World's Biggest Hacker Held

Hieronymus Howard writes "The London Evening Standard is reporting that the "worlds biggest computer hacker" has been arrested in London. Gary McKinnon, 39, was seized by the Met's extradition unit at his Wood Green home. The unemployed former computer engineer is accused of causing the U.S. government $1 billion of damage by breaking into its most secure computers at the Pentagon and NASA. He is likely to be extradited to America to face eight counts of computer crime in 14 states and could be jailed for 70 years. Apparently he broke into U.S. military computers to hunt for evidence of a UFO cover-up."

Smart? Yes. A Nut? Perhaps. How about both?

[lecithin]

"Apparently he broke into US military computers to hunt for evidence of a UFO cover-up."

It sounds like an excuse to me.

So is the guy really nutty or is this just an attempt to justify his illegal activities?

Then again, perhaps he was on to something?

what?

[professorhojo]

$1 billion damages? honestly - how do they come up with these figures?

they'd do better hiring this guy to teach their sysadmins a thing or two.

Re:what?

[garcia]

$1 billion damages? honestly - how do they come up with these figures?

they'd do better hiring this guy to teach their sysadmins a thing or two.

They hire overpaid techs that do shoddy work. They have to come up with these figures in order to make sure the public doesn't mind them wasting taxpayer dollars to track him down all over the world.

Re:what?

[jandrese]

From what I've been able to tell over the years, the damages in these cases is almost completely made up. The FBI loves to post huge numbers on cases like these because it makes them look important. More realistic estimates based on administrator time and business lost due to the servers being unavailable tend to be far lower.

Re:what?

[smooth+wombat]

How about this part:

The charge sheet alleges that he hacked into an army computer at Fort Myer, Virginia, where he obtained codes, information and commands before deleting about 1,300 user accounts.

While not $1 billion in damages there is a cost to recovering and reconstructing those accounts. Not to mention trying to figure out where all those holes in security came from and patching them.

Re:what?

[Smidge204]

To be fair, the cost of finding and fixing trhe holes should not be included. After all, it was broken before he got there.

Not to mention that they should be found and fixed regardless of any intrusions.
=Smidge=

Re:what?

[null+etc.]

$1 billion damages? honestly - how do they come up with these figures?

Easy. Human life is "priceless", and think about how many sys admins killed themselves after getting fired for letting a UFO spook break into their systems.

Anyways, at least this guy was using his power for good. At least, we hope. Maybe he planted fake evidence of WMD in Iraq.

Re:what?

[the_bard17]

Not to mention trying to figure out where all those holes in security came from and patching them.

Yeah, that makes sense. Pawn the cost of fixing your security holes on the guy who found them.

If my house ever gets burglarized, I'm going to try to get the burglar to pay the contractor to fix the "hole" the burglar got in through.

Re:what?

[rokzy]

>Not to mention trying to figure out where all those holes in security came from and patching them.

that's BS. you didn't see Ford suing its customers that discovered the flaws in their cars and forced fixes did you?

counter argument: Ford's customers paid for something and were then endanged.

counter counter argument: citizens pay taxes to be protected and the government fails at this job when it uses crap systems.

Re:what?

[yotto]

*there is a cost to recovering and reconstructing those accounts. Not to mention trying to figure out where all those holes in security came from and patching them.*

While I don't condone in any way what this guy did, you can't charge the guy who cracked your poor security system with fixing it. If someone breaks into your house becasue you never bought a lock for your door, you can't throw 'lock for the door' in with what he took.

Re:what?

[nodwick]

The idiot article quoted in the summary got it wrong. See here or here. The original article also gets the correct number in british pounds.

Using software downloaded off the internet, McKinnon allegedly hacked his way into almost 100 networks operated by NASA, the US Army, US Navy, Department of Defence and the US Air Force, with the US government estimating that his antics have cost around one million dollars (£570,000, 790,000) to track down and fix.

Re:what?

[93,000]

Duh . . .

He compromised over 3 Libraries of Congress worth of information, which costs the government such a large amount of money that, if stacked in $20 bills, it would be the size of four Volkswagen beetles. And if you don't know that it takes 1/4 billion in twenties to equeal a Volkswagen bug, then turn in your nerd card at the door.

Re:what?

Well this is the same government that buys thousand dollar screwdrivers and toilet seats. I can just imagine how much they overpay for thier Linux sofware. ;)

Re:what?

Million, billion, what's the difference?

Re:what?

[bmwM3]

"Many of the computers he broke into were protected by easy-to-guess passwords, investigators said."

Worlds biggest hacker? Sounds like your typical network security headaches to me. I doubt theres much the NASA/Pentagon admins could learn from this guy other than UFO looney bin talk--oh wait were talking about NASA, nevermind.

Re:what?

[TripMaster+Monkey]

Hey! I'm one of those overpaid, shoddy techs, you insensitive clod!

Re:what?

[TripMaster+Monkey]

While not $1 billion in damages there is a cost to recovering and reconstructing those accounts.

That's what backups are for. With proper backups, those deleted accounts could have been restored in hours.

NBD.

Re:what?

[BJZQ8]

Exactly. In my time working with school district (a government entity, of course), consultants will come in and make a big deal about "security", and sell a district a PO a mile long with all sorts of unnecessary crap on it. I have even seen them produce port-scanning logs as evidence of "being hacked." The School Boards will happily hand over $100,000 (in a district with a $2 million yearly budget) to remedy this "security hole." It's the same in the huge government boondoggle of departments and agencies. I'm getting more and more convinced that the coming crisis of the world pulling out of US bond markets is the best thing that could happen; right now this country has unlimited money, and is busy making an unlimited bureaucracy to spend all of it...

Re:what?

[Zeebs]

If you call any of your doors the "hole" you might want to get your contractor to come and fix it anyway.

Re:what?

It's not a billion US English. A billion in England is only a Million in the US.

Re:what?

[shotfeel]

Remember, this was thought to be a terrorist group attacking the US. Just guessing, but I assume security teams had to be sent out to lock down the facilities, assess damages and begin trying to figure out where these attacks came. That's just the start.

Part of the "lock down" may even include completely replaing large systems not only so you can start clean, but also so the compromised systems can be assessed, studied and used for evidence.

Then you have to figure out what other areas may have been exposed by these breakins and do some heavy duty damage control there as well.

Then there's the cost of teams of investigators and their expenses. We're talking an international, multi-year investigation.

All those expenses can really start to add up. Doing an investigation "the right way" can really cost a lot.

Re:what?

[dsginter]

they'd do better hiring this guy to teach their sysadmins a thing or two.

What if the sysadmins are *aliens* ?

Re:what?

The $1 billion in damages is a figure dictated by the man hours that were affected by the problem.
If there were 1000 people affected for an hour, that means they would have been earning $1000000 an hour.
The question is: How many people were affected and for how long?

Re:what?

Actually, our definition of the billion is the same as the US and has been for many years.

Re:what?

Better analogy:

If some idiot has no locks on his doors and a burglar walks in and steals his stereo, by the logic above he should sue the burglar not just for the cost of the stereo, but for the cost of installing locks on his doors!

Huh? Since when should idiots be rewarded for being stupid?

Re:what?

[danheskett]

That's your complete speculation, with no basis in established fact.

Let's say you have 100,000 users, and 1300 are lost. You can't just go back to the previous backup and overwrite any of the password changes, profile changes, etc that 100,000 users may have made in the last, say, 8 hrs. It would be very, very disruptive. So you have to first find just the deleted accounts, pull those from the backup, and then restore just those. Depending on your system/platform/application, that may not be possible. So okay, you write a script to insert the users back into the system. Great. But chances are some stuff is lost: passwords, password history, etc. Now you have to hand hold 1300 users resetting passwords, etc. And maybe that links to hundreds of different systems across the network. You really have no idea.

It could be a 5 minute deal, or it could take some skilled programmers days or weeks to properly fix. It all depends on many thousands of variables.

Just saying "go back to tape!" isn't always a viable option.

Re:what?

[Thud457]

Get Clifford Stoll, he works for free!

Re:what?

[alexhs]

There are damage costs and damage costs sponsored by the bsa/mpaa/riaa.

Re:what?

[mr_beanz]

Exactly. If they really were important systems, then our competent, intelligent CIA guys would have already made them ultra-secure. Right?

Re:what?

[elhaf]

However, in this case TFA on cnn at least, gives a figure of 1300 user accounts deleted in one instance. That probably involved real cost. He wasn't just looking for info, he was also being malicious.

Re:what?

[FrostedWheat]

If my house ever gets burglarized, I'm going to try to get the burglar to pay the contractor to fix the "hole" the burglar got in through.

You should correctize your spelling first.

Re:what?

[stanmann]

and the 1 Billion figure likely includes salary costs while those 1300 users were unable to be productive.

Re:what?

[johnnyb]

"That's what backups are for. With proper backups, those deleted accounts could have been restored in hours."

Maybe, maybe not. However, while I agree with the other posters that the guy is not responsible for fixing the holes that are already in their software, he is responsible for whatever time/money it takes for restoration, even if it takes that much time because they are stupid.

Re:what?

[TripMaster+Monkey]

1. Compile list of deleted accounts.
   
2. Perform non-authoritative restore of Active Directory on domain.
   
3. Perform authoritative restore of deleted accounts.
   
4. Crack a cold one. You're done.
   

Of course, I am assuming that the deleted accounts were from a Windows Active Directory structure, but that's a reasonable assumption given our facts in this case.

Re:what?

[TeaspoonTiddles]

Is it? I thought we think (I mean, know) a million is 10^6 and a billion is 10^12, whereas Americans think a billion is 10^9, which is what my granny might have called a Milliard.

Re:what?

Human life is "priceless"

I can point to thousands of personal injury lawyers who set prices on human life every day.

This is the current price schedule in the US:

1. Baby (white) - $100 million
2. Child (white) - $50 million
3. Teenager (blonde, white, female) - $35 million
4. Teenager (white, male/female (not blonde)) - $25 million
5. Adult (white, attractive) - $10 million
6. Adult (white, not attractive) - $5 million
7. Baby/Child (nonwhite) - $10,000
8. Teenager (nonwhite, rural) - $5,000
9. Teenager (nonwhite, urban) - $50
10. Everyone else - $10 per dozen

Re:what?

[kyle_b_gorman]

They have different meanings in Britain and the US.

http://en.wikipedia.org/wiki/Billion

Re:what?

[Rob+Carr]

that's BS. you didn't see Ford suing its customers that discovered the flaws in their cars and forced fixes did you?

I'm sure Ford is grateful to you for the suggestion!

Re:what?

[aslate]

Umm?

A US Billion "One thousand million"
A UK Billion "One million million"

A billion in England is/was a trillion in the US.

They're both officially one thousand million now, because in financial terms, a UK billion is pretty useless.

Re:what?

[greg_barton]

The FBI loves to post huge numbers on cases like these because it makes them look important.

That, and it may help in budget appropriations. Your budget is likely to be cut if you don't spend all of the money in a year. If you're behind on spending, say by $100 mil, you could say "but this hacker cost us $1 billion in damages! We're only going to charge $100 mil for our trouble, though..."

Re:what?

[aslate]

They're both officially one thousand million now, because in financial terms, a UK billion is pretty useless.

Wrong reason there, but the point remains valid that officially we use the US definition for Billions, trillions etc. But mostly refer to "One thousand million" instead.

Re:what?

One million dollars?

What's that.. about 20 quid these days?

Re:what?

[Procrastin8er]

Another crack journalist on the Job. This must have come from the New York Times.

Re:what?

Everything seems to be inflated these days. Reality and sobriety? No thank you, we're americans.

Re:what?

[kiltedtaco]

But that's not the issue. Nobody was refering to $1 000 000 000, nor $1 000 000 000 000. Somebody saw million and wrote billion.

Re:what?

If at all, they should *pay him* for finding them these holes.
That's an expensive services he provided...

Geshem.

Re:what?

[RWerp]

No, when someone destroys my property I get compensated according to the average costs in my area. If I hire a locksmith and pay him twice the market rate, it's my business.

Re:what?

[null+etc.]

I can point to thousands of personal injury lawyers who set prices on human life every day.

That's because a judge or jury can't award damages in the amount of "priceless".

Re:what?

[RWerp]

I doubt theres much the NASA/Pentagon admins could learn from this guy other than UFO looney bin talk--oh wait were talking about NASA, nevermind.

Yes, we're talking about that bunch of jerks who sent man into space and created world's best astronomical observatory (HST). Peanuts. You'd have done it in your spare time, otherwise you wouldn't write such sarcastic comments about them, would you?

Re:what?

[arkanes]

If this is what you do everytime theres a break-in at your company, I fear for your security. First off, you're presuming that he didn't delete the accounts beyond ADs ability to restore them, which is a pretty big assumption. And you're ignoring the work involved in auditing the restores of all the users data and privledges, to make sure that you don't accidently restore any tampering. Dealing with a large scale security breach is complicated and a major task, and while it's not fair to pin the total cost on the hacker (like fixing the hole he came in through), the secondary costs can be quite large - auditing and figuring out how he came in in the first place, deciding exactly how much of your infrastructure you can trust after the breakin, what a safe date to restore off tape is, etc, etc.

Re:what?

[iamwahoo2]

Maybe he is just extremely overweight and really is the world's "biggest" hacker.

Re:what?

[peterprior]

According to the BBC it caused $1 million in damages not billion.

Re:what?

[hunterx11]

Actually, economists do try to predict the value of human life based on how much people are willing to risk their lifes for what amount of money. Based on that, most people's lives are worth around $5 million.

Re:what?

[Steve+Newall]

Symantic difference between British English and American English.

British burglars burgle.
American burglars burglarize.

Re:what?

[hunterx11]

How can you mix up millions and billions? I mean, millions and hundreds of billions I could see, but this?

Re:what?

[MooseByte]

"$1 billion damages? honestly - how do they come up with these figures?"

Apparently NASA and the Pentagon have begun including "embarrassment" as a fiscal line item.

Hey mods, why is the parent post smacked down? It's a darn good question he asks - $1 billion? That's 10x more than the FBI just threw down the toilet after years and years of SAIC development and manpower.

Are they trying to claim that if not for "The Biggest Hacker In The World" ten of those $100 million projects would have actually succeeded?

Or maybe they're charging every firewall/NAT/sysadmin time/etc. to their "If Not For The Biggest Hacker In The World" budget item? Changes which no doubt would be required anyway to keep out, oh I don't know, actual foreign espionage agencies with state support behind them?!?

Because if this guy was getting in, what was stopping the Chinese, Russians, and the Antarctic Penguin Liberation Front from doing the exactly same?

Re:what?

[MysteriousPreacher]

Then the sysadmins will share their superior technology, bring peace to the world and explain why they made the Egyptians, Mayans and Atlanteans build spookily similar pyramids.

Re:what?

[msh104]

this kind of a "value" system is either a joke, or pure discrimination.

Re:what?

[blackicye]

whats wrong with his spellerizing?

burglarize
verb

(US)
burglarized, burglarizing
1. To burgle.

Etymology: 19c.

Re:what?

[constantnormal]

If indeed his access was entirely through sloppy security management/mismanagement on the part of our armed forces (gasp! how could it be?!?), then it seems like the "damages" assessed to him for "track(ing) down and fix(ing)" their crap should by rights, be billable to them as consulting fees and paid to this ufo-hunting whacko.

The real threat to security here is to allow the idiots who were responsible for security of those systems to keep their jobs.

So it looks like, instead of fixing the real cause of the problems, he's gonna be interrogated in Guantanamo Bay for the rest of his life -- while the REAL bad guys are now alerted to the fact that our defense security is managed by morons.

Re:what?

It looks ridiculous if you're used to English (...British) spelling. I mean. The original verb is 'to burgle', from whence we get burglars, but apparently burglars now they 'burglarize'. Which is amusing. Can I look forward to the day when my house will be burglarizerized?

Re:what?

[SonicBurst]

Please, please tell me where you live/work that your school district only needs 2 million a year! I live out in the boonies with a small school and they bitch that 30 mil/year isn't enough! Or perhaps 2 mil was just the IT budget for the school?

Re:what?

[ChaosCube]

The hole? Isn't that called a "door?" I could be mistaken, thought. Regardless, I would like to see how the government accountants came up with that figure.

Re:what?

[EvilTwinSkippy]

They get the figure from the fat bald guy on the other end of the video phone, with his pinky up to his lips.

unless you pay me one BILLION dollars. Muhahahahahaha

Re:what?

[DavidTC]

And the point remains that no one can ever confuse a billion for a million, because a 'million' has always been identical amounts.

It's some people calling a trillion a billion, or a thousand million a billion, that (was) the problem. No one's ever had a problem with a million.

Re:what?

Volkswagen beetle ...the new unit of obscenely large amounts of money.

As in, the US national debt is 31162.55 VW's.

Re:what?

[FrostedWheat]

whats wrong with his spellerizing?

This is starting to sound like a G.W.Bush sketch from Dead Ringers...

