US Busts Military Network Hacker

yorgasor writes " KATU has an article announcing the case of a mysterious hacker who has broken into roughly 100 military networks has been solved. The hacker is a British citizen and authorities were considering extradition for the case. Although no networks containing classified information were compromised, they do consider the hacker to be a professional rather than recreational due to the large number of networks he hacked."

Kinda OT

[teamhasnoi]

When someone can bust into ONE HUNDRED MILITARY SITES and only get caught on the 101st, it makes me really doubt the 'security' of our electronic voting systems which are:

Closed Source
Admin'd by a Private Buisiness
Secured by Microsoft
Run by volunteers at each polling place.

Kinda makes you wonder if you really did/will vote, eh?

If this guy does get extradited to the US, I bet he'll be working for someone in a five-sided building real soon.

hmmm.

[_ph1ux_]

military cyber-guards.

I was watching this discovery channel documentary and there was this military type, jar-head cyber guard guy. He was standing there talking about how they monitor all the traffic on their networks, and keep a close eye out for any signatures of attack.

He was stressing how secret they keep all their information about their networks - that they dont let anyone know even their IP sets assigned to different networks, and that this information could help an attacker find out the machines they would need to attack.

The whole time he was talking about this - he was standing in front of a bunch of monitors, and the ones to the left of him was scrolling some sort of log and it was showing IPs to hostname mappings and some traceroutes as well. They were all in the really low IPs - and their hostnames were all .mil and *all* of it was easily readable by the viewer....

and i do not think it was something that was done on purpose and made to look like an accident. Not by the way these people were acting.

especially since they avoided filming any of the screens that people were working on.

So I am not too surprised.

Re:100 Sites?

[ArmedGeek]

This is the problem with the criminal mentality (unfortunatley it sometimes affects us geeks as well). I have worked in law-enforcement in the past and there is something that people who break the law really should understand.
Just because they haven't come for you, doesn't mean they don't know.
Generally, law enforcement (usually with organized crime or the white-collar variety) will track a suspect for a while, gathering evidence. You'd be amazed at the truckload of intelligence data amassed during a large narcotics investigation. (I never worked computer crimes).

The point is, why bust the guy after the first "penetration" so he gets probation? If you feel he's a threat, then you wait, let him continue to add to the charges, then pop him and put him away for a long stretch. They probably "had him" long before they busted him.

note: anyone cracking US government networks, either has an agenda or is incredibly self-destructive.

Re:This is not 'hacking'

They should just scrap the term hacker and call him a terrorist, because thats what breaking into the US millitary is, terrorism.

No, it is not. Terrorism is the use of terror tactics against a civilian population (which presumably isn't able to defend itself). Attacking military targets is perfectly legitimate acts of guerilla warfare, and the perpertrators of such are entitled to be treated as prisoners of war, and not this "enemy combatant" category that Bush invented.

So:
* attacking that supertanker the other month - terrorism.
* ramming the Cole - legit.
* blowing up the WTC - terrorism.
* blowing up the Pentagon - legit.
* shooting off-duty US marines in Yemen - legit.
* hacking military bases - legit act of war, or civil crime. Definitely not terrorism.
* dropping a 2000 pound bomb on a wedding party - a regretable accident.

Essentially, any act against a government office or military base would be a legitimate act of war.