'I'm only a little nerd'
July 9, 2005 3:22 AM   Subscribe

Yes, I think an Australian style arsekick-with-huge-boot would be more appropriate.
posted by Pretty_Generic at 3:48 AM on July 9, 2005

I really dig Jon Ronson's stuff... thanks for posting this.
posted by ph00dz at 4:37 AM on July 9, 2005

Don't do the crime if you can't do the time. He hacked the Pentagon's computers. What was he thinking?
posted by realcountrymusic at 4:44 AM on July 9, 2005

Don't do the crime if you can't do the time.

70 years?!?! Don't you think that's a little disproportionate. Two or three years, maybe five at the very most.
posted by dodgygeezer at 4:55 AM on July 9, 2005

Heck, I think most sentences are disproportionate in one way or another. But it seems to me before I hit "enter" and cracked into a weapons-testing database I would weigh it against something along the lines of Gitmo, not 2 years in a country club. Sheesh.
posted by realcountrymusic at 4:59 AM on July 9, 2005

He won't get the maximum sentence, if that's what you're truly worried about.
posted by dsquid at 5:09 AM on July 9, 2005

Shit, they took his internet away. Give him probation.
posted by peacay at 5:21 AM on July 9, 2005

The amazing thing is how stupid he had to be before they finally caught him. You would think they protect this stuff a little bit better.
posted by caddis at 5:35 AM on July 9, 2005 [1 favorite]

70 years because he turned down a plea deal and then implied threats if they should prosecute him. Uh-Derr!
Idiot, indeed. I would've wanted it in writing, too, though.

Great reading, though. Thanks a lot for the link.
I found many good examples of what NOT to do in his situation, with clear ramifications.
posted by Busithoth at 5:57 AM on July 9, 2005 [1 favorite]

I wonder how much of the stuff he found was simply a honeypot meant to lure hackers and then make examples of them with 70-year prison sentences.
posted by Foosnark at 5:58 AM on July 9, 2005 [2 favorites]

Non-Terrestrial Officers?
posted by fleetmouse at 6:08 AM on July 9, 2005 [1 favorite]

foosnark, my bet is NONE of it was a honeypot.
or is that just exactly what they want me to believe?
I like how the administrators at NASA would see their mouse move and they'd just reboot. "La-dee-da, crazy windows..."

Maybe he thought it was FBI or supervisors or something.
posted by Busithoth at 6:21 AM on July 9, 2005

"I found a list of officers' names," he claims, "under the heading 'Non-Terrestrial Officers'."

"Non-Terrestrial Officers?" I say.

"Yeah, I looked it up," says Gary, "and it's nowhere. It doesn't mean little green men. What I think it means is not earth-based. I found a list of 'fleet-to-fleet transfers', and a list of ship names. I looked them up. They weren't US navy ships. What I saw made me believe they have some kind of spaceship, off-planet.

It's no wonder they want to throw the book at him. This guy nearly exposed Stargate Command! :)
posted by kaemaril at 6:52 AM on July 9, 2005 [1 favorite]

Seventy years is crazy but you can't hack around in military computers and expect their not to be consequences. On the other hand, this guy is a nutcase and treatment might be a little more appropriate.

I'm thinking the attempt at blackmail didn't help him much either.
posted by cedar at 7:03 AM on July 9, 2005 [1 favorite]

Don't you think someone this good with computers could actually help the government in ways, such as, I dunno preventing other hackers from breaking in. The government, either the US or Britis, shoudl give the man a job and a short leash instead of jail.
posted by Arch Stanton at 7:05 AM on July 9, 2005 [1 favorite]

This man is clearly nuts, but the real idiocy is in the DOD. Leaving your house un-locked and the combination of a strong-box taped to the door does not make it legal to come in and have a look around, but it is an invitation of sorts.