You are right, it is a valid American English word. I should have thought of that before posting but it just looked so odd!

Re:what?

[idonthack]

If a burglar broke down my door/smashed my window/tore a hole through my wall, I would want him to pay for it. Bad analogy, man. Leaving security holes unpatched is more like leaving a door unlocked.

Re:what?

[glyn.phillips]

An intrusion can be extremely consumptive of both users' and administrators' time.

I was working for a major firm when its networks of Unix and VMS systems were penetrated by outsiders.

The first thing the administrators did was lock out all user accounts.

The next thing they did was reboot all the computers.

The administrators spent the next three working days reloading operating systems from the distribution media while we users were left trying to look busy.

When the administrators were finally sure that all the systems were clean, the user accounts were reenabled one at a time with new passwords.

With a few thousand users idled at approximately $100/Hr. each (including all the taxes, benefits and other overhead) it does not take very long to add up to real money.

Given the number of systems compromised, I am surprised that the damages were not higher.

Re:what?

[Senzei]

You sir, have obviously not been educated in the fine art of bureaucratical math.

Re:what?

[Xiaran]

So do insurance companies.

Re:what?

[h4rm0ny]

By that logic, cowardly people are worth more than courageous people.

Re:what?

[e2ka]

Length of Volkswagen Beetle: 4 m
Thickness of $20 bill: 0.1 mm

Number of twenties = 4 / (1e-4) = 4e4 twenties
!= 2.5e8

Please turn in your nerd card.

Re:what?

[pete6677]

The reason schools spend so much money on computer gear now is due to e-rate funding (ie that $5 "universal service fee" on your monthly phone bill). There was a Slashdot article about it a few months ago. Basically it's yet another huge government pork barrel project with most of the money going to politically connected vendors.

Re:what?

[lgw]

Congraditations on embiggening and enstrongulating your knowledge of American English!

Re:what?

[timeOday]

However, in this case TFA on cnn at least, gives a figure of 1300 user accounts deleted in one instance. That probably involved real cost.

More cost than if the hard drive on that server had failed?

Re:what?

[Sabotage]

Let's put some real math behind this...

The Bureau of Engraving and Printing states that the current US currency is 2.61" x 6.14" x .0043". It takes 12.5M twenties to make $0.25B. 12.5M twenties then equals about 498 cubic feet.

According to Volkswagen, the new Beetle is 161.1" x 67.9" x 59.0", which works out to about 373 cubic feet. Since the volume of the car is somewhat less than its bounding box, I'd say that $0.25B in $20 bills is significantly larger than a VW bug.

A bug is probably closer to a quarter billion in fifties, which would be about 199 cubic feet.

You turn in YOUR nerd card.

Re:what?

[Xiaran]

Also. People keep making analogies to breaking into someone house... this analogy is stupid. We are talking about large organisations here that have mission critical computing infrastructure.

If dickhead breaks into my house and steals my DVD or whatever, I generally dont have to be to worried about the microwave oven if its still on the kitchen counter. Once a large commercial or govt network has been comprimised, audits take place all over the place. Maybe he cracked a random Oracle server and you didnt notice. Maybe he tamper with HR data... all sorts fo stuff.

Re:what?

[KarmaMB84]

The problem is they likely cannot trust anything on the systems the guy broke into. They may have to go through the entire system and every system connected to it to make sure it is clean.

Re:what?

[ghostmagic]

Your budget is likely to be cut if you don't spend all of the money in a year.

That is exactly how the gov't runs; on all levels! For example, when I was in the Marines we would go to the shooting range from time to time. Problem occured that we always had too much ammunition left over. Instead of returning it to the Armory and updating our logs, we had all the Privates and Lance Corporals load up clips and simply fire their rifles off down range. Why? If HQ saw that we didn't use all of the ammo in this training exercise, we would get less the next time and getting more ammo is like pulling teeth.

//I know, slightly off topic, but slightly relevant too. No?

Re:what?

[Some_Llama]

"The FBI loves to post huge numbers on cases like these because it makes them look important."

The DEA does the same thing, if they bust someone with a pound of weed (typical cost if bought as a pound $750) they say it has a "street value" of $4540.00

This is true, if you sold ALL OF IT in grams for 10 a gram... but this would never play out like this in real life...

Re:what?

[johnnyb]

Yes, but lets say that someone broke into your house, and set it on fire. Let's say that your house burned down twice as fast because you were stupid enough to have left a gas can in the middle of the attic. Because it burns down twice as fast, let's say your whole house is destroyed rather than just part of it. Even though you were stupid by leaving the gas can, the thief is responsible for the whole house, not just the part that would have burned if you weren't stupid.

Likewise, if they weren't smart enough to do regular backups, the thief still cost them that much damage.

Re:what?

[AShuvalov]

They must treat the guy as security beta-tester and waive off all fixing-that-stuff related costs. That will leave only the cost of chaising him down.

Re:what?

[GWTPict]

yeah, but if they can't secure the networks properly in the first place what's the chance they'll do the incident response properly afterwards?

Re:what?

[secolactico]

The original verb is 'to burgle', from whence we get burglars

And doesn't "whence" means "from where"?, if so, wouldn't "from whence" be redundant?

Re:what?

[randall_burns]

The root cause of this situation:

We have a lot of unemployed techies in the US and UK-a situation created by predatory, corporate sponsored immigration policies like H-1b/L-1(in the US). Prolonged unemployment for folks that have seriously devoted themselves to their career is very disturbing-and many such individuals will adopt radically different belief systems-some of which will be violent.

I wrote about this phenomena in an
article on ecoterrorism I wrote in 2003. The idiotic "leaders" that have created this situation-and are like Bush so arrogant as to taunt folks are to blame for this situation. If we have any degree of economic upturn, I expect to see significantly more reactions of this type.

Re:what?

[vjmurphy]

"Now you have to hand hold 1300 users resetting passwords, etc. And maybe that links to hundreds of different systems across the network. You really have no idea."

I'd kinda hope that NASA uses wouldn't need much hand holding for that. I mean, it isn't rocket science. No, wait...

Re:what?

[Lally+Singh]

Maybe he planted fake evidence of WMD in Iraq.

Ssshhhhh!! Don't give them any ideas!

Re:what?

[Overzeetop]

That would be opportunity cost, not real dollars. There is no "cost" when you're talking about most government programs. There's a fixed salary pool in a given year - most folks at these places (NASA, DOD) wouldn't get overtime pay, or differential, or anything else.

No, the work might not get done today, but it won't cost the taxpayer an additional amount - they pay the same amount each year.

Now, if a consultant were hired to come in and fix it, and the federal budget was increased to allow this (cf Iraq War costs), then it would be real money. Otherwise, its just on paper.

Heck, on paper, this /. post cost me almost $15 in lost productivity, but in reality I won't be turning down new work so in effect it has cost me nothing.

Re:what?

[93,000]

I don't know if the fact that someone actually did the math on that makes me feel better or worse about humanity. Though I do feel somewhat honored that you wasted at least a few moments of your day on my attempt at humor. Kudos!

Re:what?

[Bourbonium]

I tend to agree with you on this one. It's similar to when the DEA busts some college student's closet pot garden, they'll seize as few as six marijuana plants and brag to the media that the stuff had a "street value" of some ridiculous number like half a million dollars.

Don't ever believe a goverment agency when they talk about money and value. These are the same idiots who pay a defense contractor $400 for a hammer and $1,000 for a toilet seat.

Full disclosure: I work as a contractor with a state government agency. This government agency wastes millions of dollars every year on projects of dubious public worth, simply because they can always ask the taxpayers for more money. "BioTerrorism Preparedness" is the biggest cash cow this state has ever milked.

Re:what?

[jonfr]

I have even seen them produce port-scanning logs as evidence of "being hacked."

Been there, done that. I scanned my formal school network, but i also found a securty hole in a form of syspref.inf with a working password, it was in the computer class room on the C:\ drive, in clear text. I did test the password to see if it was working. Took a peek at the schools servers, but i didn't damage anything.

Then the case got to the cops, they did use port scanning logs to proofe that i was trying to damage the school network by portscanning the lan. But offcose that was plain BS.

Also, the state lawyer didn't have any evidense to proof anything on me. And the School second-headmaster did confirm my word where i had refused to damage the schools servers.

The case went to trial, i am now waiting the outcome. I hope that i win.

(Now i will get flamed to hell and modded up)

Re:what?

[constantnormal]

I don't believe, given the seemingly incredible stoopidity of the folks minding the store, that I would accept ANY claims about what the "intruder" did or did not do -- it seems to me to be at least equally possible that, upon discovering that they had an unwelcome guest, the investigating Keystone Cop accidently deleted the user accounts himself, and decided to blame it on this poor sap.

Or the system may have been damaged weeks or months previously, with anything wrong being attributed to our clueless doofus UFO-hunter.

And exactly how was he caught? Did he finally manage to locate the single installation that had some effective security?

I'd want to see the logs before I made any accusations in this case, which seems like a comedic episode of the X-Files.

Re:what?

[Seigen]

One point I will point out is that while he apparently did damage, it seems that he didn't go out of his way to do as much damage as possible.

Since there are undoubtably people out there that want to do as much damage as possible, it is possible that they will learn enough from this incident to save far more cost and chaos later. Does that excuse it? No.

Re:what?

[BJZQ8]

E-Rate only pays for discounts on Telecommunications Services, and a few paltry "Internal Connections" to buy routers and servers. The vast majority of the money goes back to the telecom companies, who are happy to lease T1's to school for that purpose...But yes, it is a HUGE waste of money, with money filling everyone's pockets that can get a vendor contract for "support."

Re:what?

[BJZQ8]

Well my district is in Western Illinois, and has about 500 students. The IT budget is, and has been for three years, ZERO. We get a single grant every year from the Federal Government for about $12,000, which I use to replace some of our 200 computers, and buy a few trinkets for the teachers like LCD projectors and SmartBoards. We get by using Linux for the server (just one, actually a fan-studded $200 Microtel from Walmart,) and either Linux or Windows 2000 on the individual machines, many of which were bought from State Surplus. We run Microsoft Office 2000 on some machines, and OpenOffice on the rest. I am the sole support technician for the district, and I take care of everything from the HVAC to the gym sound system to the lunch accounting. I also work at a second district two half-days a week, but they have consultants that are there the rest of the time. They are a similar-sized school, but their IT budget is in excess of $100,000 a year. It's all about doing what you can with what you have, not demanding that you get more so you can do the same. The area we are in has practically nothing, except 3000 residents. The coal mines have moved out, industry has moved out, and our commercial base consists of bars and gas stations.

Re:what?

[jonfr]

Made up? They are in 90% of most cases just plain B.S in my opinion.

Big numbers make everything look important, when we are speaking about damages. The bigger number the better.

FBI is a showoff, along with CIA, NSA and whatever three letter gov.org that U.S has.

Re:what?

[SonicBurst]

Wow man, I feel for you then. Sounds like you are just scraping by with equipment/etc out here. I'd say our school has something like 1500 students, and we are a blue collar area. We don't have much industry, but do have a lot of dairy farms. I just wish our local school administrators could see just how other schools have to manage.

Re:what?

[BJZQ8]

The vast majority of the area of this district was open-pit coal-mined. The topsoil has long since been turned over, leaving a surface of soil that will hardly grow anything. Even worse, many of the open-pit mines were never re-filled with anything, leaving huge lakes that are home to migratory birds. Over 3000 acres is owned by the Metropolitan Sanitary District of Chicago, Illinois, which trucks sewage sludge from the city and dumps it in some of the aforementioned ponds. Another vast tract is owned by some professional baseball players that use it as a private hunting/fishing/drunking ground. It takes some getting used to, but I'd say that we make do pretty well on 5-year-old equipment and shoestrings. I may not have rows of shiny Dell servers and Cisco switches like other districts, but I have the pride of knowing that I did the job with the resources at hand.

Re:what?

[coopex]

The *creative* way to use that excess ammo would've been to form a secret crack guerilla team that assasinated wasteful bureaucracy, you lazy bastard.

Obligitory Slashdot Discussion

[DeadSea]

I don't believe that this guy is the world's biggest hacker. Have you seen Cowboy Neal??? Now that's big!

This guy was looking for UFOs. In Soviet Russia, UFOs look for you!

We all know that if he was an uber-hacker he would have created a Beowulf cluster of all the computers he hacked.

One billion in damages? That number has to be inflated. (Actually the article says 570000 pounds which is only about 1 Million US dollars according to my currency calculator)

1. Get paranoid about UFOs
2. Hack into the US government
3. Get caught
4. ????
5. Profit!

Re:Obligitory Slashdot Discussion

[rokzy]

you must be new here.

Re:Obligitory Slashdot Discussion

4. Write a book / Create a 'Hacking' homestudy course, and go on the 'Tonight Show'.

5. Let the jack just roll right in, baby! (in the words of MasterShake)

Re:Obligitory Slashdot Discussion

[Thuktun]

Actually the article says 570000 pounds

Wow, that guy IS big.

Re:Obligitory Slashdot Discussion

[The+Jon]

I for one welcome our newly arrested soon to be extradited worlds biggest hacker overlord. ...and maybe he has a thyroid problem, you insensitive clod.

Re:Obligitory Slashdot Discussion

Didn't you read the article - where it says click to enlarge? How did they get this guy up out of the basement?

Re:Obligitory Slashdot Discussion

[dextroz]

What? Who weighs how many pounds? I just woke up... "Martha! Will you check the news if that sucker we framed got caught yet? Otherwise give the FBI another tip and this time don't leave the ZIP code out honey! You know they "operate" from America!"

Re:Obligitory Slashdot Discussion

[zenneth]

heh, that's great irony... the six-digit guy telling the five-digit guy he's a noob.

Re:Obligitory Slashdot Discussion

[rokzy]

jeez, thanks for explaining my joke

Re:Obligitory Slashdot Discussion

Not bigger than CowboyNeal!

Re:Obligitory Slashdot Discussion

[Biff+Stu]

Does Richard Simmons know about this?

Re:Obligitory Slashdot Discussion

[Dogtanian]

Well, there's at least one instance of someone buying a three-digit (IIRC) /. account on eBay. I wouldn't kiss someone's backside simply because they had a lower account number than me.

That having been said, I doubt a 5-digit account is worth much to anyone; $0.21 on eBay at most.

Re:Obligitory Slashdot Discussion

[gx5000]

Maybe I should read the other replies first but it seems to obvious to me.. 4. ???? = Film rights sold 5. Profit ! nuff said

Re:Obligitory Slashdot Discussion

[Paul+Crowley]

Well, there's at least one instance of someone buying a three-digit (IIRC) /. account on eBay.

For how much?

Re:Obligitory Slashdot Discussion

[Slamtilt]

Oh go on. Make me an offer.

Re:Obligitory Slashdot Discussion

[Kinthelt]

That having been said, I doubt a 5-digit account is worth much to anyone; $0.21 on eBay at most.

I'll take it!

how fitting...

Nothing for you to see here. Please move along.

The same response this hacker got while trying to find UFO info...

This guy isn't it.

My guess is that the WBH is about 400+ lbs.

THE CONSPIRACY ARE TRUE!@!

[zug82]

its got men in black and everything!!!

World's biggest hacker

Hey, is this a world's biggest hacker story about the world's biggest hacker? How many times can you say world's biggest hacker in one headline? World's biggest hacker!

Re:World's biggest hacker

[Jokerz17]

"Bob Dole just wants to hear Bob Dole talk about Bob Dole. Bob Dole!"

Sweet Jesus.

[newrisejohn]

If you do $1 Billion worth of damage just to look for UFO conspiracy information, you deserve to be locked up.

Although this could help his insanity plea.

Re:Sweet Jesus.

Although this could help his insanity plea.

Not in the slightest. Being insane is not enough to be found not guilty. You need to be unable to even understand you are commiting a crime. There is little doubt this guy knew he was breaking the law.

Re:Sweet Jesus.

[Alpha_Traveller]

He probably didn't do any damage, the system was probably wide open, or rather as wide open as it can be and it's still the military.

There's big difference in pointing out $1 billion (or even $1 million) worth of holes you could drive a truck through, vs actually torching machines, hard drives, destroying data etc.

If he's any kind of reasonable hacker, he didn't do anything but look...right?

right???

Re:Sweet Jesus.

[KarmaMB84]

except they probably have to dismantle the entire system because it can no longer be trusted...

Re:Sweet Jesus.

[sgt_doom]

Riiiiggghhhhtt.....this from the same US government that is unable to provide accurate unemployment statistics, presidential voting systems, weapons-of-mass destruction location data, number of jobs being offshored forever, and - lest we forget - believes the major crises facing all Americans is about 40 years off, i.e., the Social Security system.

Any questions?????

So...

[IainMH]

So just big is he? 7 foot? 300 pounds?

Re:So...

[hamburger+lady]

goes by the name of 'Brasky'. i'd say he's about 8'5", 750 pounds.

Re:So...

