systems, Army and industry officials said.
The incidents at the bases were serious enough that Army information technology officials pulled the plug on the connection to the Defense Department's Non-classified IP Router Network (NIPRNET)."
"As a result of the Army's network intrusions, Pentagon officials instructed the service to devise a plan to improve network security. Army IT officials have worked to improve network security and operations and to rebuild the networks at the facilities that were attacked.
The Army is developing an enterprise consolidation plan for next year that will reduce the number of networks and help improve the service's network defenses, Army and industry officials said.
The Army could spend millions of dollars repairing and upgrading the networks at two Army installations, said George Hermalik, Continental U.S. risk mitigation team leader in the Enterprise Systems Technology Activity (ESTA) in the Army's Network Enterprise Technology Command (Netcom). He spoke last week at the 2005 Army IT conference in Las Vegas.
Hermalik declined to specify what installations were involved in the effort. But Maj. Gen. Dennis Moran, director of information operations, networks and space in the Army's Office of the Chief Information Officer, said in a speech at the conference that Fort Hood, Texas, has a huge information security problem.
An industry official familiar with the situation said there have been hackings at Fort Hood, home of the 4th Infantry Division and the service's first digitized division, and Fort Bragg, N.C., the location of the 82nd Airborne Division and the service's elite paratroop forces. An Army IT official with knowledge of the events confirmed the hack"ings at Fort Hood, but would not comment on the other installation. He said remediation efforts have been ongoing at Fort Hood for the past two years.
Army IT officials declined to comment on the hackings' location and nature because that could give enemies insight about perceived or actual vulnerabilities in the service's networks. Fort Hood officials deferred comment to Army headquarters at the Pentagon.
Army IT executives took bold measures to improve network operations and rebuild networks after the events at the two bases. At one installation, leaders ignored concerns and advice from the Army's IT staff, so the IT executives cut the base's NIPRNET connection.
An Army IT official, who spoke on the condition of anonymity, said Gen. Richard Cody, the Army's vice chief of staff, the service's second highest officer, urged the bases to follow Army headquarters policy. The installation's connection to NIPRNET was restored after officials at the base complied with the Army's security regulations.
The effort to upgrade networks shows that service IT leaders take network operations seriously, Army and industry officials said. They said Lt. Gen. Steve Boutelle, CIO; Maj. Gen. James Hylton, Netcom commanding general; and Joe Capps, ESTA director, have been "brilliant and ruthless" in dealing with the Army's computer security problems.
"We are a nation at war, and although protection of our networks has always been a high priority, we are even more vigilant now, and the less the enemy knows, the better it is for the people who protect our networks and the soldiers they serve," said Vernon Bettencourt Jr., the Army's deputy CIO, in a statement. "I will not go into specifics on what types of defensive measures we have in place. However, I will say that great emphasis is placed on constant vigilance."
Remediation of the networks involves scanning networks for vulnerabilities, applying patches to operating systems and applications, and establishing appropriate security measures, Bettencourt said.
The Army plans to consolidate servers and networks servicewide to create a more secure, manageable environment, Army officials say.
The service will reduce the number of servers from between 3,000 and 10,000 to 800 and the number of connections to the Non-classified IP Router Network from about 199 to six, according to a presentation at the 2005 Army information technology conference held in Las Vegas last week.
The move will help the Army create a secure network boundary with a limited number of entry and exit points to the Internet.
— Frank Tiboni"
Military 'hacker' freed on bail
Gary McKinnon leaving court
Gary McKinnon (seen through vehicle window) after the hearing
A British man arrested for allegedly carrying out the "biggest military computer hack of all time" has been released on bail by magistrates.
Gary McKinnon, accused of hacking into 53 US military and Nasa computers in 2001 and 2002, appeared before Bow Street magistrates in London.
The 39-year-old, of Wood Green, north London, will be back in court for an extradition hearing on 27 July.
His lawyer said he would contest extradition to the US "vigorously".
She told reporters: "Of particular concern to him is the treatment of other British nationals under the American judicial system which inspires little confidence.
"We believe that as a British national, he should be tried here in our courts by a British jury and not in the US."
Mr McKinnon, an unemployed computer systems administrator, is known on the internet as "Solo".
He is accused of hacking into computer networks operated by Nasa, the US Army, US Navy, Department of Defence and the US Air Force.