I'm not saying that it was right to hack, but the DOD is culpable for its own idiocy.
posted by gesamtkunstwerk at 7:10 AM on July 9, 2005

I agree, the DOD is guilty of being stupid. They should give the guy 20 yrs, put a computer in his cell and make him work for the DOD to prevent this from happening again.
posted by j.p. Hung at 7:22 AM on July 9, 2005

Don't you think someone this good with computers could actually help the government in ways, such as, I dunno preventing other hackers from breaking in.

This guy, and others like him, aren't particularly good with computers. They use readily available tools and any DoD employee with a few hours to spare can find out how to do it in an afternoon.

With the ubiquity of WiFi and public terminals I expect that this is more common than ever. The weak point has always been the net connection and wardriving/walking/riding goes a long way towards minimizing ones exposure.
posted by cedar at 7:29 AM on July 9, 2005

Don't you think someone this good with computers could actually help the government in ways, such as, I dunno preventing other hackers from breaking in.

No. The twit was breaking into Windows machines, probably by brute forcing insecure passwords or using stock exploits someone much smarter wrote, installing Remotely Anywhere (which he downloaded using his girlfriend's email address!) and, according to "US v. Gary McKinnon", deleting user accounts and stealing passwords. So he doesn't have ethics, nor does he have l33t security skills.

But it's really no big secret that government IT is pathetic with security.
posted by cmonkey at 7:44 AM on July 9, 2005

I think there's definitely an argument to be made for diminished responsibility here. He seems mentally handicapped. Of course, we sometimes execute retarded people here, so 70 years doesn't seem so bad.
posted by Mayor Curley at 8:08 AM on July 9, 2005

And the simplicity of his task should not enter into it. Sure, someone else would have done it if he hadn't. But he did it. If he is indeed competent to stand trial, he should be punished. (but not with 70 years, obviously. But he won't get close to that.)
posted by Mayor Curley at 8:11 AM on July 9, 2005

cmonkey writes "But it's really no big secret that government IT is pathetic with security."

At a time when we know that terrorists have an interest in the US military and that at least some of them have some half-decent cracking skills, does it make sense to leave the DoD's systems unprotected to the extent where any script kiddie that comes along can pretty much do as he pleases?
posted by clevershark at 8:18 AM on July 9, 2005

At a time when we know that terrorists have an interest in the US military and that at least some of them have some half-decent cracking skills, does it make sense to leave the DoD's systems unprotected to the extent where any script kiddie that comes along can pretty much do as he pleases?

No, it never makes sense to have unprotected systems. I have no idea why it's always been so bad, it's not like the knowledge isn't out there. But government responses to intrusions have usually only been prosecution, rarely taking a hard look at their networks for some reason. Corporations haven't been much better, either.
posted by cmonkey at 8:53 AM on July 9, 2005

I feel for the guy, but I agree with what others have written here, if you hack the DoD you can expect some reprecussions. I'm a bit reminded of all the militia guys who went around declaring themselves at war with the US, and were then surprised when the US stomped on them. I'm not condoning the stomping, but I don't find it very surprising.
posted by OmieWise at 9:04 AM on July 9, 2005 [1 favorite]

Foosnark: I wonder how much of the stuff he found was simply a honeypot meant to lure hackers and then make examples of them with 70-year prison sentences.

Busithoth: foosnark, my bet is NONE of it was a honeypot.

I hope to hell you're kidding. I'm picturing a bored Danish college student hacking the appropriate computer and setting up a missile strike on Louisville, that fails.

Seriously, this has to be a "honeypot": if U.S. Government computer nets are really that vulnerable then anarchist hackers would have accomplished more. So then question then is "Why is the US spending its citizens' money to entrap foreign morons?" Don't they have enough REAL work to do? If the Homeland Security is that redundant they should downsize it a bit and spend the savings on national health care.

Another thing: this McKinnon guy was at it from sometime in 1996 till November 2002?!? SIX YEARS?!?

As for him, well, getting buttfucked ain't so bad if you can relax and enjoy it. And at 39(!) he's about 20 years past the prime age; he might be grateful anybody'd still want him.