[eric_brissette]

I also thought it was a strange use of the word "big"

A really fat nerd was the mental picture that came to mind first.

Re:So...

[theNote]

Yeah, I know Bill Brasky. He's a 10 foot-tall beast-man, who showers in vodka, and feeds his baby shrimp scampi.

So anyway, Brasky would put on a white tie and tails and would walk his cobra through the park on a leash. He named the cobra Beverly, and he taught it how to fetch and dial a phone. But then one day it bit the maid. So with tears in his eyes Brasky had to shoot the maid.

Re:So...

[TripMaster+Monkey]

Bill Brasky once ate a Bible while water skiing.

Re:So...

[theNote]

Did I ever tell you about the time Brasky took me out to go get a drink with him?
We go off looking for a bar and we can't find one. Finally Brasky takes me to a vacant lot and says, 'Here we are.' We sat there for a year and a half and sure enough someone constructs a bar around us. The day they opened we ordered a shot, drank it, and then burned the place to the ground. Brasky yelled over the roar of the flames, 'Always leave things the way you found em!'"

Re:So...

[TripMaster+Monkey]

So, I'm in the back of a pickup with Bill Brasky and a live deer! Well, Brasky, he grabs the deer by the antlers, looks at it and says, "I'm Bill Brasky! Say it!" Then he squeezes the deer in such a way that a sound comes out of its mouth - "Billbrasky!" It wasn't exactly it, but it was pretty good for a deer!

Re:So...

The character of Johnny Appleseed was based on Brasky except for the part about planting apple trees and not raping men.

Re:So...

Brasky slept eight hours a night!

Re:So...

[CardiganKiller]

I force my wife make love to a female horse once a week......
..
.
.
.
....
To Bill Brasky!!!!

Re:So...

Why don't you RTFA! The article clearly states he weighs 570000 pounds!

This just in

[yotto]

The police have apologized to his mother for kicking in her door, but it was the only way they could reach the basement.

Re:This just in

I hope they also apologized for knocking over his Stratego board.

Re:This just in

British houses rarely have basements :p

The World's biggest hacker?

[The+Ivan]

Measured by his waistline or "achievments"? Praise the Lard!

Re:Smart? Yes. A Nut? Perhaps. How about both?

[markild]

LOL..

If you're that good you're doomed to either be retarded or wacko.

This obviously proves it ;)

UFO cover-up

[iocc]

Did he find any evidence of a UFO cover-up?

Re:UFO cover-up

RTFA... Though second-hand, the answer is no

Re:UFO cover-up

[CHESTER+COPPERPOT]

THe computers that he hacked were probably low-level classifications. The high classifications would never allow access to outside networks.

Re:UFO cover-up

[newgalactic]

He didn't find anything because nothing exists. Carl Sagan once said that by his estimate, the knowledge of alien life would most likely be a secret for all of two hours upon discovery (...or was it Issac Azimov).

I was in the Navy for six years. There are no secret alien files being held on servers. The Government and our nations military are made up of the same everyday shmoes as you and me. They've all worked in malls or mc'donalds at one time, played video games, and are TOTALLY INCAPEABLE of keeping a secret of this magnatude for 60+ YEARS... trust me!

Re:UFO cover-up

[said_captain_said_wo]

Yes, it's obvious that this secret was not kept due to all the evidence that we have:

- http://www.ufoevidence.org/
- http://www.disclosureproject.org/
- http://www.mufon.com/

There are radar tapes, cases of jets being scambled, physical evidence, etc. That this has been denied does not make the issue go away.

Re:UFO cover-up

Obviously! It wasn't mentioned, right?

Re:UFO cover-up

[XPACT]

Unless they are aliens themselves........ :-) Wearing my tin foil hat

Re:UFO cover-up

[110010001000]

Exactly. What is most amusing about government conspiracy nuts is that they believe that government employees have some sort of magical, superhuman ability to keep secrets and perform amazing feats that remain undetected for years.

Have they ever visited a military base?

Re:UFO cover-up

I'm glad someone posted this, especially the disclosureproject link. The late Carl Sagan was a fine popularizer of science, but he was simply wrong on this account. He assumes that the people covering up (or attempting to) think like him and could never keep a coverup going for more than a few years. But he forgets that secrets, properly compartmentalized, combined with public denials, mockery of witnesses, and false information distributed to the media to give the entire subject an out-there appearance can be kept. The sad fact is that I think the parent is right, the secret has leaked out, it's just surrouned by a web of outright lies, half truths, speculations, denials, disinformation, etc...that the only thing that would settle it is a press conference covered by the World's Media. But those with the core information in the Military and Intelligence Agencies will never do that until their hand is forced. So until that time we'll have to make do with what we have.

Re:UFO cover-up

[ravenspear]

While it is very true that some very high profile UFO incidents have not been explained. We don't have enough evidence at this point to postively conclude that they were of extra-terrestrial origin.

Some of the vehicles that have appeared certainly seem to be beyond our current level of technology, but there are other explanations besides aliens. Some have suggested they are us visiting from the future, or another dimension, or some ancient civilization of earth (Atlantis?) with incredibly technology and can hide themselves well.

However, I do agree that this issue has been trivialized and tossed around as a joke in a very inappropriate manner. There are serious questions here and so far science has been unwilling to try and answer them.

Re:UFO cover-up

[said_captain_said_wo]

There are cases of a secrets being kept:
Manhattan project
H bomb
B-2 Stealth bomber

If we could follow the money, we'd see how much goes into projects for which there is no public exposure.

Even if there is no UFO coverup, there are black projects being funded with many millions of dollars. Who decided where this money goes? Where is this money going? Is this a good use of our tax dollars?

Re:UFO cover-up

[ravenspear]

They haven't kept it. Hundreds of people have talked (and I'm not talking about nutcases, high level, very respected people). It's just that the media has not been listening because they related this topic to the tabloids long ago.

Re:UFO cover-up

Yes, like 50 of 'em! They kept trying to abduct his cousins, what the heck would you do in a situation like that?

Re:UFO cover-up

[eraserewind]

Yeah, but they covered it up.

Biggest Hacker?

[LS]

There are a lot of chubby mo-fo's sitting in front of computers late at night these days. This guy must be pretty damn big...

LS

Re:Biggest Hacker?

Actually if you look at the picture in the article the guy is rather skinny and homely.

Didn't had the good url

[dascritch]

http://www.googlesightseeing.com/2005/05/12/ufo/> This one is without risk. I Hope.

Whoah

[LegendOfLink]

OMG, they finally caught JeffK!?

World's Biggest Hacker?

[Dagny+Taggert]

Really? Because he broke into a Pentagon network? That just makes him stupid; if he were really a big hacker, he'd be doing blackhat corporate work. UFOs! Yeah...whatever.

Re:World's Biggest Hacker?

[ArsonSmith]

No really he weighs almost 700lbs. RTFA!!! They haven't yet found a hacker that big. Although many are close.

Re:World's Biggest Hacker?

[slimey_limey]

RTFA. There's nothing about his mass in the article.

Re:World's Biggest Hacker?

[jd]

I suspect the grandparent post figured out his energy, from the stack of Red Bull and Mountain Dew cans, then used E=MC^2 to do a mass conversion.

Re:World's Biggest Hacker?

Wow, two posts today and both show you have zero sense of humor. Lighten up.

Re:World's Biggest Hacker?

[ArsonSmith]

3rd page of the Article about half way down.

Re:World's Biggest Hacker?

[Jack+Zombie]

-1, you fail to realize that the claim is just more of the typical Slashdot yellow journalism.

They had to build a special cell...

...with rebar reinforced concrete and a titanium foundation. The cell contains the world's largest hamster wheel. The hacking behemoth eats over 5000 calories a day.

2 questions

[millahtime]

Is he really the worlds biggest hacker if he got caught?

Did he find evidence of UFOs? Were they hot babes from space?

Re:2 questions

They were hot _chicks_, not babes.

Re:2 questions

[TripMaster+Monkey]

The article specified "the world's biggest", not "the world's best".

One beeelllliiioonn dollars?

[bc90021]

1 Beeelllion Dollars?

Where do they get that from? If that's really the case, it would only take about 6,000 people to cause enough damage to double the national debt!

The article doesn't mention anything anywhere about pure damages, for starters. It mentions the costs associated with tracking and capturing the guy, and costs correcting some of the problems - combined. Those costs are listed as 570,000 pounds. At the exchange rate I just looked up (1.83 dollars to a pound), that's still only 1,054,500 dollars, which is more like a meeelllion dollars. Even if they tack on the 950,000 pound in fines, that's still not even three million.

That's a far cry from a billion... and about two million less than the damages Kevin Mitnick was supposed to have caused.

Frankly, they should have just let this guy find some "evidence" of UFOs. Then he might have spent his time trying to convince people of it instead of looking for more!

Re:One beeelllliiioonn dollars?

I think that's useful, and it's nice to feel needed, but I think it draws attention away from what's really important. Instead of staking out new territory and beating the holy crap out of the next street's bicycle club, which is what you should be doing, you're sitting around and pontificating about the importance of your position as the treasurer of the bicycle club (which is to say nothing about what an ass the president is going to be).

Re:One beeelllliiioonn dollars?

You're forgetting the other forensic expenses, expenses to change all the security in his wake, etc. That could spider out to be a great deal more than 1 mil.

Re:One beeelllliiioonn dollars?

So they are charging him for security measures they would have or should have taken anyway?

Re:One beeelllliiioonn dollars?

[bobbis.u]

The BBC article says $1 million.

I think some chump is getting confused about millions and billions. He probably thought the US million was a UK billion or something like that. It is now generally accepted everywhere that a billion is a 1,000 million, not a 1,000,000 million.

The wikipedia article clarifies

Re:One beeelllliiioonn dollars?

[newfoundry]

From the BBC report:

"The Briton was indicted in 2002 by a federal grand jury on eight counts of computer-related crimes in 14 different states.
It claimed that he hacked into an army computer at Fort Myer, Virginia, obtained administrator privileges and transmitted codes, information and commands.

Unauthorised access
He is accused of then deleting around 1,300 user accounts.
The indictment alleged Mr McKinnon also deleted "critical system files" on the computer, copied a file containing usernames and encrypted passwords for the computer and installed tools to gain unauthorised access to other computers.

A loss of over $5,000 (£2,725) to the Army stemmed from the alleged damage, according to the indictment."

So in the space of three years, $5K becomes $100M? Nice rate of return, if you can get it...

Re:One beeelllliiioonn dollars?

It's more than that. They need to change security measures in order to "change the locks" so that any information he gathered on their procedures will no longer be useful.

Re:One beeelllliiioonn dollars?

[Espectr0]

I think some chump is getting confused about millions and billions. He probably thought the US million was a UK billion or something like that. It is now generally accepted everywhere that a billion is a 1,000 million, not a 1,000,000 million.

I read that article, but i still think 1 billion should be 1.000.000 millions. The french word millard was taken into the official spanish language as millardo, and most of the countries use that notation (except the ones linked in the article).

Once again the United States is the Microsoft of the common standards, failing to adopt such things as the metric system, dot-separated thousands and notation, promoting their own "standards"

Re:One beeelllliiioonn dollars?

[HermanAB]

American billions are only 1/1000 the size of British billions, but still - I got to agree with you that those skew numbers are world class Internet Statistics (TM).

Re:One beeelllliiioonn dollars?

Actually Comma separation for thousands is standard and dot for Floating point .
everything else is right though

Re:One beeelllliiioonn dollars?

I imagine that 6,000 real master hackers could easily bring the US Government's daily operations to its knees for quite some time.

Re:One beeelllliiioonn dollars?

[Espectr0]

"In accordance with an ISO Council decision,
the decimal sign is a comma in ISO documents."

source

Re:One beeelllliiioonn dollars?

[Cigarra]

"It is now generally accepted everywhere that a billion is a 1,000 million, not a 1,000,000 million."

Eehm... since when exactly USA = everywhere?

Re:One beeelllliiioonn dollars?

[PeterM+from+Berkeley]

So wait a sec-- you're saying that the original losses to the US Gov't of $5,000 was eventually reported in a slashdot headline as a billion dollars?

It's like an out-of-control game of telephone.

Re:One beeelllliiioonn dollars?

[Idarubicin]

Where do they get that from? If that's really the case, it would only take about 6,000 people to cause enough damage to double the national debt!

My understanding is it took fewer than that to create it in the first place...and they seem to indicate that this guy actually has some skills.....

Re:One beeelllliiioonn dollars?

[rickle]

My guess is that they put their pinkie finger to there mouth, said "One meeeellllliiiiioonn dollars...", and no one was really that impressed...

Re:One beeelllliiioonn dollars?

that's also taking into account how much productivity is lost by people reading (and posting!) about this on slashdot while at work.

hence, the billion.

Re:One beeelllliiioonn dollars?

[bobbis.u]

OK, so I should have said everywhere in the English speaking world.

Re:One beeelllliiioonn dollars?

[zokum]

In Norway, we have the following: million, milliard, billion, billiard, trillion, trilliard. One doesn't run out of "names"" as fast as they do over in the states :-). Using anything other than this is backwaterish, when will the US stop using their feet to measure length?

Re:One beeelllliiioonn dollars?

[Overzeetop]

...when will the US stop using their feet to easure length?

When my foot changes to a unit metric length, I'll use that. Until then its feet and meters (which just so happens to be closer to my stride than a yard). Sadly, the end digit of my thumb is an inch and a half, though I suppose that is a useful thing to know for mesuring feet on a 1:8 scale dwawing.

Re:One beeelllliiioonn dollars?

[Przepla]

Once again, it is so only in English speaking countries (and China). See Wikipedia

Re:One beeelllliiioonn dollars?

[Antonymous+Flower]

this journalist's error is going to cost someone millions

the script checker image is pretty bad; nearly incomprehensible. what next, a game of chess to prove I am not a script? oh wait..

Re:One beeelllliiioonn dollars?

[juan2074]

Let's hope the jury (or multiple juries?) see through the BS on the indictment.

If he can get a jury of his peers*, he is set.

* ['Peers' include other hackers looking for UFO evidence on US military computers.]

Re:One beeelllliiioonn dollars?

[kc0re]

No. He caused 5000 dollars of damage to that ONE machine.

Sweet!

[SenFo]

UFO Cover-up, eh? So, please do tell what he found! And if you don't know anything, feel free to make something up ;-).

Re:Sweet!

[kevinx]

Sorry no UFO, all he found was porn.

Re:Sweet!

The purple-haired moonbabes run Linux on their moon-computer!

Re:Sweet!

[Binestar]

Sorry no UFO, all he found was porn.

Our Decoy worked!

At least make an attempt to hide it...

[beeglebug]

"World's biggest hacker held By Rob Singh, Evening Standard 8 June 2005 A London man described as the..."
Could it be any more copy and pasted? A little re-write or some formatting wouldn't hurt would it?

Re:At least make an attempt to hide it...

[SirSlud]

Agreed. This is the first time in 6 years of /. where I'll actually complain about the article summary. Its confusing as hell to read, and it looks like nobody actually proof read it before it went live.

Re:At least make an attempt to hide it...

World's biggest hacker held By Rob Singh

Is his back OK?

Re:Smart? Yes. A Nut? Perhaps. How about both?

[Omnieiunium]

He wasn't onto anything. He found nothing. Nothing at all. He did not hack into our databases or steal information. Never happened. Never.

1 billion $ damage?

[vidarlo]

How does they measure the damage done by a single person. 1 billion sounds awful, and if it is this single person that has done so much damage, one must ask how he can do that. I have a feeling it falls back to relaxed security, lazy sysadins and such. And how does they compute how much damage he has done? I guess some corps use the chance to do changes when restoring, so they might in fact get a lot new, which might be incorporated into the costs. Also, destroying a solution that costed $1M to make does not mean it'll cost $1M to reimplement it... So my guess is that those costs is a bit bogus, at best.

Re:1 billion $ damage?

[archen]

In modern society it is quite possible to do a billion dollars worth of damage. If you can drive a truck full of TNT into a skyscraper you can probably get pretty close. The more we invest in building such big entities the more capable an individual is of doing significant damage.

I think you're right that they are probably lumping costs together and making up dallar ammounts but I imagine he could have easily done damage into the millions. Consider a criticle database where the backup isn't done properly (yeah, that NEVER happens but bear with me). Now some guy comes in and accidently wacks the machine. Maybe setting up the database again runs a few thousand, but the criticle information which cannot be replaced on the machine is worth far more - and that's a hard ammount to estimate. Hell, just consider how much the Pentigon spends doing security audits and integrity checks every time someone manages to break in.

You figure that such a person could run around for years doing damage (perhaps even unintentional) and getting such a high score doesn't seem that far fetched ... well a billion is, but in the millions seems possible.

World's biggest computer hacker

[wolfemi1]

Sooo......


Exactly how large is he?

Re:World's biggest computer hacker

[BenBenBen]

Not bigger than Kim Schmitz, surely.

Re:World's biggest computer hacker

They said "hacker", not fuck wit.