Mr McKinnon is charged with the biggest military computer hack of all time
Paul McNulty
US Attorney for the Eastern District of Virginia
One of the networks belonged to the Pentagon.
The US estimates the costs of tracking and correcting the problems he allegedly caused were around $1m (£570,000).
If he is extradited and found guilty, Mr McKinnon faces a long sentence in the US.
The Briton was indicted in 2002 by a federal grand jury on eight counts of computer-related crimes in 14 different states.
It claimed that he hacked into an army computer at Fort Myer, Virginia, obtained administrator privileges and transmitted codes, information and commands.
Unauthorised access
He is accused of then deleting around 1,300 user accounts.
The indictment alleged Mr McKinnon also deleted "critical system files" on the computer, copied a file containing usernames and encrypted passwords for the computer and installed tools to gain unauthorised access to other computers.
At the time of the indictment Paul McNulty, the US Attorney for the Eastern District of Virginia, said: "Mr McKinnon is charged with the biggest military computer hack of all time."
Mr McKinnon's solicitor, Karen Todner, estimates he could face a maximum 70-year jail sentence if convicted in the US.
She says he does not deny infiltrating US systems but says his motivation was to try to prove the existence of UFOs and to expose security failures.
http://news.bbc.co.uk/1/hi/uk/4071708.stm
______________________________________
July 09, 2005
Gary McKinnon interviewed by Jon Ronson for The Guardian
Gary McKinnon has been interviewed by writer and broadcaster Jon Ronson for The Guardian newspaper:
"Gary McKinnon has been accused of committing the 'biggest military computer hack of all time', and if extradited to the US faces up to 70 years in jail. So how did this techno geek from north London end up cracking open the Pentagon and Nasa's systems? He talks exclusively to Jon Ronson as he awaits his fate
Saturday July 9, 2005
The Guardian
In 1983, when Gary McKinnon was 17, he went to see the movie WarGames at his local cinema in Crouch End, north London. In WarGames, a geeky computer whiz kid hacks into a secret Pentagon network and, inadvertently, almost instigates world war three. Sitting in the cinema that day, the teenage Gary wondered if he, too, could be a hacker.
"Really," I say to him now, "WarGames should have put you off hacking for life."
"Well," he replies, "I didn't mean it to actually come true." WarGames ends with the Pentagon telling the young nerd how impressed they are by his technical acumen. He's probably going to grow up to have a brilliant career at Nasa or the department of defence. This is an unlikely scenario for Gary McKinnon. He currently faces 20 charges in the US, including stealing computer files, obtaining secrets that might have been "useful to an enemy", intentionally causing damage to a protected computer, and interfering with maritime navigation equipment in New Jersey. Last month he attended extradition proceedings at Bow Street magistrates court - he had, the American prosecutors said, perpetrated the "biggest military computer hack of all time". He "caused damage and impaired the integrity of information ... The US military district of Washington became inoperable and the cost of repairing the shutdown was $700,000 ... These [hacking attacks] occurred immediately after 9/11 ... " And so on.
This is Gary's first interview. He called me out of the blue on the Monday before last, just as I was screaming at my child to stop knocking on people's doors and running away. "Your son sounds like a hacker," he told me. Then he invited me to his house in Bounds Green, north London. He is good-looking, funny, slightly camp, nerdy, chain-smokes Benson & Hedges, and is terrified. "I'm walking down the road and I find I can't control my own legs," he says. "And I'm sitting up all night thinking about jail and about being arse-fucked. An American jail. And remember, according to them I was making Washington inoperable 'immediately after September 11'. I'm having all these visions of ... " Gary puts on a redneck prisoner voice, "'What you doing attacking our country, boy? Pick up that soap.' Yeah, it is absolutely fucking terrifying. Especially because a friend of mine was on holiday in America once and was viciously attacked and ended up killing the guy who attacked him - he did 10 years in an American prison. He's quite a tough guy, and he said he had to fight tooth and nail every single day, no let up at all. And I'm thinking, 'I'm only a little nerd'."
The prison sentence the US justice department is seeking - should Gary be successfully extradited - is up to 70 years. What Gary was hunting for, as he snooped around Nasa, and the Pentagon's network, was evidence of a UFO cover-up.