As to what to do, I agree with j.p. Hung .
posted by davy at 9:35 AM on July 9, 2005

Well, he clearly doesn't deserve to spend the rest of his life in prison, and in a perfect world. a court might find that he lacks the mental capacity to form criminal intent. He needs to be somehow healed, not punished. A draconian sentence isn't even a deterrent to others, since he's not exactly in the same category as people who might rationally weigh risks vs. benefits. Don't get me wrong -- I think the stunningly light sentence given to the Sasser author recently is ALSO unjust, but in this case, being tossed into a worse jail for 5 times as long as Karla Homolka isn't a just answer.

But in an imperfect world, there's little slack given to people whose minds are are just a little bit broken. and there's substantial PR value in long sentences. I expect that he'll be demonized and get a viciously long sentence. The sloppiness that allowed such a thing to go on for years will be swept under the rug. And there's little to no PR value in anyone pardoning, commuting, or otherwise showing mercy here in the US. Worrying about whether the results were just is too often seen as weakness.

His best hope is that his own government may be persuaded to eventually intervene in his behalf. Mercy that wouldn't be shown to him as an individual might easily be forthcoming as a favor to an allied government. One hopes he has friends and family to work on his behalf. A sad case all around.
posted by tyllwin at 10:01 AM on July 9, 2005

Busithoth: I like how the administrators at NASA would see their mouse move and they'd just reboot. "La-dee-da, crazy windows..."

Me: [...T]his McKinnon guy was at it from sometime in 1996 till November 2002?!? SIX YEARS?!?

Under Stalin this would call for purge -- or it might all be part of a purge. Could "malicious hackers" be the next "Trotskyite wreckers"?
posted by davy at 10:21 AM on July 9, 2005 [1 favorite]

Seriously, this has to be a "honeypot": if U.S. Government computer nets are really that vulnerable then anarchist hackers would have accomplished more. So then question then is "Why is the US spending its citizens' money to entrap foreign morons?" Don't they have enough REAL work to do? If the Homeland Security is that redundant they should downsize it a bit and spend the savings on national health care.

The really juicy stuff is well protected, on internal networks that aren't connected to the public internet at all, and well monitored. GCCS and JWICS are examples of these, and were formerly known as DSNET 2 and DSNET 3 back in the Defense Data Network days. Claiming that anyone can saunter in and launch a missile from their bedroom in Denmark is just plain silly.

This chump was breaking into unclassified PCs. If you look at the IP list it's pretty clear that it's not a large bunch of honeypots, or even a honeynet. Why would the Bureau of Medicine and Surgery be running a honeypot? Or the US Army Claims Service?
posted by cmonkey at 10:21 AM on July 9, 2005

No, I wasn't kidding.
and I guess I'm blindly hoping that the systems this idiot gained access to aren't at the level of missle targeting systems.
He was searching for information, and got through open doors left by human error (as opposed to, say, intentional back-doors written into the code). The Pentagon should have made every supervisor take a nice bite of the shit sandwich that is inspections/verification of passwords for logging onto their systems.
I also hope they conscript Gary to be an idiot on the side of good. (though, again, bluffing blackmail burned the bridges pretty handily, I'd wager). They could at least get minute details of his methods/approaches, things that would shake him off perpetuating a line of investigation. It's hard to train people to the equivalent level of one lone stoner in his auntie's attic, all his thought bent on proving UFOs real.

or, on preview, cmonkey's on it.
posted by Busithoth at 10:23 AM on July 9, 2005

Claiming that anyone can saunter in and launch a missile from their bedroom in Denmark is just plain silly.

cmonkey, that was part of a joke. And you missed the punch line.
posted by davy at 10:28 AM on July 9, 2005

Is the world just chock full o' stupid people?

Forget about this guy, stoned and drunk, downloading hax0r utilities for SIX YEARS and poking at DARPA sites b/c War Games made it seem like a good idea.