Re:World's biggest computer hacker

He is an interesting and funny guy though. Watch the last Gumball 3000 video and you'll see.

He's one of those jolly hackers that screws people over then makes you laugh about it.

He also proves that personality is more important than actual skill when trying to get rich. Which sucks for those of us with skill.

Huh?

[The-Bus]

Man they need to do their fact checking a bit more. That guy looks like he's 160 lbs. tops. I know I've seen some hackers top over 300 lbs. They're a bit wilier though.

lyk OMG no way !??!?

is dat bad wut that guy did ??? i mean seriously omg i dont get it :(

Love,
~~Angelic Carrie~~

He didn't try to escape...

... on a flying bus?

Don't they mean cracker?

[JaF893]

Surely they mean the world's biggest cracker?

Re:Don't they mean cracker?

[Morgon]

Why's it always gotta be about race?!

Re:Don't they mean cracker?

[Datamonstar]

Yes, a saltine of massive proportions.

Re:Don't they mean cracker?

[Pros_n_Cons]

Surely they mean the world's biggest cracker?

Now if only we can somehow capture the worlds biggest bowl of soup!

Re:Don't they mean cracker?

[fdiskne1]

That must be it. Here's a picture of him.

Re:Don't they mean cracker?

Surely replying with that every time the word "hacker" is substituted for "cracker" must be getting old.

Re:Don't they mean cracker?

[Geoffreyerffoeg]

Breaking in to US government computers to find evidence of UFOs? That would make him a nut cracker...

Re:Don't they mean cracker?

[Geoffreyerffoeg]

The media will never start using "hacker" and "cracker" the way we'd like them to, so it's much simpler to accept "hacker" as a word that derives its meaning from context. When the word "FBI" is in the vicinity, it's a bad guy. When the word "OSS" is in the vicinity, it's a good guy.

Re:Don't they mean cracker?

[guitaristx]

Everyone, please send emails to this address of a similar nature:

Dear editor,

I am a computer hacker. By this, I mean that I enjoy learning and exploring computer technology. I have a degree in computer science, and am involved in many not-for-profit computer-technology endeavors. I am not a criminal. I do not violate computer security, I do not write malicious software, and I do not intentionally cause harm to the computer systems that I have access to. Any computer system access that I have has been given to me through legitimate means. It has come to my attention that you have used the term 'hacker' in the article linked below to indicate a person who intentionally violates computer security systems: http://www.thisislondon.co.uk/news/articles/191647 14?source=Evening%20Standard&ct=5

The proper term for such a person is 'cracker' or 'security breaker', i.e. one that "cracks" computer security. By using the term 'hacker' in the way that your publication has done, you spread misinformation about me, and people like me. You are demeaning and destroying a culture that, above all, values learning, knowledge, and wisdom. Please stop insulting hackers by equating them with criminals. For more information, see here: http://www.catb.org/~esr/jargon/html/appendixc.htm l

Please issue a correction, and please make sure that a clear distinction is made in the future.

(your name here)
A Proud Hacker

Re:Don't they mean cracker?

So what happens to the media when one of the hackers in SourceForge are arrested by the FBI?

Re:Don't they mean cracker?

[guitaristx]

Apparently, MSNBC has a similar story. Mail your letters here.

Re:Don't they mean cracker?

[freaker_TuC]

honey, you need to pick a race first ;)

Re:Don't they mean cracker?

[freaker_TuC]

[michaeljacksonvoice]honey, you need to pick a race first ;)[/michaeljacksonvoice]

I cannot believe I pressed the wrong button ...
(if I could only delete the other one.. maybe I should get this hacker @ work ...)

Re:Don't they mean cracker?

[John+the+Stutterer]

I, for one, welcome our new beowulf cluster of "In Soviet Russia" joke making overlords. In Soviet Russia, the beowulf cluster of "In Soviet Russia" joke making overlords welcome you.

Don't you understand? Nothing ever gets old on /.

Re:Don't they mean cracker?

[RobotRunAmok]

The media will never start using "hacker" and "cracker" the way we'd like them to

"We?" What's all this "we" stuff? The adoption of "cracker" by the script-kiddies to mean something else in addition to saltine and Southern racist and illicit-vault-opener remains among the dopey-est linguistic forays of the past twenty years. For many of "us," "cracker" can't cease having any IT-related meaning fast enough.

Of course, if "war-driving" enters the popular lexicon of national newsrooms with any meaning beyond a description of what soldiers do in their Hummers, than "cracker" will finally be out-dopey-ified, but we've got our fingers crossed...

Re:Don't they mean cracker?

[SocialBlunder]

Please do not disparage crackers. Upstanding crackers don't want no part of 'puters.

Re:Don't they mean cracker?

[poormanjoe]

Done and done. And I mean done.

Re:Don't they mean cracker?

[sgt_getraer]

Ah, but you see, that's the beauty of the English language. It evolves. The tide has turned on 'Hacker', no matter how many letters to the editor you send.

But hey, you can always come up with a spiffy new label. How about 'computrix'? Has a ring... a bit naughty...

Re:Don't they mean cracker?

Not all crackers are white. Take Graham for example.

Dreams do come true!

[geoffeg]

Well, it looks like this guy's dream will come true and he'll get that anal probe he's been searching for. Too bad it'll be by some big, hairy dude instead of a big, hairy alien dude.

Re:Dreams do come true!

He'll get a serious "port scan".

Re:Dreams do come true!

Well, it looks like this guy's dream will come true and he'll get that anal probe he's been searching for. Too bad it'll be by some big, hairy dude instead of a big, hairy alien dude.

I think Pedro is an alien, no? Beeend over Gringo! Mucho probo!

"biggest"

when police came to arrest him he swallowed all those pills he was offering for sale, via email THEN he was the biggest.

Ok, but the big question isn't answered

[Weaselmancer]

Apparently he broke into US military computers to hunt for evidence of a UFO cover-up.

Did he find any?

Re:Ok, but the big question isn't answered

[markild]

If he did find anything, we would never get to know about it ;)

Re:Ok, but the big question isn't answered

[mrogers]

No, but when the guys in black body armour kicked his door down his first thought was "I knew I was on to something!"

How big is he?

How big is he? 300 lbs? 400? He must be huge!

Will they plea??

[mbathgate]

The question now is whether the government will attempt a plea deal and put him to work like we've seen in other cases. With jails full, it seems rather silly to put such useful talent behind bars when he really isn't a threat to society. Plus, he could be our secret weapon against those vicious North Koreans. He's got to be worth at least 100 NK's if he's the "biggest in the world, right?"

Re:Will they plea??

[meringuoid]

Plus, he could be our secret weapon against those vicious North Koreans. He's got to be worth at least 100 NK's if he's the "biggest in the world, right?"

What are we going to do, drop him on Pyongyang?

"World's biggest hacker"

[@madeus]

"World's biggest hacker"...

He must be what, like 400 pounds?

Re:"World's biggest hacker"

[CTalkobt]

Just an offtopic thought...

I'm currently listening to NPR right now and they're talking about terrorists. The question of weight brought up this question to me:

Do they have any fat suicide bombers? My thinking is no, as their bellys would cushion the impact of the bomb.

Translation ....

[argoff]

Now that they have him, they're bringing him back to the states to work for the US government!

their most secure computers?

[koi88]

breaking into its most secure computers at the Pentagon and Nasa.

Their most secure computers should be those that are not connected to any network.

Re:their most secure computers?

[xquark]

Actually the most secure computers are the ones
that are turned off. :)

Arash

I don't know about uncovering the UFO conspiracy..

...but discovering an anal probing seems a distinct possibility.

"Damage"

[Mr+Guy]

Possibly, or is that "damage" in the sense of "music theft". Used in a sentence here:

He exposed how inadequate our systems are and upgrading them cost $1 billion dollars; therefore he did $1 billion dollars worth of damage.

Re:"Damage"

[Ironsides]

Possibly, or is that "damage" in the sense of "music theft".

FTA: He is accused of a series of hacking offences including deleting "critical" files from military computers.

Lets say I hack into a businesses computer system. I then delete system files and/or data files (say customer records or something that they actually use). I have just caused damage. Why? Becuase regardless of the security holes, the business then has to spend time and money and has lost revenue from having to restore everything from backups. And you can add lost productivity to that as well. So no, this is not like "music theft" this is real damage.

Re:"Damage"

[Perl-Pusher]

Obviously you have never had all work completely stop while the sysadmins wiped every machine clean and restored files from backup. A hacker at Langley Research Center easily wasted $1 million dollars a day for 4 days, just in the pay to unproductive employees.

Re:"Damage"

It cost $1 billion to restore some backups? Where do they keep the tapes for Christ's sake?

Re:"Damage"

[xMilkmanDanx]

Yeah but how productive are they normally? Around here, you need to apply a heavy duty LART to get people producing anything worthwhile on a computer...

Re:"Damage"

[RealAlaskan]

A hacker at Langley Research Center easily wasted $1 million dollars a day for 4 days, just in the pay to unproductive employees.

Was than any more than you pay to unproductive employees when the work isn't stopped?

Think before you answer. I'm a government economist, and I know about these things.

Re:"Damage"

[Perl-Pusher]

It depends on who and what their duties are. Langley Research center hosts among alot of other things, satelite remote sensing data. There are alot of scientists doing atmospheric research into among other things climatology and global warming. Many of these people are highly passionate about their research. Alot of this data is shared openly world wide, a student in China might be working on a doctorial thesis, or like when the shuttle crashed they use atmospheric data to look for an anomoly or presence of "gravity waves". A single hacker can shut off access to this information for days. Important data can also be lost. Not to mention highly paid scientists unable to do anything. This really isn't meant as an ad for nasa, just a look into what really does go on.

Re:"Damage"

[nacturation]

... cost $1 billion dollars

1 billion = "one billion"
$1 billion = "one billion dollars"
$1 billion dollars = "one billion dollars dollars"

For everything else, there's Mastercard.

Re:"Damage"

[Frank+T.+Lofaro+Jr.]

On Mars.

Re:"Damage"

[Perl-Pusher]

You also have to realize that the data services provided are used world wide. You not only have the research centers crippled, you also have colleges, corporations and governments worldwide unable to get timely satelite data products.

How big?

[uniqueUser]

Surly not much bigger than 15 stones I would say.

Say it one more time...

[ravind]

"World's Biggest Hacker", yes we get the idea. We don't need to read it 4 times before we get to the end of the second sentence.

Free On Bail (BBC)

According to this, he's free on bail:

http://news.bbc.co.uk/2/hi/uk_news/4071708.stm

Re:Free On Bail (BBC)

[magarity]

Free on bail + facing 70 year sentence = run awaaaaaay! run awaaaaaay!

Re:Free On Bail (BBC)

[mrogers]

Don't let him answer any payphones!

Say G'bye to Gary

[Gadgetfreak]

If he gets extradited, I'm sure he'll be covered up along with the rest of the evidence of UFOs.

It'll be the next conspiracy...

Re:Say G'bye to Gary

[gc8005]

No, it won't be covered up. He'll go to Gitmo and be interrorgated. They'll probably flush his Perl Cookbook down a toilet, maybe desecrate a few of his Star Wars comic books. In about 10-15 years, the ACLU will finally get him a trial. Why do you hate Freedom?

Re:Say G'bye to Gary

[OctoberSky]

Thats when I "the worlds 2nd biggest hacker*" will break into the computers at the Pentagon, the CIA and the FBI to find evidence that proves it was a cover up. You will be reading about me here at /. in 2-3 years. Seriously though, screw the Pentagon for saying it has the worlds most secure network and then having someone break into it. Makes me feel real secure with my Windows ME installation. *185 pounds.

Most secure?

[Mille+Mots]

...The unemployed former computer engineer is accused of causing the US government $1billion of damage by breaking into its most secure computers at the Pentagon and Nasa...

Maybe it's just me, but any device connected to any other device is no longer to be considered as secure.

I would have guessed that the gubbermint's "most secure computers" would be airgapped, but apparently that is not the case. Or, perhaps, the author of TFA is being just a bit sensational and overdramatic. ;)

Re:Most secure?

[bmongar]

You don't get it, he is so good he hacked into computers not connected to the network. You see he displayed hypnotic patterns on those connected to the network to make his now bot employees access information on the computers not connected to the network.

Re:Most secure?

[TrappedByMyself]

Or, perhaps, the author of TFA is being just a bit sensational and overdramatic. ;)

Hmmm, what do you think?

The most secure networks are not accessible from the common internet, no physical connections. And yes, they are airgapped in the cases where someone has access to both in their office.

At most, this guy snuck into some .mil computers. No classified goodies there though. Probably just SSNs, worst case, and info on the anual office picnic.

Re:Most secure?

[Rorschach1]

Even stuff classified at the 'Secret' level is kept on separate networks. If you find any SIPRNET traffic on unclassified networks, it's using NSA-approved encryption devices to tunnel traffic.

Of course, something as Earth-shattering as UFO proof wouldn't get anywhere near a computer only approved for 'Secret'. Think secure facilities with guards, shielded rooms and computers, and vaults. Where classified networks do exist, you'll see mandatory physical separation distances between cables to avoid crosstalk, heavy use of fiber optics, pressurized conduits, and so forth.

Fortunately I don't often have to deal with that stuff. As exciting and mysterious as classified data processing might sound, it's mostly boring and a freaking pain in the ass to deal with.

Re:Most secure?

Hey, look what it did for John Markoff...

Re:Most secure?

[bill_kress]

This line of thinking amazes me. If someone hacked into a government computer, he saved them Billions of dollars in troubleshooting and potential terrorism costs.

Anyone hacking into a highly secure government website should be given a medal and put into a super 'leet closely supervised government hacking team.

Re:Most secure?

[Neurotoxic666]

Think secure facilities with guards, shielded rooms and computers, and vaults.

Like the Bunker?

Re:Most secure?

[sgt_doom]

Actually (this word officially makes me sound like a college graduate circa 21st century), the US government's most secure computers used to use DONGLES, but Dick (the dongle) Cheney was so offended by that word (along with former Atty General Clown, whats-his-name) that they stopped using them and are therefore open to hacking from every basement dweller.....

Re:Most secure?

[Rorschach1]

No, like a SCIF.

Re:Most secure?

[Java+Ape]

Yeah, what he said. We only have one highly classified system at my installation, and I don't have the required clearance to access it. However a few months ago they needed a bit of tweaky Oracle stuff done, which the normal staff was not comfortable performing. So, I get escorted into the tomb, with a 500-pound gorilla standing right behind me, and the normal admin watching me like an eagle. I had to explain what every command I entered was supposed to do, and wait for authorization to proceed. "I'm going to cat the oratab file, to see where the Oracle home on this server is"
"OK"
"Now I'm going to change to that directory."
"OK" (etc).
Sheesh, just a bit paranoid. I work like a block away, for the SAME company. Guess I might go rogue any minute!

Re:Most secure?

[ammie]

Congratulations, you've heard of the SIPRNET. Now a few facts should intercede:

#1- No messages from the SIPRNET are transmitted over the internet. The encryption devices you are refering to are:
a) not used to protect classified information from the public, they are used to segregate those with a similar clearance that have/have not a "need to know".
b) not universal. or even common.

#2- The secure facilities that you mention are ...nothing like what you mention. What you are referring to is known as a "SCIF", (Secured Compartmented Information Facility). A SCIF is a really really sturdy box. It typically houses a barrage of white-elephant technology experts who would kill for a window. http://www.fas.org/irp/offdocs/dcid1-21.htm

#3- While many may see the advantage of "heavy use of fiber optics, pressurized conduits" etc, I'm afraid the ruling bodies in the DoD simply do not watch THAT many movies, and I think you would find the truth a bit lackluster. Security issues are addressed without the use of negative pressurization in doors, or any other such coolness.
(Though the average scif is really devoid of dust now that I think about it...)

#4- "Fortunately I don't often have to deal with that stuff."
Then may I suggest not presenting as fact something that is not, especially about something you admit you are not a member of, let alone an expert.

Now, go ahead. Ask me where I'm posting this from.

Re:Most secure?

[Rorschach1]

"1- No messages from the SIPRNET are transmitted over the internet"

I didn't say Internet, I said unclassified networks. NIPRNET is not the Internet. TACLANEs ARE used over the NIPRNET.

"#2- The secure facilities that you mention are ...nothing like what you mention"

See my other reply about SCIFs, with the link to the physical security requirements. As for the conduit requirements and such, that's common in less secure facilities like where you might find SIPRNET. Don't have the relevant standards documents handy, but I can dig 'em up if you'd like.

"I'm afraid the ruling bodies in the DoD simply do not watch THAT many movies"

Pressurizing conduits tells you if there's a break. The telephone company does it all the time. Fiber is used because you can get around some of the spacing requirements - there's no crosstalk. Depending on how secure the facility is there can also be requirements for how often you have to physically inspect all conduit, and what color the conduit has to be.