Gary McKinnon was born in Glasgow in 1966. His father ran a scaffolding gang, but his parents separated when he was six and he moved to London with his mother and stepfather, a bit of a UFO buff. "He comes from Falkirk," Gary says, "and just outside Falkirk there's a place called Bonnybridge, which is the UFO capital of the world. When he lived there, he had a dream that he was walking around Bonnybridge seeing huge ships. He told me this and it inflamed my curiosity. He was a great science fiction reader. So, him being my second father, I started reading science fiction, too, and doing everything he did."
Gary read Isaac Asimov and Robert Heinlein - "the golden age of science fiction" - and he joined Bufora, the British UFO Research Association, when he was 15. Bufora describes itself as "a nationwide network of around 300 people, who have a dedicated, noncultist interest in understanding the wide-ranging extent of the UFO enigma".
"So you began to believe in UFOs," I say.
"To hope," says Gary, "that there might be something more advanced than us, keeping a friendly eye on us. Hopefully a friendly eye." Then he saw WarGames, and he thought, "Can you really do it? Can you really gain unauthorised access to incredibly interesting places? Surely it can't be that easy." And so, in 1995, he gave it a try.
He sat in his girlfriend Tamsin's aunt's house in Crouch End, and he began to hack. He downloaded a program that searched for computers that used the Windows operating system, scanned addresses and pinpointed administrator user names that had no passwords. Basically, what Gary was looking for - and found time and again - were network administrators within high levels of the US government and military establishments who hadn't bothered to give themselves passwords. That's how he got in.
His Bufora friends "were living in cloud cuckoo land", he says. "All those conspiracy theorists seemed more concerned with believing it than proving it." He wanted evidence. He did a few trial runs, successfully hacking into Oxford University's network, for example, and he found the whole business "incredibly exciting. And then it got more exciting when I started going to places where I really shouldn't be".
"Like where?" I ask.
"The US Space Command," he says.
And so, for the next seven years, on and off, Gary sat in his girlfriend's aunt's house, a joint in the ashtray and a can of Foster's next to the mouse pad, and he snooped. From time to time, some Nasa scientist sitting at his desk somewhere would see his cursor move for no apparent reason. On those occasions, Gary's connection would be abruptly cut. This would never fail to freak out the then-stoned Gary.
He sounds to me like a virtuoso hacker, although I am someone who can barely download RealPlayer. I nod blankly as he says things like, "You get on to easy networks, like Support and Logistics, in order to exploit the trust relationship that military departments have between each other, and once you get on to an easy thing, you find out what networks they trust and then you hop and hop and hop, and eventually you think, 'That looks a bit more secretive.' " When I ask if he is brilliant, he says no. He's just an ordinary self-taught techie. And, he says, he was never alone.
"Once you're on the network, you can do a command called NetStat - Network Status - and it lists all the connections to that machine. There were hackers from Denmark, Italy, Germany, Turkey, Thailand ..."
"All on at once?" I ask. "You could see hackers from all over the world, snooping around, without the spaceniks or the military realising?"
"Every night," he says, "for the entire five to seven years I was doing this."
"Do you think they're still there? Are they still at it? Or have they been arrested, too?"
Gary says he doesn't know.
"What was the most exciting thing you saw?" I ask.
"I found a list of officers' names," he claims, "under the heading 'Non-Terrestrial Officers'."
"Non-Terrestrial Officers?" I say.
"Yeah, I looked it up," says Gary, "and it's nowhere. It doesn't mean little green men. What I think it means is not earth-based. I found a list of 'fleet-to-fleet transfers', and a list of ship names. I looked them up. They weren't US navy ships. What I saw made me believe they have some kind of spaceship, off-planet."
"The Americans have a secret spaceship?" I ask.
"That's what this trickle of evidence has led me to believe."
"Some kind of other Mir that nobody knows about?"
"I guess so," says Gary.
"What were the ship names?"
"I can't remember," says Gary. "I was smoking a lot of dope at the time. Not good for the intellect."
This was November 2000. By now, Gary was hooked. He quit his job as a systems administrator for a small business, "which hugely pissed off my girlfriend Tamsin. It was the last straw. She dumped me and started seeing this other bloke because I was such a selfish waste of space. Poor Tamsin. And she was the one paying the phone bill because I didn't have a job. We were still living together. God, have you ever tried living with someone after you've split up? It's bad."
