News agencies such as CNN are reporting that a “super hacker” has been caught and will be extradited to the United States for prosecution. I was intrigued by this story for obvious reasons. The first article that I came across was a local rag called This Is London. The reporter first set off my bullshit detector when I read the following in the story’s opening.
“$1billion of damage by breaking into its most secure computers at the Pentagon and Nasa.”
As dismal as the government’s security policies are even they were not stupid enough to put all their systems on the Internet. Recently they have even formed their own network for communications to further segregate systems. As I got into the story I realized the alleged hacks took place in 2001-2002. Thinking back to those days I was reminded that some critical systems may have been online.
As I tracked the story through more traditional media I found the CNN story. Here we learn that the hacker, Gary McKinnon, “deleted critical system files” and “1300 accounts” from a system. Another blip on the bullshit radar appears. I am not espousing the traditional view that hackers are simply exploring and pursuing intellectual ideals. This is more practical. Any hacker deserving of “super hacker” or “greatest military hacker of all time” would know better then to attract attention to themselves by randomly deleting data. Sounds like a total novice.
It gets better, or worse depending on how you feel about the media spinning a story or an inept hacker breaking into totally inadequatley protected systems. At no time did our super hacker decide that he should use any other computer aside from his home system. No proxies, no shell accounts, he broke in “bare back”. Maybe he was just full of bravado and totally ignorant of extradition treaties? Unlikely.
The only counter spun article comes from ZDNet of all places. Guess the truth has to get buried somewhere. ZDnet notes that a common port scanner was used to find these systems. It is suggested that most had trivial passwords, like “password”. This is believable since the technical sophistication of McKinnon is in serious doubt. He also used RemotelyAnywhere to control these machines. As far as remote trojans go this isn’t the best. BackOrafice would have been an improvement.
The actual indictment is online. One word of warning before you read this, don’t look into the black boxes. As noted in some other blogs, and confirmed by me, they simply avoid printing out the IP addesses. They don’t in any way seem to protect the data if you should select the text and paste it into your text editor. The warning is incase you plan on running scans yourself to check out all the computers intruded upon.
Given that these systems were horribly configured and likely had trivial passwords another question comes to mind. How likely is it that not *all* the actions, which are in the indictment, were the result of McKinnon? In particular the deletion of system accounts and files. Maybe some of the other inhabitants were having a private war on the server. If the machines were this open then more then one person found them. If more then one person found them a lot of back doors were likely installed. It just seems like McKinnon was the only one sloppy enough to get caught.
[editors note: DoD and .mil networks have come a LONG way since 2002. I doubt very much that the type of slipshod administration noted in these articles is still going on.]
Post a Comment