Matrix

[should_be_linear]

"You have a problem with authority, Mr. Anderson. You believe you are special, that somehow the rules do not apply to you. Obviously, you are mistaken."

Re:Smart? Yes. A Nut? Perhaps. How about both?

This message was sponsored by the Iraq Information Minister.

biggest hacker

[solarlux]

> "World's biggest hacker held By Rob Singh"

So how much did he weigh?

A more reputable UK Paper

[tezza]

The Independent. They have the decency to say 'Hacker'

The Evening Standard releases The Metro and Evening Standard Lite. All are rubbish.

Re:A more reputable UK Paper

why not just say it's part of the "Daily Mail, The Mail on Sunday, Evening Standard & Metro Media Group"

all titles are rubbish. still, it is convenient to have the worst newspapers bundled into one handy association so you can avoid them all at once.

Photo of worlds biggest hacker finding UFOs

[hoggoth]

Here is the photo that Reuters released for this news story. It shows the worlds biggest hacker successfully getting into the Pentagon's secret UFO research labs.

He looks kinda feminine to me...

Re:Photo of worlds biggest hacker finding UFOs

Neither of the people in that photo look especially feminine to me.

Odd facts in this case

[FunWithHeadlines]

What an incredibly odd story. Look at these quotes from the article:

"Most of the alleged hacking took place in 2001 and 2002. At one stage the US thought it was the work of the al Qaeda terror network. "

OK, so this must have been some serious stuff going down for them to think that he was al Qaeda. Or was it?

"Friends said that he broke into the networks from his home computer to try to prove his theory that the US was covering up the existence of UFOs. "

Uh oh, we're talking mentally off here.

"He is accused of a series of hacking offences including deleting "critical" files from military computers. The US authorities said the cost of tracking him down and correcting the alleged problems was more than £570,000. The offences could also see him fined up to £950,000 if found guilty on all charges. "

Here it comes, the big bill for this mentally off "al Qaeda" operative. "Lesse, captain, I spent my lunch hour running a scan." "Aha! We'll bill that time as worth £50,000!"

"Prosecutor Paul McNulty alleged that McKinnon, known online as "Solo," had perpetrated "the biggest hack of military computers ever". He was named as the chief suspect after a series of electronic break-ins occurred over 12 months at 92 separate US military and Nasa networks.

Ah, it gets better. This guy must have been hot stuff! They think he's some kind of master criminal or something. Or al Qaeda maybe.

"It is alleged that he used software available on the internet to scan tens of thousands of computers on US military networks from his home PC, looking for machines that might be exposed due to flaws in the Windows operating system.

Many of the computers he broke into were protected by easy-to-guess passwords, investigators said. In some cases, McKinnon allegedly shut down the computer systems he invaded. "

WHAT?! He's just a script kiddie??! All this fuss over some guy port scanning Windows boxes??

"The charge sheet alleges that he hacked into an army computer at Fort Myer, Virginia, where he obtained codes, information and commands before deleting about 1,300 user accounts.

Other systems he hacked into included the Pentagon's network and US army, navy and air force computers. "

So let me get this straight. Some nutcase into UFOs uses script kiddie technology to port scan Windows boxes and somehow manages to get into the Pentagon and the military? Are you kidding me? Either they are running Windows boxes with easy to guess passwords and insecure networks, or else they should have charged him with a lot worse stuff than standard port scanning. Or maybe the reporter has no clue what he did, but this doesn't add up.

The only thing that does make sense is the U.S. military thinking a script kiddie UFO chaser was a master criminal at work...

Re:Odd facts in this case

[meringuoid]

So let me get this straight. Some nutcase into UFOs uses script kiddie technology to port scan Windows boxes and somehow manages to get into the Pentagon and the military?

Hey, guys! No, really, guys! Yes, you, al-Qa'eda over there!

You'll never guess what... No, seriously. And it didn't even need anyone to kill themselves. You're gonna love this...

...

I suppose it's a good thing it was a UFO believer rather than an Allah believer who found this monstrous security fuckup :-)

Re:Odd facts in this case

He was named as the chief suspect after a series of electronic break-ins occurred over 12 months at 92 separate US military and Nasa networks.

Translation: It was too hard to catch the real Al Quaeda hackers, so we arrested this moron, held a press conference, and closed all those break-in cases.

Re:Odd facts in this case

[MrWhitefolkz]

You should realize how the military works when it comes to computers.

There are 2 military networks. Niprnet and Siprnet. Niprnet is the unclassified network, while siprnet is obviously classified. Anything that is determined to be confidential or higher is supposed to be on the siprnet. The siprnet is also supposed to have absolutely no connectivity to the niprnet. This doesn't mean that people don't use niprnet email for stuff they shouldn't, but it is clearly outlined and military members are constantly reminded to be discrete in any email or what not. Just like Tom Clancy books, you can put together a lot of information from unclassified material.

As far as unsecured systems, this isn't a surprise at all. When I was stationed in Germany (98-01), I was only authorized to run win95 on my 486dx machine. Even though NT and then 2000 were both authorized by the US Army, it than had to be certified for us by USAEUR (US Army Europe). After that, it had to be approved by V Corps for usage. Once that was available, it would than be possible to run NT or 2000 on the desktop machines. When I left in June 2001, it still wasn't authorized for usage. Even though many officers were running 2000 on their shinny new laptops and "Toughbooks". The network admin's were purposely too lazy to downgrade to an authorized OS. The domain servers were NT4 however.

The sad reality is that most systems within the military are unsecured because of time constraints. It is foolish to think that a organization that is understaffed and has a primary focus of defense and offense, is going to spend much time worrying about things like computers. Unfortunately, most of the people I worked with in the Division's Automation shop weren't experienced with computers at all, and their first experience with a virus/worm was the ILOVEYOU virus.

Re:Odd facts in this case

[jd]

I've done some work for NASA and the DoD in the past, and all I can say is I'm surprised by how few break-ins the guy is tied to. Typical system administration passwords are "password" according to the agency-wide briefing I was in on, the use of .rhosts on mission-critical systems is scary, and the preference of rsh/telnet over secure protocols is beyond belief.

The evidence so far is that the guy IS a skript-kiddie, and probably not a very good one at that. If, after countless reviews and endless debate, many Federal agencies are still scoring D or worse on their own evaluations, I cannot find any reason to have any confidence in their ability to secure their systems.

Perhaps, instead of wasting time chasing UFO spotters, they should be putting more time and effort into getting their own house in order. Windows machines are rated for standalone security, not network security, and Windows is only C-class even then. That may be fine for a desktop hosting seriously unimportant files, but I would not regard that as nearly good enough for servers or desktops likely to have files of significance.

For the sorts of establishments we're talking here, I would say that a minimum of B3 on internal security and something comparable for network security should be the minimum for anything beyond the kiosks they've been pushing people onto.

Re:Odd facts in this case

> Typical system administration passwords are "password"
Dude, I don't think you're supposed to blab that.
Anyway, do I need to type the quotes?

Re:Odd facts in this case

[insomnyuk]

I agree, the facts are very odd. I don't know what agency you contracted with, but the USAF command I work for as a civvie doesn't allow passwords of any kind anywhere on their Windows network to contain less than 8 characters. They must contain a number, a special character, with at least one uppercase and one lowercase letter, and must not be in the english language. Also, our passwords must be changed on a regular basis, and can never be re-used. These sorts of strict rules are pretty standard force-wide, and have been as far back as I started working (2001). These standards are actually considered too lenient by some in our computer security division, which annoys me because its already a big fucking hassle.

So either the reporter has bad info, the government is lying in its reports, or the reporter is lying. I think it is impossible that a 'script kiddie' could guess an admin password and just remote in and delete 1300 user accounts. Of course, they aren't giving any kind of specifics, like were these networks that were web-based in the DMZ, or were these .mil only networks, or what. Did he just delete 1300 accounts on an intranet messageboard, for example. Like I said, the security standards are a hassle because they don't matter to most hackers, but are still necessary. The biggest vulnerabilities are the security holes in Microsoft Exchange servers, SQL databases that interface with websites, and IIS in general.

The fact is, DoD networks are port-scanned everyday from foreign countries. So this guy isn't anything special. Which leads me to believe information is being withheld.

I also doubt that this is the 'most damaging' hacking attempt ever, I'm sure the worst incidents are the ones that are never publicized.

Re:Odd facts in this case

[pant]

Its way easier to make a network legally secure as opposed to actually secure. In fact, its better to make a network only legally secure so then fines can be collected and court costs levied, or at least that is what the gov will tell you.

Re:Odd facts in this case

[jd]

I've worked with NASA and SPAWAR. Frankly, I was horrified by their standards. What you're describing is a hastle and would probably be more than secure enough if you had a secondary system. (A digital cert on a smart-card, an S/Key calculator, anything that would essentially give you a "per session" password.)

It's not terribly "secure", but one way to meet the standards is to run two words of the same length together, use the tens digit of the month for the special character, and the units for the digit.

Relatively easy to remember, would defeat dictionary attacks (the problem becomes the size of the dictionary squared), but could be open to social reverse engineering.

Re:Odd facts in this case

[ThisIsFred]

It adds up to some pretty poor security procedures. Actually, I'd guess there was no security implemented at all, if I judge by the portion you quoted. Behold:

"He was named as the chief suspect after a series of electronic break-ins occurred over 12 months at 92 separate US military and Nasa networks."

Point #1: No monitoring tools are in place, no one monitors the systems on a regular basis. I could see one week, but to not notice, and to not secure the network over the course of a year leads me to believe that they have no network admins.

"It is alleged that he used software available on the internet to scan tens of thousands of computers on US military networks from his home PC, looking for machines that might be exposed due to flaws in the Windows operating system.

#2: Good grief, the machines were connected directly to the DMZ without NAT, a proxy or any type of traffic monitoring? What's more, the NBT ports were obviously not blocked, as that's the only common Windows service I can think of that would allow an attacker to log-on. I bet the Administrator passwords were blank. The quote doesn't mention any tools besides a port-scanner, so he must have just done it the old fashioned way.

Many of the computers he broke into were protected by easy-to-guess passwords, investigators said. In some cases, McKinnon allegedly shut down the computer systems he invaded. "

Further suggesting that the Administrator passwords were never set. These systems would likely be Win2k/XP in order to be compromised in this manner. I believe the default is to have an account lockout after three tries. If he guessed wrong, the users would have noticed. So he must have guessed right the first time.

"The charge sheet alleges that he hacked into an army computer at Fort Myer, Virginia, where he obtained codes, information and commands before deleting about 1,300 user accounts.

#3: Either he was snooping the network and cracking passwords, or the workstations and server superuser accounts had the same password.

Note that these same terrible security procedures would put almost any other operating system at risk. Doesn't anyone read the old DoD security publications?

Re:Odd facts in this case

Relatively easy to remember, would defeat dictionary attacks (the problem becomes the size of the dictionary squared), but could be open to social reverse engineering.

What isn't open to some risk of social engineering, reverse or otherwise? Most people have some capacity to empathize, or look at a situation from someone elses point of view. Most people, if it isn't too much of a bother, will answer another's questions, especially if you convince them you have a right to know the information.

Re:Odd facts in this case

[insomnyuk]

Point taken re: NASA and SPAWAR's standards. Thats just scary.

Our password rules are smart enough to filter concatenated english words as well. But then, if this guy was stupid enough to do all he did from just his home computer, then he HAS to be a script kiddie.

Re:Odd facts in this case

[MirrororriM]

If, after countless reviews and endless debate, many Federal agencies are still scoring D or worse on their own evaluations, I cannot find any reason to have any confidence in their ability to secure their systems.

Ok, some agencies are scoring D or worse, but they average a D+ , so there! Put that in your pipe and smoke it! Woo!

Waitaminute...that's nothing to celebrate... :(

Error

[DigitalOSH]

Theres an error in the summary. No one claimed he was the world's biggest hacker. The quote was in fact "Mr McKinnon is charged with the biggest military computer hack of all time"
-Paul McNulty, US Attorney for the Eastern District of Virginia

Re:Error

[FuzzyBad-Mofo]

Yeah, this guy must be the size of a Volkwagen to claim the title of "Biggest Hacker of All Time".

"Most secure computers" - I doubt it

[Lemming+Mark]

Unless the Pentagon and NASA have VERY VERY silly systems, their *really* important computers are simply *not* accessible to hackers. I really can't believe that truly ensitive systems wouldn't just be air-gapped from the world.

Sure, it's possible to hack intelligence agencies but it I'd put money on it failing to get you the really juicy stuff!

Re:"Most secure computers" - I doubt it

[Maximum+Prophet]

They are. The most sensitive computers at the Pentagon are in Faraday cages with heavily filtered power and armed guards Absolutely no Internet connections.

Re:"Most secure computers" - I doubt it

As a person who used to work for a defense lab I'll just say many systems are either protected by hardware encryption boxes, simply not connected at all, or listen to only a single mac address and use encryption.

Re:"Most secure computers" - I doubt it

[harvardslacker]

Maybe they should have talked to the NSA. Have you seen their security guides? I can't find it right now, but I remember reading one that involved removing all optical drives, blocking all access to other computers, having your computer hidden by Saddam Hussein's WMD team, etc.

Re:"Most secure computers" - I doubt it

[Soybean47]

Well, you know... there has to be some way of getting the information out of the computer, otherwise there would be little point in maintaining it.

I mean, if the information were SO secret that NOBODY was allowed to know what it was, why bother keeping that information at all?

Anyway, if there's a legitimate way to get data out, there's likely some way of fooling that system and getting the information illegitimately. Maybe this guy employed field agents, or little spy robots. ;)

Yup, that has to be it. And they're not telling us these details, because they don't want us to know how their security was compromised. ;)

Re:"Most secure computers" - I doubt it

[vertinox]

Absolutely no Internet connections.

So if we ever did have a nuclear war, then how are they supposed to talk to the other bunkers?

I mean that was the original intention of the internet, wasn't it?

Otherwise what do you do with a computer that no one has access to? I guess it can just sit there and look pretty. ;)

Re:"Most secure computers" - I doubt it

[javaxman]

Unless the Pentagon and NASA have VERY VERY silly systems, their *really* important computers are simply *not* accessible to hackers. I really can't believe that truly ensitive systems wouldn't just be air-gapped from the world.

You've never worked for the government, have you ? It shows.

Believe, my lemming friend, and try to use those critical thinking skills every once in a while. The feds can hardly even define "really important", and certainly have a hard time keeping track of their own doings. Breaking into federal networks can't be too difficult, it's done all the time. This guy wasn't that good- he's been caught.

Re:"Most secure computers" - I doubt it

[Maximum+Prophet]

That's the problem with really super secret infomation, not enough eyeballs can see it to make it useful.

These super-secret machines are used to encode secret communications via one time pad. The faraday cage room prevents electronic eavesdropping. Data is either carried into and out of the room in someone's head, or in top-secret documents that are kept secure through physical processes.

Once a communication is encrypted, it can leave via some physical media. It's then sent using radio, phonelines, carrier pigeon, whatever...

Re:"Most secure computers" - I doubt it

[Lemming+Mark]

Sure - I'm not saying they don't use networks of computers.

I'm just suggesting they won't connect sensitive networks with classified data on them to the internet. With a decent sized internal network, it'd be perfectly feasible to have the only transfers between it and the outside world take place using CD-Rs - either for software installation, or for data transfer.

For most operations (e.g. working on secret weapons plans ;-) their internal network would be enough to co-operate between team members, access specs for their hardware, run simulations on their supercomputers, etc. Needing to access the real internet would be the exception, rather than the rule.

Re:"Most secure computers" - I doubt it

[Lemming+Mark]

When I say "really sensitive" I mean classified information - the really juicy stuff will only be *accessible* to people who know how to handle it. Not your common or garden feds ;-) - they surely won't even see it, let alone be allowed to stick it in vulnerable places.

Think about it: as you say, people break into *internet-connected* federal networks all the time. How much highly classified information has been recovered from those networks as a result of a busy hacker?

Re:"Most secure computers" - I doubt it

[Rich0]

Actually, my understanding is that declassifying media is a fairly intense process.

You take your files on some form of media. You then take a PC and wipe it completely clean - some insane number of overwrite cycles with random data. Then you image it using a controlled image. You then load the classified data, and save it into some file format which is guaranteed not to drag along undesired material (such as a word document where deleted text is just marked as deleted but still stays in the file, or where some of the bytes in the file were never written to and contain the previous centents of the physical media sectors). That file is then saved to the new media. The PC is wiped again.

Other options are print and scan, and stuff like that.

My understanding is that the precautions taken for officially classified material are beyond paranoid - you aren't going to find holes unless the procedures are not followed. However, defence work is not underfunded, so there are plenty of people around to handle the extra hoops that must be jumped through...

Re:"Most secure computers" - I doubt it

[JeanBaptiste]

well I contract for a lot of places, and the several nuclear power plants and also casinos I work for are exactly like that, anything remotely sensitive is not accessable in any way to the internet.