I'm wondering about the girlfriend & her aunt he lived with, who presumably spent their days vacuuming around him while he did this on the aunt's computer - even AFTER he and the girlfriend broke up. That sounds like an awesome house to live in.

Then there are the rocket scientists at NASA restarting after their cursor moves; and the IT people who decided not to change the default password; and finally our brilliant government finally gets wise to him after he's "a bit sloppy" and leaves political diatribes in WordPad on people's desktops?!?!

"Gee, they caught me after I mailed them my driver's license and a photocopy of my butt."

Seriously, no matter how cynical I get, I always find there is further to go.
posted by selfmedicating at 10:31 AM on July 9, 2005

cmonkey, that was part of a joke. And you missed the punch line.

I got the joke, but an even funnier joke is the idea of the government setting a hundred honeypots on different networks to catch people who are *gasp* about to look at spreadsheets from the Army Claims Service!!!11
posted by cmonkey at 10:32 AM on July 9, 2005

And why would the Army Claims Service be excluded from a honeypot? If the goal is entrap " trostskyite wreckers malicious hackers" it'd be silly to risk a missile strike over it.
posted by davy at 10:42 AM on July 9, 2005

And why would the Army Claims Service be excluded from a honeypot? If the goal is entrap " trostskyite wreckers malicious hackers" it'd be silly to risk a missile strike over it.

Because if the DOD were going to set up honeypots on production networks, this is how they would do it. They won't send 100 machines out to various departments, NASA and 15 universities just on the off chance someone will stumble across a single IP address.
posted by cmonkey at 11:06 AM on July 9, 2005

davy is right, but for the wrong reason. A cracker isn't likely to try and access what must logically be the most strongly-protected systems first. He's more likely to try systems which are probably less heavily protected, and then try and go from there. ACS or procurement would be the likely first targets.
posted by clevershark at 11:06 AM on July 9, 2005

if it was a honey pot they wouldn't be prosecuting him, would they? you can't cause squillions of pounds of damage in a honey pot.

nor was it anything like close to a button for launching a missile. at least not directly. as cmonkey says, no-one would connect those to open networks.

it (the story) is sad and worrying and hilarious.

it (the hacking) is possible because the military is a big big enterprise. the need a hierarchical security - less at the bottom, more at the top - but it sounds like they've way understimated the effect of (1) communication between hackers, sharing info via conversations and code and (2) the leakiness of the (possibly informal) connections betwene those layers. i guess the layers are very poorly defined because life is complicated. but that means that you can get in at an easy layer and then find a bridge to a harder layer. once in, you search around again.

i can see why it would be addictive fun.

clearly they're throwing the book at the guy because they want an example. at the same time, look at the message it's sending out - this level of hacking is piss easy. they have so many people hacking them that they can pick people like this off through something as simple as using his own email address.

just imagine how much smarter most people are. how many people do there have to be before you get someone this stupid getting this far?

why aren't al-qaeda doing this? because the low-grade information is pretty useless unless you're a comparable sized superpower? i hope so.
posted by andrew cooke at 11:11 AM on July 9, 2005

andrew cooke writes "if it was a honey pot they wouldn't be prosecuting him, would they? you can't cause squillions of pounds of damage in a honey pot."

That's why honeypots exist actually; they exist so you can catch the bad guys without taking a risk. It's not about tort (monetarily-calculable damage) -- it's about catching and documenting a criminal act.

Second thing -- let's stop calling this guy a hacker. He's a cracker. It's pretty obvious from the story that he does not have the sort of specialized knowledge one needs in order to be a real hacker.
posted by clevershark at 11:19 AM on July 9, 2005

Hacking into a computer network. 1-4 years.
Putting egg on the face of the US government. 15 to life.
posted by BrotherCaine at 11:25 AM on July 9, 2005

You know, script kiddies almost always get caught when they start bragging to others about what they've done... or, in this case, evidently by making his presence known to his 'victims' in the stupidest, most obvious way.
posted by clevershark at 11:55 AM on July 9, 2005

clevershark: Second thing -- let's stop calling this guy a hacker. He's a cracker.