So while Tamsin was trying to get on with her new relationship, Gary was in the living room of her aunt's house, hacking. He snooped around all the Forts - Fort Meade, Fort Benning, etc - reading internal court martial reports of soldiers getting imprisoned for rape and murder and drug abuse. At the Johnson Space Centre he spied on photographs of cigar-shaped objects that might have been UFOs but - he says - were probably satellites. "You end up lusting after more and more complex security measures," he says. "It was like a game. I loved computer games. I still do. It was like a real game. It was addictive. Hugely addictive."
It was never really politically motivated. The most political he's ever got is to attend a Noam Chomsky lecture. A John Pilger book sits on the coffee table next to his bed. Yes, he was hacking in the immediate aftermath of September 11, but only because he wanted to see if there was a conspiracy afoot. "Why did the building fall like a controlled series of explosions? " he says. "I hate conspiracy theories, so I thought I'd find out for myself."
"And did you find a conspiracy?" I ask.
"No," he says.
He strenuously denies the justice department's charge that he caused the "US military district of Washington" to become "inoperable". Well, once, he admits, but only once, he inadvertently pressed the wrong button and may have deleted some government files.
"What did you do then?"
"I thought, 'Ooh, bloody hell,' " he says. "And that's when I stopped for a while. And then my friend told me about Darpa. And so I started again."
Darpa is the Defence Advanced Research Projects Agency, an intriguing collection of brilliant military scientists, funded by the Pentagon. Darpa has been widely credited with inventing, among other things, the internet, the global positioning system, the computer mouse, and - somewhat more boneheadedly - FutureMAP, an online futures market designed to predict assassinations and bombings by encouraging investor speculation in such crimes. The US Senate once described FutureMAP as "an unbelievably stupid idea". Darpa has long been of interest to conspiracy theorists because it is semi-secretive, bizarre (they have put much effort into creating a team of telepathic spies) and occupies that murky world that lies between science and war.
Gary heard from a friend that Darpa might have invented a robot soldier, so he hacked in and claims he found evidence of "an autonomous machine that would go in and do the dirty work. These things could go upstairs and look for bombs. You wouldn't have to send in real people. And I also found these awful special forces training videos of guys running around, doing close-quarter battle. It was ridiculous. These yellow words would flash on to the video: 'BRUTALITY! REMEMBER BRUTALITY! SHOCK! DOMINATION!' You're thinking, 'Oh my God!' It was like Batman." I tell Gary that I've seen videos like that - incredibly fierce special forces training videos - when I was researching my book about US psychological operations.
"It's as if investigative journalism has died," he replies. "That's all I was doing. The only difference between you and me was that you were invited."
Gary was caught in November 2002. He says it was inevitable, in retrospect, because he was "getting a bit sloppy". He pauses. "I'd never have envisaged this happening to myself, but I did get a bit megalomaniacal as well. It got a bit silly. I ended up talking to people I hacked into."
"Saying 'I'm a hacker'?"
"No," he says, "I'd instant message them, using WordPad, with a bit of a political diatribe. You know, I'd leave a message on their desktop that read 'Secret government is blah blah blah.' " They found Gary in the end because he'd used his own email address to download a hacking program called Remotely Anywhere. "God knows why I used my real email address," he says. "I suppose it means I'm not a secretive, sophisticated, checking-myself-every-step-of-the-way type of hacker."
On the night before his arrest, Gary had been up playing games. "Maybe I'd been doing a bit of weak, fun hacking, too," he says. "I'd had one hour's sleep, and I woke up completely muddled, and suddenly at the bottom of my bed there was this voice: 'Hello, my name's Jeff Donson from the National High Tech Crime Unit. Gary McKinnon, you're under arrest!' They put Tamsin and me in the meat-wagon. They took my PC, Tamsin's PC, three other computers I was fixing for friends. They went upstairs and took my girlfriend's auntie's daughter's computer."
Gary was kept in a police station overnight. Then the Americans offered him a deal, via his British solicitor. "They said, 'If you incur the cost of the whole extradition process, be a good boy, come over here, we'll give you three or four years, rather than the whole sentence.' I said, 'OK, give me that in writing.' They said, 'Oh no, we can't do that.' So they were offering a secret trial, no right of appeal on the outcome, no comment to the newspapers, and nothing in writing. My solicitor, doing her job, advised me to take it, and when I said no, she was very, 'Ooh, they're going to come down heavy.' "
In return, Gary offered a somewhat hare-brained counter deal, via a Virginia public defender. "I made a sort of veiled threat to them. I said, 'You know the places I've been, so you know the stuff I've seen' kind of thing." He pauses and blushes slightly. "That didn't work."