Re:"Most secure computers" - I doubt it

[Eminence]

You've never worked for an intelligence agency, have you? It shows.

Re:"Most secure computers" - I doubt it

[FeloniousPunk]

You've never worked for the government, have you ? It shows. Believe, my lemming friend, and try to use those critical thinking skills every once in a while. The feds can hardly even define "really important", and certainly have a hard time keeping track of their own doings. Breaking into federal networks can't be too difficult, it's done all the time. This guy wasn't that good- he's been caught.

I have worked (do, actually) for the government. The really good stuff is not accessible from the public internet, period.

Re:"Most secure computers" - I doubt it

[javaxman]

Sorry, I was trying to be funny, but I do have a real point.

When I say "really sensitive" I mean classified information

Merely classified? Classified what?

There are all kinds of levels of classified information, and it's re-classified and un-classified all the time. An example? Working as an intern for NASA, I once had the task of marking "declassified" on a stack of Environmental Impact Reports. Why they were ever classified is beyond me, but the point is that text was surely on someone's computer somewhere at the JPL, surely networked.

NSA and the Pentagon? Sure, lots of their most important data are secured and not network-reachable. All of their classified data, though? Not a chance.

Re:"Most secure computers" - I doubt it

[Lemming+Mark]

Ah sorry - I can see the funny side, though. My experience of civil-servants has not been entirely encouraging (yesterday the tax office decided I was two people, today I'm only one) :-) The scary thing is that the NSA are also civil servants...

IMO low-level classified information would be perfectly reasonable to keep on internet-reachable computer systems, as long as sensible security precautions are used.

In the US classification system, I'd hope that anything above Confidential would be air-gapped unless there was a good reason for it not to be (and appropriate precautions taken).

Re:"Most secure computers" - I doubt it

[Lemming+Mark]

I love how this comment got modded as funny because it sounds like an "adjusts tinfoil hat" type comment - the best bit is that this is actually serious. After all, it's not paranoia when they are out to get you :-)

Re:"Most secure computers" - I doubt it

[juan2074]

Maybe you can give up using computers after a nuclear war. Try something new, like scavenging for food.

Scanning For MS Computers

[lbmouse]

"...looking for machines that might be exposed due to flaws in the Windows operating system."

That makes him more of an opportunist than a genius.

Weird Al anyone?

[DeafDumbBlind]

World's "biggest" hacker...

When I read the headline I had a vision of a montage of of the "Fat" and "It's all about the Pentiums" videos.

Scully, come look at this

"A man gets arrested for doing 1 billion dollars of damages to files that aren't supposed to exist because there aren't UFO's.. ? Scully does this make any sense to you? Tell you what, you spend the night in this room cutting up this cadaver and I'll be back in the morning with more wacked ideas of where to go next. I think this Gary fellow may be on to something."

psssh

pssssh... they haven't caught me.

*ducks*... behind a proxy

World's Biggest Hacker

[prodangle]

I thought that at 330 pounds, that title was safely held by Kim Schmitz.

He didn't commit a crime in the US

[thogard]

He only committed a crime in the UK even though the effects that crime where in the US. There are already enough laws in the UK about breaking into military sensitive computers that can put him in jail for a very long time and there are enough treaties with the US so that breaking into a US military computer in the UK can get you thrown in jail forever.

The judge should rule that he can't be extradited to the US until he has been tried in the UK and then only if the US has charges that don't fit into double jeopardy.

Re:He didn't commit a crime in the US

that doesn't make any sense you stupid jackoff. Its breaking and entering in computer terms. He broke into something located in the US. When you get it through your walnut size brain that "hackers" aren't saints that perform worldly deeds, you'll start to understand that.

Re:He didn't commit a crime in the US

[sgt_doom]

Scully: Mulder, do you know someone's trying to hack our X-files????

Mulder: We have X-files????

Re:He didn't commit a crime in the US

[Scooby71]

Under the UK Extradition Act of 2003 the US does not have to show any evidence at the extradition hearing.

The fact that he has been charged in a US court is sufficient, so I wouldn't bet on the judge ruling as you say.

The converse does not apply to UK extradition requests to the USA.

This has been applied to 3 bankers involved in the Enron fraud.

Re:He didn't commit a crime in the US

[thogard]

He didn't do the "break" part of "breaking and entering" as far as I can tell. If he touched some of the systems I used to have to use, I can say what happened was he simply entered.

Using eagle1 for a password is the same as not locking the door because its has a "tricky lock".

Re:He didn't commit a crime in the US

[froschmann]

IIRC, double jeprody is permitted in the UK.

seems he didn't find any evidence

[aurelian]

so I guess the evidence of a massive UFO cover-up must be in some even more secure US military computers, the ones he wasn't able to get into..

Insanity plea indeed...

[Gadgetfreak]

All he needs to do is start running at the mouth about how he knows who really killed JFK, or where Jimmy Hoffa's body is. Maybe claim that Amelia Earhart was abducted by aliens, that the gov't is controlling people with flu shots, and that Coke and Pepsi are the same thing. If he keeps going, he's bound to be labeled insane. Either that, or eventually guess something correctly.

Re:Insanity plea indeed...

[TripMaster+Monkey]

Coke and Pepsi are the same thing???

The world no longer makes sense to me...

^_^

Re:Insanity plea indeed...

[DavidTC]

Well, yeah. They're both soft drinks.

I thought everyone knew that.

Biggest hacker?

How fat is he?

He Got The Wrong System

[Hoi+Polloi]

If he was really smart he would have broken into the alien computer system via the link in...ah, forgot I ever said that.

Re:He Got The Wrong System

[Metzli]

That would only work if was using an older model of Powerbook. It might also require that he looks more like Jeff Goldblum.

Re:He Got The Wrong System

[sirvulcan]

you mean the PPP-Powerbook model?

Re:He Got The Wrong System

[Man+in+Spandex]

Jeff Goldblum? Impossible!

and I quote from SNL Celebrity Jeopardy

Trebek: Let's go to Jeff Goldblum who appears to still be doing Thai Chi. Let's see what your answer was. The number 2.
Goldblum: Aha aha, the letter 2 my friend
Trebek: no, 2 is a number!
Goldblum: I.. I can't read or write

Re:He Got The Wrong System

[Master+of+Transhuman]

Jeff must be a /. contributor...Wonder what his handle is?

US problem

Lets just assume that he has caused the billion dollar to vanish into nothingness...

Seems impossible to me if he hasn't found any evidence of something UFOrelated then...

How do they get the figure? Is that the cost to cover up all their security issues?

US govrnmnt should appologize for the secrets they held from him. If they would be 'transparant', the hacker wouldn't have hacked, he would have 'searched'...

And you can't really say he is the best hacker (and the geeks here can't say he isn't), you haven't met him, you don't know what he can, and you surely don't know how he got busted...

70 years? Nope! Offer of employment? Yes!

[Linker3000]

Methinks he might be on the NSA/FBI payroll within the month - mind you of course he will 'go' to 'prison', it's just that he'll be snuck out the back almost immediately and only return when someone he knows wants to visit.

.

Re:70 years? Nope! Offer of employment? Yes!

He was a script kiddie. He's not getting a job out of it.

Re:70 years? Nope! Offer of employment? Yes!

um - no.

He was
1. A script kiddie
2. Caught

The few "hackers turned good" aren't dragged through court either - they are just "advised" on what to do (with the threat of being dragged through court)

In other news

[dark-br]

Script kiddie UFO chaser Is Al Quaeda master criminal.

Darn.

[theantipop]

Here I thought they caught the source of all the Counter-Strike hacking. Now those are the real hackers they should be targetting.

Halliburton

The unemployed former computer engineer is accused of causing the US government $1billion of damage by breaking into its most secure computers at the Pentagon and Nasa.

In unrelated news, the Bush administration has awarded a $1 billion no-bid contract to Halliburton to upgrade security for its most secure computers at the Pentagon and Nasa.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[kfg]

Then again, perhaps he was on to something?

Yeah, and insanity plea. Doen't mean he shouldn't do serious time, just that he should do it where they have nice soft walls, milk and cookies.

Ummmm, the round kind, with little bits of chocolate in them. The other kind are part of the alien plot to enslave us, but don't tell anyone or the MIBs will come for you.

Arrrrrrrrgh!

KFG

I wonder...

[Alarash]

I wonder what's the story behind all this. Because, surely, he was offered a job or something by some government. You'd have to be stupid to let go somebody who can crack your most secure networks (I suppose here that Pentagon and NASA external networks are the most secure in US, I may be wrong). And if they offered him a job, and he accepted, we wouldn't even have heard about this story. So did he refuse, or something ?

Also, I can hear from here the TV journalist saying : "World's most wanted computer terrori... err, hacker, has been arrested today in London. Authorities estimate that his actions costed up to 1 billion dollars to the country. On another topic, Paris Hilton today announced ....". Audience would just remember the following keywords "terrorist ... arrested ... costed 1 billion dollars", and wouldn't mind if the guy was sentenced to death. Who's gonna check the figures, anyway ?

No way !

[diabolus-ex-machina]

"worlds biggest computer hacker" ?

And did he crack the Gibson ?
Don't think so...

Win Win Situation

[Sicarii]

He cant lose...lock me up for 70 years...and I'll post how I did it on slashfot. Either that,or give me a fucking job. And why your at it..fire the sys admin at the pentagon.

hacking is not a crime

WTF! doesn't everyone know by now that hacking is not a crime! Let's stop confusing hackers with technically-able criminals!

Book Recommendation

[mushupork]

Great book: Cuckoo's Egg, ISBN: 0743411463. New version coming out Sept 2005. First detailed account of gov't hacker back in good ol late 80's/UNIX days.

MOD PARENT UP

[slavemowgli]

If some moderator sees this, please give the parent a +1 Insightful. It's a very good point - there is no need to extradite someone when what they did is already a crime in your own country, especially not when they're a citizen of said country. There unfortunately seems to be a trend to demand extradition to the USA whenever the USA are affected by the crime committed in any way at all (and it's hard to imagine a computer crime where this is not the case), but doing so would set a dangerous precedent.

Re:MOD PARENT UP

[magarity]

Depends on which country's taxpayers should foot the bill for the prison occupation. As a US citizen, please, UK, keep him in your jails. LOL - but seriously, if he's committed crimes against the US that the UK agrees are crimes then isn't it more reasonable that he be jailed on the US's tab?

Re:MOD PARENT UP

[Doc+Grimm]

Except that if it ISN'T a crime where I did the action is it still a crime? IE if I crack a US CD in the UK am I inviolation of the DMCA? What if that CD was in a drive on a PC in the USA? The question comes down to at which computer did the crime take place? The one he used, or the one he broke into? If the argument is the doing what he did at his computer is a crime, then UK should have jurisdiction with all the leagal-ese the comes with it. If, on the other hand, the crime takes place at the site of the infiltrated computer, how do you know what the laws are of a computer your using when you don't know physically where that computer is, and so can't really do anything with it, etc.

Re:MOD PARENT UP

[Rich0]

That is one thing I never understood about the US post-911. Europeans were calling for the US to drop the death penalty before they would extradite suspects.

I can't understand why the US didn't just say "fine, keep them?" It isn't like they'd just let them go loose - the Eurpoeans would suddenly be stuck with the burden of trying and jailing them indefinitely.

World Government UFO cult meme

[surelyserious]

I think this is what he was talking about. http://www.howtorockstar.contagiousmedia.org/

Re:World Government UFO cult meme

[surelyserious]

If he was going to risk hacking secret DoD files, the least he could have done is locate the whereabouts of that wicked hoverboard from Back To The Future II . . . http://www.snopes.com/movies/films/hoverbrd.htm . . . though I heard its on loan to Joe Firmage. (But Prophet Yahweh has dibbs next!)

Incorrectly reported

[Exter-C]

The original articles report that it was only $1Million that was lost. Here is the BBC article.

http://news.bbc.co.uk/1/hi/uk/4071708.stm

1 billion

[apathyonline]

It always upsets me when the FBI comes up with some krazy number like that. How did he cause 1 billion in damages? Did his poking around the system terrify them so much that they spent $1 billion just to find him? Did the sysadmin wet his pants when he saw that the server was compromised, causing him to get therepy for a total of $1 billion? That must have been some expensive shrink! Or did he just scream "Intruder!" at the top of his lungs, beg his boss to scramble the jets and cause everyone to panic? Or are they ticked off because his activities caused them to miss their soap opera? Or, maybe the panicking sysadmin turned the power off in the entire building to thwart the attack (no power - no network) causing $1 billion in ice cream to go bad. That is so rediculous! If they want to charge him for time that he caused him to wasted, at most, it would be a few million, but one billion!

World's biggest hacker?

[4ginandtonics]

Dumb article. They claim "World's biggest hacker", and don't even give his weight.

Enough to put GWB away for life!

Here's the causality violation he was looking for.

World's Biggest Hacker?

[kidMike]

They must mean his weight...

From TFA:

Friends said that he broke into the networks from his home computer to try to prove his theory that the US was covering up the existence of UFOs.

Any self-respecting hacker knows better than to launch attacks from his home computer. Didn't he know that many broadband DNS names almost lead people to your house?
17NorthElmSt.LV.Nevada.USA.cox.net

Additionally, he had friends?? Doesn't ring true...

This dude must be like really really huge to be the World's Biggest Hacker...

Re:biggest hacker

[DonServo]

And how strong is this Mr. Singh?

Doesn't seem like such a big hacker to me

[mogrify]

That's nothing, people do that all the time. There's actually a website you can go to that has an animated schematic of your computer connected to all kinds of different government machines. All you have to do is click on one and then type for a few seconds. If your mission is urgent, you will have to wait for longer, but there's a progress bar so you know when you're getting close. Sometimes you'll get an 'Access Denied' message, which is always red and in very large type. You know you're in when you see either lots of text scrolling by really fast, or another animated schematic representing the government agency's various critical systems. I've never been able to find this website, but I'm sure it exists.

SHhhhhhhh....!

[solomonrex]

Don't tell the insurance companies that the damages are preposterous!

A Darwin Award nomination, say I!

[Dystopian+Rebel]

The guy is smart enough to cobble together scripts and guess passwords so he can get into computers run by US Military Intelligence ("The World's Biggest Oxymoron", by the way)...

And what does he look for? UFO information! Now he's facing 70 years in prison.

Come on, that must be the equivalent of tipping a Coca-Cola machine onto yourself.

Re:A Darwin Award nomination, say I!

[tzuriel]

US Military Intelligence ("The World's Biggest Oxymoron", by the way)...

Right up there with JUMBO shrimp. (Thank you George Carlin)

Re:A Darwin Award nomination, say I!

I thought the world's biggest oxymoron was "Microsoft Works"

Re:A Darwin Award nomination, say I!

[quanticle]

He's not dead or castrated.

To be eligible for a Darwin one must remove oneself from the gene pool.

Re:A Darwin Award nomination, say I!

Well, if the prison sentence is long enough and he doesn't get conjugal visits ...

Re:A Darwin Award nomination, say I!

[DigiShaman]

Being secluded in a jail cell does remove you from the gene pool. You actually think he will actually have the opportunity to procreate? Then again, if he has already fathered children then it becomes a moot point.

Re:A Darwin Award nomination, say I!

[lost_n_confused]

I truly doubt he got into any classified systems. From my 7 years of working in military intell and then 13 years of installing networks for the military I have never worked on a classified system that was connected to the internet. There are red and black networks to keep the traffic separated. You can't even run a CAT 5 red network wire down the same wall as the black network wires. There is never an intermingling of wires let alone traffic. The DOD has its own world wide network to run classified traffic over. This is like a person breaking into a bank lobby and saying it is the same thing as breaking into the vault. lobby != vault. Internet servers != NSA servers not even close not even on a bet.

Re:A Darwin Award nomination, say I!

[quanticle]

Well, he certainly has the possibility of procreation once he gets out of jail.

I think I can guess what he did on that NASA hack

[Too+many+errors,+bai]

:s/inch/cm/

"World's Bigget Hacker"

[GweeDo]

Is this on the cover of the Sun or something? Right next to bat boy... "800lbs hacker hoisted from his parents basement this morning...read more on Page 3".

X-Files, anyone?

Maybe he is a Lone Gunman.

No, I'm New Here

[New+Here]

No, I'm New Here

The REAL "world's biggest hacker"

This guy is a much, much bigger hacker than that guy in England. Criminoly.

Just to set the record straight...

I'm not down with computer security or black hat hacking but this article seems to have a set of arbitrary rules to proclaim the worlds biggest hacker. My question is this to the more knowledgeable /.'ers:

What defines a good black hat and how does one 'train' up to be one?

It's called SIPRNET.

[Ayanami+Rei]

You don't just hack into it... it's not physically connected.

And that's just for marginally clAssified stuff.

It's a good thing he didn't download Eminem songs!

[CyricZ]

It's a good thing he didn't download Eminem songs as well. Then he would have been in deep shit.

It MOST CERTAINLY is not!

