• 
• 
• 

 1 of 3

Gallery

Gary McKinnon: Britain's hacking hero?

Posted on 15 May 2009 at 16:31

Sitting in his girlfriend's aunt's house in Crouch End, he developed the tactic that would ultimately lead him into the depths of the US military network. He purchased commercial software to identify networked machines running Windows and a password scanner that would search out administrator usernames with default passwords. He then combined the two using a simple Perl script and set about his "research". According to US prosecutors, trial runs would see McKinnon hack into educational networks, including that of Oxford University, before he progressed on to what he claims was the real purpose of his efforts - to prove the US was withholding information on technologies including anti-gravity propulsion and free energy.

And that, according to McKinnon, was that. Over the next several years he'd sit at the borrowed computer, rooting around the .mil internet domain for administrators who hadn't bothered protecting their account with a password. When he found one, he'd install RemotelyAnywhere, a remote desktop application, and poke around the machine to see what he could find. It was, in McKinnon's own words, "child's play" and one of the principal reasons he laughs off suggestions that he's some kind of evil genius.

"It wasn't terribly clever. Security was non-existent - there were no passwords, no firewalls," he claimed at a press conference this year. "I didn't even have to crack passwords - they had blank passwords. Heads should be rolling."

The ease with which he penetrated the network of the most powerful nation on earth is the reason his defenders believe McKinnon is being pursued so vigorously. "He embarrassed the Americans," said Graham Cluley, senior technology consultant at Sophos. "He was doing his hacking, admittedly very stupidly and very illegally, straight after 9/11 - a time when you'd expect American defence computers to have proper passwords that clearly they didn't. There's a lot of feeling at the moment that he's been used as a scapegoat."

The Americans deny this, justifying their pursuit by pointing at the systems allegedly hacked: NASA, the US Army, US Navy, Department of Defense, and the US Air Force. Whatever his methods, Gary McKinnon is accused of tampering with systems crucial to national defence and prosecutors want a punishment fitting of the crime, something that some argue cannot be accomplished in the UK.

The Americans are pushing for a 70-year prison sentence. They're making an example of him to other hackers ... and maybe they have to because our law doesn't go far enough

"Changes to UK legislation a couple of years ago meant the biggest penalty for hacking went up to ten years in prison for amending data, whereas accessing data without authority went up to just two years," said Paul Gershlick, a solicitor with Matthew Arnold & Baldwin. "Now, clearly the Americans are pushing for a 70-year prison sentence. They're making an example of him to other hackers. Saying, 'look, this could happen to you', and maybe they have to because our law doesn't go far enough."

Whether it's embarrassment or justice that's spurring the pursuit, there's little doubt the ease of the hack played a significant part in McKinnon's capture. As his obsession grew and his life fell apart - he split with his girlfriend in 2002, although they continued to live together in her aunt's house - his online behaviour became more reckless. This culminated with the infamous messages he allegedly left on machines he infiltrated claiming that: "US foreign policy is akin to government-sponsored terrorism these days... It was not a mistake that there was a huge security stand-down on September 11 last year... I am SOLO. I will continue to disrupt at the highest levels." The irony, as McKinnon would later admit, was that "I'm not actually that political."