I’ve been following ‘British Hacker’ Gary McKinnon’s story in the press for a long time. Today I hear that he is one step closer to being extradited to the US to face charges of breaking into US military and Nasa computers. What is particular about this case is that Mr McKinnon has Asperger’s and admits hacking but denies it was malicious.
A couple of the many features of Asperger’s are a narrow focus of interests and, for the lucky, an uncommon intelligence with things like numbers or computers.
Mr McKinnon was trying to find information about UFOs which I imagine are the subject of his focussed interest. That he hacked in to such high security computers shows exceptional ability. Nevertheless he could face the rest of his life in a US jail far from his support and comfort network.
It strikes me that it would benefit the US military and Nasa much more to discover how their billion dollar security was breached. To learn something from Mr McKinnon about themselves and their systems. Maybe even to employ him? A bit more understanding about his condition (not to mention harnessing of it) could lead to such a different outcome. And a vulnerable man, even if guilty, could not only be avoiding a frightening future but contributing his unique skills to society.
indicates required fields
Alistair Gray commented on 31 July 2009 at 6:19 pm
I’m going to stop you there Frankie - the hacking involved looking for government computers that hadn’t had any password set. Not rocket science - though it’s worrying how successful he was!
But I very much agree with you. This is a guy with Asperger’s that just got too involved in his obsession. Something all Aspergic people can do…
And Aspergic people really struggle to cope with change. Taking him to unfamilliar surroundings in America may do serious mental damage to him.
Mr. R commented on 3 August 2009 at 8:36 pm
He entered employee workstations running Windows with username as Administrator and blank passwords… He did not break into secure servers, he broke into workstations.
He used software that permitted him to take over the desktop. This meant that he had to do this while no one was there or else an employee would have seen his mouse cursor move about mysteriously. He said that this had happened before.
These Windows machines could be used to access information on more secure servers if the username in question was permitted access through applications that made use of the servers.
Who knows, perhaps they were daft enough to provide Putty on the desktop that permits an SSH session with a secure server with username and password provided on a text file on the desktop or something… I suppose that is one way one can enter one of these secure servers from there and actually manipulate the file systems.
Rights to server resources are at this time usually governed through Active Directory on Windows machines.