[NRAdude]

He stole nothing, he physically broke into nothing, he has seen nothing, he has been caught holding nothing. When crappy everyday news press start labeling everyone a "hacker" I think this world is run by Joseph Goerbles. It takes alot of relative merit to hold a label of any kind. For one, IP addresses belong to the ISP, not the subscriber; the software properly authenticated and was allowed access. I do it all the time at Slashdot: sometimes I auth as Anonymous Coward with the password "frommyparentsbasementIstabtheetaco"; Someone changes it to somthing else everytime it is posted though. Information crimes If it needs to be a secret, don't hold the secrets on a network-accessible computer or you're asking for someone with authentication to publicize the material. When I speak of "proper authentication", I speak on the train of thought that probability can be just as valid as authentication; guess a number and use it. I'm just using plain English, no in-fancy federal-code talk trying to conceal common-sense law in pounds upon pounds of codified indirect procedure used to anyone's bereft. You'ld think people just love eachother for accessing their server, and you're assumed to be not hostile until proven hostile. George Noory's information COASTTOCOASTAM.COM has the same crap, and I don't see anyone making commercial gain other than plastering stupid secret shit on baseball caps and shirts. Oh, that must be sooo detrimental to take secret information and make a fat cult of pudgy geeks that just gossip about trinagles in the sky. I know Slashdot makes many federal-like assumptions to its viewers; thinking we read hardware advertisements and the advertisements within the topic of those advertisements. The day those appointed to serve as "Government" can conceal information is the day the people are ussurped by lies. Look at how many spy and nuclear secret threats were feared by those supposes people appointed as "Government", and its they that have mis-used the technology the most!

Re:It MOST CERTAINLY is not!

[jellomizer]

Well diffence between hacking and breaking and entering are somewhat simular. The only diffence is no physical damage to system, and potentially no logical damage as well. But that is where the difference stops.

If I owned a shop and I closed the door and forgot to lock it and turn on the security system. But put the closed sign up at the end of the day and a guy walked in and robbed me blind. And the next day we found the theif he would still be arrested for stealing or if he read my books he would still be guilty of corprate esponage.

Or say I have a convirtible and I locked the door but left the top open. And he just reached around and unlocked my doors and hotwired my car (Or even if I left the keys in). He stole my car. If cought he would be tried for grand theft auto. Even if he returned the car at the end of the day he will still be arested for steeling my car.

Just because your victim is stupid it doesn't make comitting a crime right.

Re:It MOST CERTAINLY is not!

[cyberchondriac]

Well diffence between hacking and breaking and entering are somewhat simular. ,/i>

Not to pick nits, but really, it's cracking, not hacking.

You have to believe that anyone who says there's nothing illegal about just walking into someone's home has got be trolling.
That's one reason in the US that it's legal to shoot a would-be-robber in your house, but not necessarily in your yard.
If strangers started randomly entering their home regularly, I think they'd be calling the police to do something about it rather quickly.

Re:It MOST CERTAINLY is not!

[RenQuanta]

I hate to reply to such a rambling stream of consciousness that's likely about to be moderated into the cellar (am I feeding a troll, I wonder? ;) BUT...debating whether this is a crime or not is a rather pointless discussion. The fact of the matter is that there are Federal Laws that define criminal activity with regard to computer systems, particularly computer systems owned by the Federal Government.

The primary law to be familiar with in this context is Title 18 of the United States Code, section 1030., which states, in part:

(a) Whoever--

(1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States...

...

(3) intentionally, without authorization to access any nonpublic computer of a department or agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States; ...

shall be punished as provided in subsection (c) of this section.

...

(c) The punishment for an offense under subsection (a) or (b) of this section is--

(1)

(A) a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(1) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and ...

(B) a fine under this title or imprisonment for not more than twenty years, or both, in the case of an offense under subsection (a)(1) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; ...

'nuff said.

Re:It MOST CERTAINLY is not!

[h4rm0ny]

I hate to reply to such a rambling stream of consciousness...

I hate to point out the obvious (well, I hate the need to), but all your quoting of US laws is a little redundant so far as he's currently held in the UK.

Of course he's very worried about extradition to the US, citing examples such as Guantanamo Bay as evidence that he can't trust the US legal system.

Re:It MOST CERTAINLY is not!

[hoai2k]

True, but you wouldn't expect 70 years in Prison for stealing a car. The billions of dollars of damage they're reporting is most certainly unjustified, especially if he has not leaked any secrets.

I find it extremely hypocritical that our government is simultaneously claiming that finding out about what they are doing is a high crime and at the same time reducing privacy rights for citizens.

sorry...

[distantbody]

"I broke into US military computers to hunt for evidence of a UFO cover-up and all i got were these lousy handcuffs ...and a sore behind"

Re:Smart? Yes. A Nut? Perhaps. How about both?

[prisonercx]

Don't be too sad for him, he got his wish. He's about to be far more involved with anal probing.

70 years?

[Sierpinski]

I think its interesting how computer crimes (even ones that technically do no physical damage, like destroying of files/property, etc) can warrant these huge jail times, yet a confessed convicted rapist, child molester, or other misc. violent criminal can sometimes get as few as 5 years in prison.

What does that tell us? We care more about our files than our children. While I don't think that breaking into a computer system just to prove you can is a smart idea (not saying that was the case in this situation, but rather in general), but I would consider a child molestation as a much more heinous crime, that should always warrant a longer sentence.

Re:70 years?

[Detritus]

Part of it is because he targeted the federal government, which means he violated federal laws and will be tried in a federal court. Sentences are usually substantially longer in the federal system.

If you are going to commit a crime, don't do it on federal property or under circumstances that trigger federal jurisdiction. The federal prosecutors and courts have the time and resources to make an example of you.

I have informed the authorities.

[Scrameustache]

If you do $1 Billion worth of damage just to look for UFO conspiracy information, you deserve to be locked up.

By writing this comment, I estimate that you have caused me $170 000 worth of dammage.

Also, judging on the speed of your burner, I estimate that you have 114 CD burners, clearly, you're a menace.

Electronic records of UFOs?

[lawpoop]

Does anyone know what UFO 'incident' he was looking for? Unless it was recent, I wouldn't think that there would be digital records. All the documentaries I've seen for alleged UFO cover ups show paper records. I would think that anything from 1990 back would exist solely on paper.

screw him.

[elnyka]

It doesn't matter if he was looking for UFO's, peanuts, or the meaning of life (which we all know it's 42). And it doesn't matter if the GOV lost $1 billion in damages or if the figure is inflated.

He broke into state property, so fuck him.

Some say that any excuse will serve a tyrant. But I say that a claim of being smart, nutty and eccentric is not a permit to break into private or state property. Your rights as an individual ends when the rights of others and your social and legal obligations begin.

I dont know what an extradition unit is...

but what the Mets really need is a good shortstop.

The damages are accurate:

[no_barcode]

Nobody is considering the necessary step and the costs associated to relocating several very large UFOs, a few little-mouthed-big-eyed alien corpses, and one giant crystal after their exact location was discovered by this evil hacker. I'm sure that the whole project cost the US government well over a billion dollars.

Re:script kiddie technology?

[Johnny+Mozzarella]

or alien technology?

Free Him!

70 years to Bush, not him.

Corrected list

[Yaotzin]

1. Get paranoid about UFOs
2. Hack into the US government
3. Get caught
4. Spend the rest of your life in jail
5. Profit!

That last part

[jd]

Assuming the guy isn't "detained" in Gitmo by the US Government, there's an excellent chance that he'll have book rights sewen up by the end of the trial, possibly a comfy IT security job somewhere, and if enough sordid bits can be fabricated, maybe a movie deal as well.

(Not all of these are necessarily a bad thing - most business' idea of IT security is to not spill too much coffee on the keyboard.)

Hunting for evidence of UFOs is a waste of time. We all know the real reason George Bush wants NASA to get to Mars is so he can go home for a visit.

Bigger problems

[CausticPuppy]

From TFA:

The unemployed former computer engineer is accused of causing the US government $1billion of damage by breaking into its most secure computers at the Pentagon and Nasa.

....

Many of the computers he broke into were protected by easy-to-guess passwords, investigators said.

Just... damn.

Re:Bigger problems

[radarsat1]

Maybe they shouldn't be charging HIM 570,000 pounds, but the people who set up those passwords..

Re:Bigger problems

[ConceptJunkie]

And we all know the biggest crime is proving to the world that someone in the government is stupid and incompetant.

Most secure? On the public interent? Not !

[HighOrbit]

causing the US government $1billion of damage by breaking into its most secure computers at the Pentagon and Nasa.

Um.. no, these obviously were not "secure" systems. Secure military systems (as in classified) are not connected to the InterNet or any external network. The are on a seperate non-public network called SIPRNET (Secret Internet Protocol Router Network). The SIPRNET is an internal network that has absolutely no connectivity to the InterNet. Most likely he broke into some of the military's non-classified business systems which are connected to the InterNet via NIPRNET (which is also an internal network, but connected to the InterNet).

In other news...

[99bottles]

CIA changes critical systems password from: password to: p@ssw0rd

Estimated cost to US taxpayers, $1 billion

Just How Big Is He?

[north.coaster]

I'm having trouble visualizing what the worlds biggest hacker would look like. I mean, what is the criteria? Does he have to be at least Seven Feet Tall and weigh Four Hundred Pounds to even be considered a candidate? The claim simply is not credible without at least a few more details.

Not to be confused with so1o

Not to be confused with a security analyst working for UK-based Matta Security, Chris McNab, who uses the online handle "so1o",

Re:Not to be confused with so1o

He is a fucking lamer too ;)

Are thye serious?

[redjupiter]

from the article: "The unemployed former computer engineer is accused of causing the US government $1billion of damage by breaking into its most secure computers at the Pentagon and Nasa. He is likely to be extradited to America to face eight counts of computer crime in 14 states and could be jailed for 70 years." and HE WAS GRANTED BAIL . Must be very dangerous. from the article: "Most of the alleged hacking took place in 2001 and 2002. At one stage the US thought it was the work of the al Qaeda terror network." they have some serious fucked up security/admins personnel there. "It is alleged that he used software available on the internet to scan tens of thousands of computers on US military networks from his home PC, looking for machines that might be exposed due to flaws in the Windows operating system." OK Now I know the military are using windows. Let me fire up my port scanner and I will be famous. "The charge sheet alleges that he hacked into an army computer at Fort Myer, Virginia, where he obtained codes, information and commands before deleting about 1,300 user accounts." Are you sure the sys admin did not fuck up here. "Other systems he hacked into included the Pentagon's network and US army, navy and air force computers." Jesus Christ ... he could have brought the mighty US down. they are going to try to make an example of him to cover their fukced up security as it happened on previous occasions. What a load of BULL...

Re:Are thye serious?

[Yaotzin]

The poor guy has been turned into a scapegoat by the army's crappy admins.

Photo of Biggest Hacker

[hamlet2600]

Here is a link to a photo of the "biggest" hacker.

He's a Regular To This Site.

http://www.iwasabducted.com/ and thought this guy was a long lost cousin? http://www.iwasabducted.com/aliengallery/custody.h tm

Title should read "World's biggest failed hacker"

[zenst]

The best hackers are never ever caught or even known about. Take expliots, they dont suddenly appear overnight, alot these holes are there from day one. Just become mainstream public when open expliot written. Fair few known about by very select few (who discover them) and those are the true hackers.

An old school hacker would of at the very least beiged the next doors phone line and by laughing his ass of now quietly to his/herself, at the very least.

I've also read much more rampant cases than this one, must be mear inflationary/chaos blow out that is making it seem the biggest. Hell even a street urchin stealing a few hundred quid (in ye olde days) factoring in inflation would have stolen more than any bank robbery, but hey. Let the press have there day's.

Re:Most secure? hardly

for the real stuff it is not just air-gapped it is wall/door/guard gapped. for the good stuff that must be accessable there are dedicated links to windowsless rooms guarded by people with guns. These are connected to other windowless rooms with more guards. And they dont really just allow anyone to go into the room either. anything even remotely electronic is not allowed into/outof the room. (though there is a pile of parts in the corner, where spares comes in, but never come out. ever). For the really really sensitive stuff the computers are not even allowed to be networked.

This guy had access to the mess hall menu and the px shopping list.

--noop

Dear Mr. President: +3, World's Biggest Criminal

Don't worry.
We'll fix the info on Iraq's WMD program.
We'll make billions Fools, all of them.

Yours patriotically,
President-Vice Richard B. Cheney

The BIGGEST hacker?

[merc]

Does that mean he weighed 500 lbs. and had tree trunks for legs?

Re:Smart? Yes. A Nut? Perhaps. How about both?

[vandon]

According to court papers, McKinnon mounted an attack in February 2002 that shut down Internet access to 2,000 military computers in the Washington area for three days. He is accused of scanning networks for vulnerabilities prior to using a software program called RemotelyAnywhere to snoop on network traffic and erase files

The government couldn't come up with anything better than 'he used nmap and found our (non-|default|) password protected remote control applications'

worlds BIGGEST computer hacker?

[justins]

I wouldn't go so far as the call the brother the worlds biggest computer hacker. He's got a weight problem. What the nigger gonna do? He's Samoan.

Imagine the prison jokes...

[aggieben]

"Hey loser! Think there's anything on Uranus? Let's find out..."

Reveal a flaw, get in trouble with the law

[Ridgelift]

FTA: The US authorities said the cost of tracking him down and correcting the alleged problems was more than £570,000.

Okay, what he did was wrong and if he's guilty he should be jailed. But why is correcting problems in the software his fault? People pay good money to find faults in their computer's security. Are security consultants who find flaws in commercial software causing billions in damage?

As for him being "world's biggest computer hacker" that title belongs to Richard Stallman and/or Linus Torvalds. Their hacks are causing hundreds of billions of dollars of lost revenue to commercial software companies.

It's a comedy bit!

[phorest]

Geeze the guy looks just like carrottop. Maybe it's his new bit getting exposure! Everyone knows he's sooo passe'

Billion not billion

[canineK9]

From the Free dictionary: Legend: Synonyms Related Words Antonyms Adj. 1. a billion - denoting a quantity consisting of one million million items or units in Great Britain billion 2. a billion - denoting a quantity consisting of one thousand million items or units in the United States billion And neither is the $1E6 in actual dollars.

You forgot the best bit :

5. Hand over invoice for 1 billion $ to Uncle Sam

Re:Smart? Yes. A Nut? Perhaps. How about both?

[kpansky]

Sorry. But snooping around a house, checking the door, finding it unlocked and entering without homeowner permission is still illegal.

I know Solo and he's one talented individual

For all the script kiddies and newbies who are dissin' him left and right. I know him and kept in touch with him from back in the day...early 1990's and he's a very skilled individual. I don't doubt his skills one bit and there's always more to the story than what's said and some of the bigger things he's accomplished always goes unsaid and in this case is better off unsaid. Don't shoot down what you don't know.

70 Years???

[Shadow_139]

70 Years BBC News reports that it is 7 Years.???

"If he is extradited and found guilty, Mr McKinnon faces a maximum penalty of five years in prison and a £157,000 fine"

Any the "$1billion of damage" is for tracking + fixing the security bugs/hole that shound no of been there at all......

"The US estimates the costs of tracking and correcting the problems he allegedly caused were around $1m (£570,000)."

What next MicroCrap sueing me because WinBlowz blue screens....
And making me pay the money it cost to find & fix the problem...?!!?!?!?!?

Re:70 Years???

[Yaotzin]

What next MicroCrap sueing me because WinBlowz blue screens.... And making me pay the money it cost to find & fix the problem...?!!?!?!?!?

Obviuosly, yes. Without the money they [will] pull in from selling the fixed versions they could not have fixed them in the beginning without going to the grave.

One Beeelion Dollars!!!

[mojoNYC]

while i only stfa, the sum total of monetary damages seems to me to be RIAA-esque... meanwhile, why don't we hear about how much something like this costs?

3.9 Million Citigroup Customers' Data Lost

the corporate mentality never ceases to disillusion me--where's the class action lawsuit?

Re:Most secure? hardly

But the menus were top secret!

Re:Smart? Yes. A Nut? Perhaps. How about both?

[jlerner]

You would think someone smart enough to do that wowuld have better uses for his talent.

One billion dollars

[64nDh1]

The BBC is saying the damages caused were $1 million, not $1 billion. Blame asshat submitter.

I have made this mistake before while working as a journalist on radio. People nearly heard that the recent Bloody Sunday Inquiry cost a huge Ster £16, instead of £16 million. Chief sub wasn't too happy about that one.

Re:One billion dollars

Actually, I would think 1 billion would be right...A government that would pay $57,000 for hammers and toilet seats would surely pay consultants huge rates!

Lame excuse/fake news

[osoroco]

don't you think that such UFO files would be hidden on a network far below from earth's surface and even farther from the internet?
i'm even starting to think that there was -no- hacking and that they're covering up some hard drive failure or lame virus they didn't fix right

good thing he didn't

[willCode4Beer.com]

kill anybody. He might get 20 years for that.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[penix1]

Don't forget the loads of tin foil.....Can't let them control his mind after all.