"So you were saying, 'If you go heavy on me, I'll tell people what I found'?"
"Yeah," he says. "And I found out that my landline was being bugged, so every time I was on the phone talking to a friend about it, I made sure I'd say, 'All I want is a quiet life, but if they really want to drag me through it, I'll drag them through the shit, too.' "
"And what would you have dragged them through the shit about?" I ask.
"You know," says Gary, "the, uh, Non-Terrestrial Officers. The spaceships. 'The whole world thinks it's cooperating in building the International Space Station, but you've already got a space-based army that you refer to as Non-Terrestrial Officers'."
There is a silence.
"I had very little evidence," he admits. "It's not a very good bargaining chip at all, really, is it?"
Given that the justice department has announced that the information Gary downloaded was not "classified", and he was stoned much of the time, perhaps we can assume that Nasa is not too worried about his "discoveries".
I ask Gary what's he's going to do next. He says on Friday he's off to the Trocadero in Piccadilly Circus, for the London 2600 meeting. He explains that they're known as a hacking group, but really they're a bunch of "unqualified experts who drink lots of beer and tell you all the funky undocumented things you can do with your mobile phones. They wire up PlayStation 2s and X-Boxes to dance mats. They play with technology and bend stuff without breaking it."
I ask Gary if they see him as some kind of mythical hero, now that the US government has described him as the biggest military hacker of all time. He says, no, they see him as a complete idiot. And, in some ways, he is indeed a complete idiot. Well, he is a likable and intelligent geeky man who did many, many idiotic things. What he is not, his friends and supporters reckon, is someone who deserves extradition and 70 years in an American jail. They've set up a Free Gary McKinnon website (spy.org.uk/freegary).
Gary's never spoken publicly before, but now, with the extradition proceedings, he says there's nothing left open to him. For a while, it crossed his mind he might end up like the computer nerd from WarGames, having a brilliant career working for them. "They need people like me," he says. But that's not going to happen.
He's also chosen to talk now because his chances of getting a job have diminished to practically zero. "For the first time in the past few years, I just had a solid work offer," he says. "Game-testing. Which would have been a dream for me. I'm still a big kid like that. I'd love to do that for a job. But now, as a condition of this bail, I'm not allowed to touch the internet. So that was out of the window. So. Yeah. I thought, fuck it."
He and Tamsin have split up. He no longer lives in Crouch End but in the nearby, slightly more down-at-heel Bounds Green, and has given up smoking dope. He is not allowed near the internet, not allowed a passport, and spends a lot of time reading and sitting in the pub, awaiting his fate.
Nothing much happened in the years since his arrest in 2002 under the Computer Misuse Act - no charges were brought against him in the UK. Then on June 8 this year, he suddenly found himself in front of Bow Street magistrates, the target of extradition proceedings. That's when the panic attacks kicked in again, the horror visions of life in an American jail. He had poked around, he says, but he hadn't broken anything, besides that one inadvertent mistake. He thought he was going to get a year, max. Now they're talking about 70 years.
"You know," he says as we finish the interview, "everyone thinks this is fun or exciting. But it isn't exciting to me. It is terrifying."
His next extradition hearing is on July 27"
Posted by wtwu at 09:18 PM | Comments (27) | TrackBack
US Army Computer Crime Investigation Unit
Government Computer News has an article on the US Army’s Computer Crime Investigative Unit:
“CCIU agents respond to and investigate network intrusions and other computer-related felonies across the globe,” Andrews said. “Given the so-called borderless nature of Internet-based crime, many of CCIU’s cases involve investigative leads in foreign countries, adding even more complexity to cases that can often involve hundreds of thousands of dollars in damages."
One such case occurred three years ago.
Gary McKinnon, a computer administrator from London, faces extradition for charges that he hacked into military and NASA computer systems, deleting files and blocking access to the Internet, officials said. The incident occurred over a 12-month period during 2001 and 2002. CCIU gathered evidence and led the international investigation that resulted in McKinnon’s arrest.
