Financial Times FT.com

Breaking into the US citadel was child's play

By Maija Palmer, IT Correspondent

Published: April 22 2006 03:00 | Last updated: April 22 2006 03:00

For someone accused of perpetrating the biggest military hack of all time against US computer systems, Gary McKinnon is surprisingly modest.

The self-taught computer enthusiast is accused of causing £390,000 damage to Pentagon, army, navy and Nasa computer systems and is fighting extradition to the US where he faces up to 70 years in prison or even incarceration as a terrorist at the Guantánamo Bay.

Mr McKinnon, 40, from north London, is appalled at the prospect but manages to quip: "I think the orange jumpsuits would clash with my red hair."

A final extradition hearing is on May 10 but even after that, the appeals process could drag on for years. In the meantime, unemployed, he fills his days teaching himself programming skills and fixing friends' computers - "anything to keep from bouncing off the walls".

He does not surf the internet much; one of his bail conditions limits him to a single, monitorable, internet address. However, he does play a lot of computer games and the favourite at the moment is Rome: Total War, a strategy game from Sega.

Mastering the tactics of Rome, he says, was a lot more difficult than gaining access to military systems that should be among the best-protected in the world.

"It was ridiculously easy. I was using commercially available, off-the-shelf software that enabled me to scan networks," he says.

Mr McKinnon is not a mathematical or programming genius. In fact, he failed to finish his Higher National Diploma in computer programming because he had difficulties with the higher-level mathematics required.

But infiltrating the Department of Defense computer systems in 2001 and 2002 required only a little ingenuity and patience, he says.

Essentially, Mr McKinnon scanned the US military computer systems for network administrator accounts where the password had been left blank.

There was a surprising number of these. Out of 5,000 live machines scanned, Mr McKinnon says he would typically find 50 with blank administrator passwords.

Administrator accounts are designed to be used by the technicians who set up and maintain computer systems, and have the highest privileges for access to information. Once in control of such an account, Mr McKinnon could begin scanning every file and document on the network.

A bit of a sci-fi fan, he was looking for evidence of secret military technologies he thought the US might be developing, such as anti-gravity technology, as well as for evidence of UFOs.

Had he found definitive proof, he would simply have revealed details to the public. "I never thought of it as hacking. I called it research at the time."

He never did find anything about anti-gravity but he did stumble on intriguing details on extra-terrestrial activity. Computers in Building 8 of the Johnson Space Center, for example, contained satellite pictures showing what looked like alien space ships. But Mr McKinnon never saw these as closely as he would have liked.

Before he could download them fully, someone on the space center computer system noticed the unauthorised access on the network and cut the connection.

Security at the space center was subsequently tightened to the extent that Mr McKinnon could not re-enter. He did, however, find lists on other computer systems that referred to "non-terrestrial officers" and lists of ships that did not correspond to anything the US had in the air or on the seas - leading Mr McKinnon to suspect the existence of a secret space army.

His research was cut off in March 2002 when he was arrested by the UK's National Hi-Tech Crime Unit.

The UK authorities told Mr McKinnon initially that he was likely to face just a six-month community service sentence. Later, however, the US military establishment decided to come down hard, alleging that he had caused $700,000 damage and launched proceedings to secure his extradition.

Mr McKinnon has admitted that he gained access to the US systems without unauthorisation but denies that he had caused malicious damage. He is hoping to be tried in the UK, and wants an opportunity to clear his name.

"I want people to see me for who I am. I am not this evil hacker," he says. Being branded the "most profligate military hacker of all time" is preposterous, he says.

"I just want to go back to being normal."

Gary McKinnon is speaking in the keynote programme at Infosecurity Europe at 14.45 on the 27th April.

Copyright The Financial Times Limited 2009. You may share using our article tools. Please don't cut articles from FT.com and redistribute by email or post to the web.

  • Print article
  • Email article
  • Order reprints

More in this section

Banks in victory on overdraft charges

Revised GDP data show UK still in recession

Watchdog warns on aggressive policing

Scotland to get new tax-raising powers

BBC holds talks over floating Worldwide

Bank secretly lent RBS and HBOS £61.6bn

Success expected for Lloyds rights issue

Competition in cash equities hits LSE

Shell signals end to rising debt

Effect of state support for UK business

Borders UK on brink of collapse

Latest World news

Jobs and classifieds

Jobs

Search
Type your search criteria below:

Executive Director

Harvard Shanghai Center

Global Head of Aftersales

Material Handling Capital Equipment

Deputy Finance Director

Department for Work and Pensions

Chief Executive Officer

Financial Services Group

Recruiters

FT.com can deliver talented individuals across all industries around the world

Post a job now

Related Services