NEWS: Mastering Videogames Tougher Than Hacking US Military Networks

GEEK: Mastering Videogames Tougher Than Hacking US Military Networks

Or so says Gary McKinnon in a recent Financial Times article profiling him. You probably remember him as the computer nerd who, in a quest to find secret information on extraterrestrials, hacked into computers at the Pentagon, NASA, and Air Force, to name a few. He was indicted back in 2002 and is now fighting extradition to the United States, where he could face up to 70 years in jail and $1.75 million in fines. His final extradition hearing is set for May 10, and could potentially lead to his incarceration as a terrorist at Guantánamo Bay.

what do they expect? every single peice of equipment the united states government owns was manufacured with pride by the absolute lowest bidder... including their computer security systems.

...and then operated by government employees.

ive seen firsthand the security of some gov't systems and the computer lab at my highschool was better protected.

It's an amusing joke about lowest bidder, but with a little work, you could access just about any system anywhere. People don't want computer security. It's too much of a pain in the butt. They don't like having to wait for things like packet scanners to verify that the packets incoming are what are requested. They *hate* having to encrypt things, and *PASSWORDS*? Holy christ, noone likes passwords.

The government likes bad security, it makes for easy snooping. Business likes bad security, it makes for low security costs. And people like bad security, it makes downloading your porn faster.

People like the *idea* of security, but not the reality of it. That includes the military. After all, it's just made up of people.

It's usually the 2nd lowest because then they can counter claims like yours. Depressing isn't it.

Hahahaha! Oh man, I wanna shake this dude's hand...

I love how his goal was to locate extraterrestrials. That's so cliche, badass, and nerdy...

The lowest bidder still has to meet the standards for the task. They can just do it for a lower cost.

Don't we all shop the same way? I don't know anyone who willingly pays more for something they could buy for less.

So did he find what he was looking for?

That and the fact the lowest bidder thing isn't always true. As evident in the story "US Govt. could have saved $563M by buying AMD over Intel" (title via digg)

[Edited on Apr 27, 2006 by hadees]

Apparently he found pictures of things that looked like they might be extraterrestial ships, and also found references to things that made him think there was a secret space army.

For whatever that's worth.

There's apparently no actual evidence being presented that he caused any actual harm with his hacking, so while he definitely committed a crime and should probably be punished somehow, this goes far and beyond logical response. Unless, of course, they can produce some such evidence.

I think they care more about him looking at classified material then trying to blame him for computer problems.

Then they should say so.

anyone who is claiming gov security is sub par is being naive. I don't mean to be combative but unless you are skilled with mac spoofing and proxies as well as how to identify a honeypot network, privledge escalation and identifying and and exploiting applications. This is not trivial and the hacking kits that script kiddies use will not suffice.

Don't get me started on cracking RSA encryption and buffer overflows. Cracking takes lots of trial and error and a ton of peresistance.

Now with all that said. E.T. pix should be made public.

In some ways, you're right, it's not as easy as the people on here have been talking about. But, an (admittedly small) portion of my job is protecting network security. You'd be astonished how few people properly protect their router from attacks. (It falls under my "people don't like security" arguement above.) I've seen systems fall because the router that they were passing through was appending packets to requested data. I'm not saying that it's easy, but it's not nearly as hard as it seems. Plus, RSA keys of key length 1024 bits are brute force attackable as we speak, what with processing power being as cheap as it is. (Not to mention poor password management.)

The items that you mentioned above have cookbook instructions available in any decent library. Anyone with the time can learn it in a couple weeks.

omg what if the Cylons attack!

Free Kevin- oh wait.

I can't believe he hacked a gibson!

We'll hire people like Gary McKinnon to hack them

Look at how freakishly tall Matthew Lillard looks in that picture.

is Rick Springfield still alive? for only he of all the earth men can save us from the coming cromed peril.

I have brute forced my keys and it takes forever. I'll agree with you that teh security is only as good as teh system admin and weak passwds are an achilles heal but if you're root passwds are not changed frequetly and overly C0mpl!c4t3|) you are asking for trouble. A lot has changed since this event. Most govt networks have stricter policies and IDS's in place so it's likely that your access will be revoked before you have an oppurtunity to escalate to root or admin. My job is very security related and I'm well aware of the cookbook instructions and tools availble I've been trained on them by the good folks at @stake. my company takes security very serious I hope the government is at least half as secure as my unix systems. However I could own a windows PC in about 20 minutes if I so desired but my ethics are in the right place.

It's important for any admin to be in touch with the hacker/cracker community. Know thy enemy.

I like you. intelligent geek talk is hard to come by.

Yeah, it takes some time. I work at a major research university. (And if you can't figure out which one...) To settle a bet, I went to one of the 24hr comp labs at midnight. A friend of mine and I used 70 or so machines in a parallel attack, took about 5 hours. Unsure if that was good luck or bad. Never retried it or bothered to run the math on how long a worst case scenario would have taken. (Esp since my friend wrote the code, so I don't know how good it was...)

Absolutely on all points, especially the "needs to be in touch with the hacker/cracker community". Knowing how someone attacks is most of the way toward preventing it.

Amusingly, the guy who put the Mac on the web to show that Macs are secure out of the box works downstairs from me... Macs are reasonably secure, though owning a WinOS (pick the OS, they're all the same) is 15 to 60 mins depending on how much time the person spent locking it down.

*grin* Thanks... And you're right. Good geek-speak is hard to come by. Any time you need a fix, drop me a line.

Gary McKinnon rules. Free Gary McKinnon! He's not a criminal.