Yes sir, the typist will try to keep better track of the nomenclature, sir.

It's pretty obvious from the story that he does not have the sort of specialized knowledge one needs in order to be a real hacker.

So the difference is like that between Nurse's Aide and RN, is that what you're saying? Okay, I get it.

And I'm glad somebody backs me up on the fuction of a "honeypot". Has nobody else read the Smiley trilogy?
posted by davy at 12:23 PM on July 9, 2005 [1 favorite]

cmonkey is absolutely correct on this one, and has explained several times that while the classified networks are well secured, there is little attention paid to the unclassified network.

This is a simple and common problem that generally comes from attempting to stretching IT staff too far, or hiring IT staff that simply aren't properly trained to do the job.

The idea that this is a honeypot is laughable.
posted by mosch at 1:22 PM on July 9, 2005

And this guy managed to have a girlfriend the whole time...
posted by goodglovin77 at 1:36 PM on July 9, 2005 [1 favorite]

If this guy could get this far, just think of what all those North Korean and Chinese hackers can do.

This might be why the NKs were bragging about their infowar capabilities... they (incorrectly) believe they're hot shit because they've penetrated the insecure American computer systems very deeply. One stoned guy got away with it for six years, and probably would STILL be doing it, if not for his own stupidity. A team of people being paid to do nothing else, even if they aren't actually very good, should be able to get very far indeed.
posted by Malor at 1:40 PM on July 9, 2005 [1 favorite]

So if what he saw is unclassified and he did no real damage, why are they bothering him?
posted by davy at 1:43 PM on July 9, 2005

So if what he saw is unclassified and he did no real damage, why are they bothering him?

I dunno, maybe that whole "illegal" thing might play into it.
posted by cmonkey at 1:52 PM on July 9, 2005 [1 favorite]

Personally I like kaemaril's Stargate Command theory.
posted by Servo5678 at 1:58 PM on July 9, 2005 [1 favorite]

Yes cmonkey, I know it's illegal, but WHY? Or why is it SO illegal? You yourself said it's unclassified and minor.
posted by davy at 2:02 PM on July 9, 2005

how can one tell if this is being done to one's computer?
posted by cell divide at 2:08 PM on July 9, 2005

For better or worse, hacking into classified networks invites the law to "make an example" of you. The issue is not so much what's a fair punishment for this particular twerp, but how to make it scary for other twerps (and not so twerpy hackers) to try the same thing. I for one see the deterrent logic.
posted by realcountrymusic at 2:13 PM on July 9, 2005 [1 favorite]

"Or why is it SO illegal?"

So illegal?

Look, the fact that they were willing to have him serve minimal time if he cooperated should show they weren't blowing it out of proportion. Until, of course, he threatened to expose Stargate Command on them. Then the gloves were off.

on preview, cell divide, usually you can notice a performance hit. or your mouse moves, but not by your hand, that's a really good way to know.
posted by Busithoth at 2:15 PM on July 9, 2005 [1 favorite]

Pretty interesting stuff. Jaw-dropping actually, whatever way one looks at Grangousier's link. Although I hesitate to use the term-jaw-dropping after davy's article on managing prison sex. Thank you both for the mind-expanding.

Gary McKinnon could have hacked or cracked into honeypots, a honeynet, calculated disinformation or the real deal. That he did it over 7 years without being stopped is in itself astonishing to me. That he did it post 9/11 in the DoD is astounding. I tend to think he may be right about the WTC towers' collapse not being controlled explosions but have my doubts about other aspects of the entire event.

Maybe there are non-terrestrial fleets? It's plausible to a degree.

Who knows if there is a program, like in La Femme Nikita, where terrorists of all kinds are conscripted to work for the very government they attacked?

It impresses me that sombody so apparently dysfunctional, drug addicted, intrigue addicted and blatantly befuddled, as Gary McKinnon once was, got away with so much for so long, all while living parasitically and broke.