Special agent Brent A. Pack, operations officer of the Fort Belvoir, Va.-based unit, said nabbing the hacker involved “collecting, examining and reporting more than 1T of electronic evidence.”
McKinnon was indicted by a U.S. grand jury in 2002 on eight counts of computer crimes and is scheduled for an extradition hearing on July 27 in London."
Posted by wtwu at 08:55 AM | Comments (4) | TrackBack
June 17, 2005
FCW: Army rebuilds network defenses after hacks
It looks as if the US Army has still been having problems with computer intrusions via NIPRNET:
Army rebuilds network defenses after hacks
CIO responds with enterprise consolidation initiative
BY Frank Tiboni
Published on Jun. 13, 2005
Federal Computer Week
The Army has spent millions of dollars in the past year and a half to rebuild networks at major U.S. bases after hackers penetrated its systems, Army and industry officials said.
The incidents at the bases were serious enough that Army information technology officials pulled the plug on the connection to the Defense Department's Non-classified IP Router Network (NIPRNET)."
"As a result of the Army's network intrusions, Pentagon officials instructed the service to devise a plan to improve network security. Army IT officials have worked to improve network security and operations and to rebuild the networks at the facilities that were attacked.
The Army is developing an enterprise consolidation plan for next year that will reduce the number of networks and help improve the service's network defenses, Army and industry officials said.
The Army could spend millions of dollars repairing and upgrading the networks at two Army installations, said George Hermalik, Continental U.S. risk mitigation team leader in the Enterprise Systems Technology Activity (ESTA) in the Army's Network Enterprise Technology Command (Netcom). He spoke last week at the 2005 Army IT conference in Las Vegas.
Hermalik declined to specify what installations were involved in the effort. But Maj. Gen. Dennis Moran, director of information operations, networks and space in the Army's Office of the Chief Information Officer, said in a speech at the conference that Fort Hood, Texas, has a huge information security problem.
An industry official familiar with the situation said there have been hackings at Fort Hood, home of the 4th Infantry Division and the service's first digitized division, and Fort Bragg, N.C., the location of the 82nd Airborne Division and the service's elite paratroop forces. An Army IT official with knowledge of the events confirmed the hack"ings at Fort Hood, but would not comment on the other installation. He said remediation efforts have been ongoing at Fort Hood for the past two years.
Army IT officials declined to comment on the hackings' location and nature because that could give enemies insight about perceived or actual vulnerabilities in the service's networks. Fort Hood officials deferred comment to Army headquarters at the Pentagon.
Army IT executives took bold measures to improve network operations and rebuild networks after the events at the two bases. At one installation, leaders ignored concerns and advice from the Army's IT staff, so the IT executives cut the base's NIPRNET connection.
An Army IT official, who spoke on the condition of anonymity, said Gen. Richard Cody, the Army's vice chief of staff, the service's second highest officer, urged the bases to follow Army headquarters policy. The installation's connection to NIPRNET was restored after officials at the base complied with the Army's security regulations.
The effort to upgrade networks shows that service IT leaders take network operations seriously, Army and industry officials said. They said Lt. Gen. Steve Boutelle, CIO; Maj. Gen. James Hylton, Netcom commanding general; and Joe Capps, ESTA director, have been "brilliant and ruthless" in dealing with the Army's computer security problems.
"We are a nation at war, and although protection of our networks has always been a high priority, we are even more vigilant now, and the less the enemy knows, the better it is for the people who protect our networks and the soldiers they serve," said Vernon Bettencourt Jr., the Army's deputy CIO, in a statement. "I will not go into specifics on what types of defensive measures we have in place. However, I will say that great emphasis is placed on constant vigilance."
Remediation of the networks involves scanning networks for vulnerabilities, applying patches to operating systems and applications, and establishing appropriate security measures, Bettencourt said.
The Army plans to consolidate servers and networks servicewide to create a more secure, manageable environment, Army officials say.
The service will reduce the number of servers from between 3,000 and 10,000 to 800 and the number of connections to the Non-classified IP Router Network from about 199 to six, according to a presentation at the 2005 Army information technology conference held in Las Vegas last week.
The move will help the Army create a secure network boundary with a limited number of entry and exit points to the Internet.
— Frank Tiboni"