Seriously, no matter how cynical I get, I always find there is further to go.

selfmedicating, that is a powerful statement. While I think human beings in general have a long way to go and a lot to learn, I do think there are decent people who have integrity. I found in life that the more savvy I become about some people's capacity to be blindered, stupid or outright abusive and act constructively to protect myself, when necessary, the less cynical I need to be.
posted by nickyskye at 2:15 PM on July 9, 2005

Yes cmonkey, I know it's illegal, but WHY? Or why is it SO illegal? You yourself said it's unclassified and minor.

I didn't say it was minor.

He's being indicted on 7 counts of illegally using a federal system (18 USC 1030 specifically), each count carrying up to 10 years in prison. It doesn't matter what was on the machines.
posted by cmonkey at 2:15 PM on July 9, 2005

Maybe there are non-terrestrial fleets? It's plausible to a degree.

Expand please. I really don't understand how a secret space fleet could be plausible. Technically possible, perhaps.
posted by PinkStainlessTail at 2:56 PM on July 9, 2005

For better or worse, hacking into classified networks invites the law to "make an example" of you.

Yes, but cmonkey has said it was NOT classified. And his answer is basically that it's illegal because there's a law against it, which is circular reasoning; I want to know WHY they'd prosecute somebody for looking at stuff they don't bother to protect. An analogy is 'it's not like the guy drilled a hole in a privacy fence to look at a sunbathing neighbor, he just looked from his 2nd floor window'.
posted by davy at 4:27 PM on July 9, 2005

Technically possible perhaps is about as much expanding I can do, lol.
posted by nickyskye at 4:27 PM on July 9, 2005

Googling "non-terrestrial fleet" I came up with:
"
"Military satellites already use spatial locations, the frequency spectrum and solar energy - all of these being non-terrestrial natural resources. By analogy, one may consider that use of non-terrestrial materials for military purposes would have the same regime. However, the treatment applied to the Outer Space by the Outer Space Treaty is different from the treatment applied to the Moon and the other celestial bodies. Article IV of the Outer Space Treaty states that "[t]he Moon and other celestial bodies shall be used by all State Parties to the Treaty exclusively for peaceful purposes", no similar provisions being in place for the outer space. While the spatial locations and the frequency spectrum are outer space resources (not particularly reserved for peaceful uses), the lunar and asteroidal minerals are celestial bodies resources (consecrated for peaceful uses). This raises again the never-ending debate of the meaning of "peaceful": "non-military" or "non-aggressive"."
posted by nickyskye at 4:38 PM on July 9, 2005

One other thing people seem to be missing is that the USA can sentence him to a million bajillion years, but its up to the UK if he is going to have to go there and serve them or not.
posted by Iax at 7:38 PM on July 9, 2005 [1 favorite]

I don't know... The "non-terrestrial officers" thing just keeps making me laugh. Kind of like the CIA keeping a file called "Super Secret Double Agent Spy List". I mean wouldn't they, at the very least, call it something like "Ulysses Personnel", where "Ulysses" is the code name of the project?

I feel very sorry for this guy, but he definitely should have listened to his solicitor. From the American point of view, it seems to me, there would be no benefit in overprosecuting his case, and many negative implications, but by forcing their hand, he has pretty much called down the inevitable "shock sentence" meant to teach others a lesson. That's basically the only useful outcome the U.S. authorities can hope to salvage from this situation now, and it seem likely they will go for it hammer and tongs. I hope the British government intervenes, but... wow... what a mess he's made.

Let this be a lesson to you, kids: don't be an idiot, but if you insist on being an idiot, at least don't be a complete idiot, and if you insist on being a complete idiot, at least listen to your attorney.
posted by taz at 2:17 AM on July 10, 2005 [1 favorite]

how can one tell if this is being done to one's computer?

Regularly holding conversations with your word processor is a dead giveaway.
posted by graventy at 3:24 AM on July 10, 2005