B.

Product liability?

[stinky+wizzleteats]

It is alleged that he used software available on the internet to scan tens of thousands of computers on US military networks from his home PC, looking for machines that might be exposed due to flaws in the Windows operating system.

So he could get 70 years for being a big scary hacker, but MS gets precisely dick for product liability. Where's Ralph Nader when you need him?

Biggest?

[SoCalEd]

And here I am expecting to find an article about Andre the Giant's evil twin hax0r...

Easier to Hack the Government than:

[I_Strahd]

A piece of styro-foam with an exato knife.

Biggest?

[Spy+der+Mann]

By any chance, was his alias "kingpin"? Now THAT would be BIG. :)

Re:Smart? Yes. A Nut? Perhaps. How about both?

I don't believe that's true, unethical though it might be. Now, if the homeowner tells you to leave, you may be guilty of trespass. But the default is that you're not. Hence the "breaking" part of "breaking and entering", to make something illegal that otherwise wouldn't be.

Posted AC purely because this is off-topic.

World's biggest hacker

[jessemckinney]

Are we talking 300 or 400 pounds? The article did not say.

Ducks...

Seriously, I have worked with some really large hackers. Greasy food and all of that desk time can really put the pounds on.

Tinfoil hat

[erkokite]

If he had been wearing his tinfoil hat, they wouldn't have found him...idiot.

Never?

[Spy+der+Mann]

Look, we know what you're trying to do. You're trying to erase our memory using one of those neura*FLASH*

Huh?

Re:Never?

[mattspammail]

Swamp gas. It was all swamp gas, ladies and gentlemen.

I knew it...

[springMute]

...the password was "gaben".

Dudes a poser. Here's the world's biggest hacker

[mnemotronic]

In Akeley Mn
or here in Del Norte Cty, CA.

Biggest hacker

[Overd0g]

Well how big is he? Over 7 feet tall and 400 lbs? Don't leave us in suspense.

Re:Smart? Yes. A Nut? Perhaps. How about both?

He's a fucking idiot...let's stop puffing up this ilk of human with the "hacker" badge of honor.

Get a fucking job, loser.

Re:Smart? Yes. A Nut? Perhaps. How about both?

Posted AC purely because this is off-topic.

And completely incorrect. IAAL.

I had a picture in my head of a BIG guy

[eaddict]

someone around the size of Shaq. I love headlines like this and keep a small collection of them

High cholesterol?

[rice_burners_suck]

The London Evening Standard is reporting that the "worlds biggest computer hacker" has been arrested in London.

Hmmm... All those doughnuts, M&Ms, oversweetened coffee, potato chips, and cokes he ate while hacking have really taken their toll... There's a lesson in there for you folks: Go outside once in a while and take a walk, or go for a jog, or to the beach, or go hiking, or bike riding... exercise, exercise, exercise. Or else you'll end up like this guy. World's biggest hacker... I hope he checks his cholesterol.

Wrong nom de guerre

[whitehatlurker]

From TFA: "McKinnon, known online as "Solo""

Now, if his handle had been "Luke", he could have just waved his hand and said "this is not the hacker you're looking for".
Ob. 1 Star Wars reference

How could he "hack" if he is 950 thousand pounds, anyway? Sounds like this should be in the Weekly World News.

True

[ninja_assault_kitten]

Apparently he was over 12ft tall, weighing over 500lbs.

The real charges

[david1024]

The charges can be found at: news.findlaw.com/hdocs/docs/cyberlaw/usmck1102vain d. The organisations he broke into are listed and they are all described as "computers were used in interstate and foreign commerce and communication. " It also states that he installed RemotelyAnywhere, and "copied files containing unclassified information to his own computer. " The document was the first hit that I got from google, maybe the media writers must be so overworked that they are not able to do any research !!!!!

Wow that's a lot of damage, wait...

[Dunbal]

is accused of causing the US government $1billion of damage ...while looking for UFO evidence? Actually, the $1billion worth of damage is because while he was there he downloaded one MP3 through government computers, and the RIAA are pressing the gov't to collect...

What the hell is a

"Highgate Wood comprehensive-pupil"?

Maybe he came a little too close to the mark.

[Stopher2475]

The reason they're going after him so hard is because he found out where they're hiding the aliens. The truth is out there!

Wellcome to cynicsville, population: Me.

[Scrameustache]

I think its interesting how computer crimes (even ones that technically do no physical damage, like destroying of files/property, etc) can warrant these huge jail times, yet a confessed convicted rapist, child molester, or other misc. violent criminal can sometimes get as few as 5 years in prison.

What does that tell us? We care more about our files than our children. While I don't think that breaking into a computer system just to prove you can is a smart idea (not saying that was the case in this situation, but rather in general), but I would consider a child molestation as a much more heinous crime, that should always warrant a longer sentence.

Laws aren't there to protect you, they are there to protect the rich.

Some poor looser raping other poor looser's kids is bad for their work productivity, so it is illegal, but acts that could cause the rich to loose riches are much more illegal, because these things really matter to those who make the laws.

Re:Wellcome to cynicsville, population: Me.

[Vitriol+Angst]

I agree. Hackers harm the "protected class" -- so they must be vilified and thrown in prison.

But compare this to the damage of the CEO of Enron and all the people who have lost retirement due to "Kenny Boy".

Though his hacking might not have been for a good reason, I personally think that companies and government agencies should be more on the hook for securing their own data. Banks don't use a little string with a taped sign to say; "don't enter our secure vault". Someone tripping over the line could get a life sentence. Yet, we've had CD copy protection that is broken by holding down a shift key on PCs.

My bank, Wachovia, lost a lot of records and data about personal accounts. What benefit is it to me, that if, by some small chance, they actually grab the hacker that got that data? It's probably already been sold. But relying on penalties leaves me at risk--not Wachovia. Especially since they and Chase and Citibank are gobbling up every other bank. Oh, and those two other megabanks have also lost account data. So where is my "consumer power"? Why don't we make the penalty 300 years and a public spanking? Or maybe, more bad TV shows that show "evil hackers". Something starring Bruce Willis and a hot babe. Then the hero saves the day with armor piercing bullets. Make sure the hacker is shown on the computer shredding 3d Data barriers with logarithm-claws that draw blood.

Anyway, I could go on. People and businesses need to protect themselves where they have the control. Where we don't have the control, like when giving our Social Security Number to a bank-- we'll it seems the onus is still on the citizen. It isn't really off topic if you consider that the SSN acts as both Login and password.

Anyway, I think this guy should have some consequences. But $1Billion in damages is probably 90% stupidity for whoever didn't create a secure backup system. I'd say the most any hacker should get is one year jail, 5 years probation plus 10% damages. If someone hacked a system that effect actual physical safety then they are criminally liable for any harm to PEOPLE. Like shutting down air traffic control. Of course, spammers should actually be given jail time--which also isn't happening because once again, this isn't damaging the "protected class".

People should get long jail times for harming people -- not equipment and profit. People who raid pensions are hurting other people -- so they should be given 20 years to life. Since these white collar criminals plan ahead-- deterrence will work better on this group than say, a 16 year old computer geek. Of course, my priorities are skewed towards the good of the people. And I still imagine a future where a hacker is going to save our bacon by finding out something that the people really need to know. So, for my own selfish interest, I hope that penalties like this will be reduced, because when the media, courts and legislature have grabbed all the power, the last line of defense will be people who can hack, not people who can shoot. It is the information age after all.

Re:Smart? Yes. A Nut? Perhaps. How about both?

Yes it is. But I wonder how much of the $1 billion they spent after his hacking was to pay for security measures that should have been taken prior to his attack.

On another note, thanks to /. admins for using some curly lettering for the confirmation image, I couldn't read it after 3 tries. Redid the post and got a legible font. Next time try it before you use it!

Re:Smart? Yes. A Nut? Perhaps. How about both?

[shawn(at)fsu]

So you saying it's not illegal until your told to leave? So if you find someones front door unlocked and they are on vacation you can stay their until they get back?

How about posted as AC becuase you are completely wrong.

All part of his plan.

[AverageMidget]

He, being "the worlds biggest hacker", didn't get caught. I believe this is referred to as "Social Engineering"; He let himself get caught. Any real hacker knows that the US Government doesn't keep UFO evidence on a computer network, therefor the only true way to find evidence is to "get caught" looking for it and, when the UFO's come to break you out, Poof! evidence. The man truely is the worlds biggest...something

Re:Smart? Yes. A Nut? Perhaps. How about both?

[RailGunner]

No, he got caught because he didn't have his tinfoil hat properly secured, so the CIA was able to track him with black helicopters in silent mode using NASA supercomputers developed to change weather patterns.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[pete6677]

Entering private property when you should have good reason to believe you are not supposed to be there (not sure exactly how the law words this) is trespass, whether you broke in or not. This could be applied to computer systems as well as physical property.

So now...

[ch-chuck]

now every other hacker in the world moves up one notch.

I would think the worlds Biggest Hacker is....

[mrnukem]

Some guy who has not been caught yet...I

If this guy is such a great "hacker" why is he now in custody? Maybe he is not as great as he is made out to be..

"We thought he was Al-Qaeda"

[the-dark-kangaroo]

At one stage the US thought it was the work of the al Qaeda terror network. NEWS JUST IN: President Bush has now been able to reveal the true reasons that he went to war. It was due to misinformation regarding a hack attempt by Al-Qaeda. This turned out to be a bloke in London... We all knew it was dodgy reasoning...

Lovely

[t_allardyce]

It really makes me fucking sick that we have this extradition treaty with America, I bet we wouldn't get the same in return. This guy apparently did $1m worth of 'damage' and is basically more of an embarrassment to the US governments security reputation than anything else. I doubt these 'critical' files or damages will be every fully quantified in court. Its a bit like whistling nuclear codes into a phone - "hes an evil witch/hacker and a menace to the world and must be locked up". now his life is over, totally fucking over. I would certainly top my self if i was in his shows. Mission accomplished guys London feels that extra bit safer today.

I guess at least its a deterrent.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[Agent_9191]

I don't think it's nutty. I'd have to say he has a pretty good excuse. Now if he were claiming to find proof of Area 51 or something, then he'd be a nut...

Don't put Top Sercet stuff on an open network!!!

[Thaidog]

Wow! real smart... from his London apartemnt. America truely is the laziest country in the world. You don't put "critical files" on a network that connects to the rest of the world... that's plain stupid. Get your ass up, go to work and log in to your *closed* network and get the file there. It's the only way to make sure.

I count four mistakes

[Odocoileus]

1) The UFO information is not obtainable through the internet. Neither is the JFK thing, or the fake moon landing information. The Roswell thing was like what, in the 1950's? The info would not likely have been put in a computer then, and certainly would never be made reachable by a network. 2) Deleting files on a gov't computer is like beating a wasp nest with a stick. Just don't do it, if you walk softly they may not even notice you. 3) There are lots of places to jack in from, don't be lazy and do it from your home. 4) "computers(yawn)" !?!? And for all you doubters out there, just remember that it is human nature to abuse power, and secrets are easier to keep than they make you think. Remember, the media is the only source of info, even a first hand account of an event will be lost within 6 degrees of seperation without media attention. Think about it, every news event you know of was either directly read by you, or told to you by a friend who read it, or maybe a friend of a friend, but it never goes much further than that. Oh yes, there do be some dark secrets, I think.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[Dasch]

Sure, that's true! Last year I was standing next to a house, smoking some weed, when I lost my balance, tripped, and fell through a window! I thought I might as well crash there, so I took a nap in the owner's bed.

Nice article w/ a timeline and more specifics...

See ComputerWeekly for an article with a nice timeline and more specifics on where he attacked. Note that he's considered an "average hacker" in this article, which to my reading of the facts seems fair.

This all happened back in 2001/2002 but he fought extradition to the US until this past week apparently.

This military publication states that he didn't get to any classified info.

Wired covers a bit more on how he got caught. They tracked down his copy of RemotelyAnywhere.

"Biggest Hacker" breaking into "most secure" comp?

[Frany]

Hm, am I the only one who thinks it's really hard for a big geek to break into a computer as secure as those in Mission Impossible?

Re:Smart? Yes. A Nut? Perhaps. How about both?

[jacem]

The sad thing that I see all the time is the easier it is to break the security system the harser the penalty.

This guy broke the military network for three days. Shouldn't it have been more secure.

I'm not saying what he did was right. What I'm asking is how much was spent on security before he took his tour. Shouldn't the people (companies whatever) that where responcible for security have some culpability?


JACEM

In other news . . .

[ndansmith]

. . . Halliburton has won a no-bid contract from the Bush administration to fix the "$1 billion" of damages.

Holy cow!

[EvilStein]

$100,000 to patch stuff that NMAP shows?!

Man, I'm in the wrong line of work. Where can I sign up? ;)

Last time I went near a school's IT stuff, it was a bunch of Windows 95 boxes sitting on a token ring network. I ran away screaming. But for $100,000, I'd fix it. ;)

MOD PARENT UP. IN SOVIET RUSSIA, PARENT MOD UP YOU

the quick brown fox jumps over the lazy dog.

sigh...

[Thud457]

If they locked him up in a foil-lined room, he wouldn't be insane anymore, now would he? Come on people, think these things through!

Re:sigh...

[kfg]

Come on people, think these things through!

I can't. The tin foil hat has stopped the voices in my head.

KFG

Lack of malice should mean less jail

[davidwr]

Hopefully they'll let him plea bargain to something under 10 years in jail + probation.

Now, if he was intending to cause serious damage or intending to steal a million dollars worth of computing resources, or was using the computers as part of another serious crime a la blowing up airplanes, then yeah, 70 years is about right. It's the difference between murder and manslaughter - both wind up with a dead victim, but the former says you are a "very bad person" the latter doesn't.

Re:Lack of malice should mean less jail

[Gannoc]

It's the difference between murder and manslaughter - both wind up with a dead victim, but the former says you are a "very bad person" the latter doesn't.

Manslaughter doesn't mean you're a good person, it just means you didn't intend to kill the victim. I might have intended simply to break your arm, but missed.

BBC article

Ther's a BBC article about hime here: http://news.bbc.co.uk/1/hi/uk/4071708.stm. Also, they mention him on PM (BBC Radio 4 5:00).

I would still consider the "bigest military hack of all time" to be the cuckoos egg incident - as much as for Clifford's Stolls investigation as for the actual atttacks. The cuckoo's egg incident involved more people - one of whom died mysteriously in a fire (some claim the FBI killed him ... even though he was in Germany).

world's biggest hacker?

I think the world's biggest hacker is Linus Torvalds.

This guy is just a lowlife system cracker. They aren't the same thing.

Hacker: loves to write code, does so prolifically, and is often very good at solving complex problems, the solutions to which often aren't in any book. Can also often do electronics work. Not a criminal.

Cracker: breaks into systems using known exploits. Talented ones invent their own exploits. Is a criminal.

Don't confuse the two. Being a real hacker requires a lot more knowledge and intelligence.

It's a lot like saying a guy that figures out how to use fertilizer to make a car bomb and blow up a building is an architect.

It's a lot harder to build things than it is to break them. In every case this is true.

l8,
AC

Re:Smart? Yes. A Nut? Perhaps. How about both?

Probably was... why else do it & take SUCH a risk??

Guys like him REALLY probably tick off the "TRUE SCRIPT KIDDIES" - network engineers/administrators. After all, like I always say "They're JUST users with a better password" & without programmers creating what they USE? They're USELESS!

(99% of them - some actually do both ends of the field & those I can respect!)

By way of comparison? They're like ants attacking a mastodon in terms of knowledge here vs. someone of that ilk & background.

Still, back on topic - think about it: Why else take such a risk, unless you KNEW something was wrong or being covered up??

Re:Obligitory Slashdot Discussion - #4 ????

1. Get paranoid about UFOs
2. Hack into the US government
3. Get caught
4. ????
5. Profit!

I don't know about the #3 but #4 might be 'unloading an old warehouse of worthless surplus mylar weather baloons on ebay'

paralleled by the DOE

I have a bit of insight here. I worked, formerly, at a Dept. of Energy National Lab. We've all read about how Los Alamos lost some computer disks (later claiming that they never really existed). However, I happen to know that the security within the DOE system is HIGHLY vulnerable. Here's a link to the Inspector General (oversight committee) site for the Dept. of Energy:

http://www.ig.doe.gov/igreports.htm#cal2005

I didn't look, but I'd bet they exist for each of the departments within the Federal government (DOD, NASA, etc.) I read the IT security report for 2004... to say that things are improving is really scary... because they SUCKED in 2004.

The simple fact of it is that the gov. can't afford to send its people to training to actually learn how to secure their networks. [stark generalization follows] They have an older workforce that could care less about learning about these things with their spare time. Training is the only answer.

Then, they can't afford to pay enough to keep security-qualified people, either. With a rare exception, these security experts are too expensive for the cost-conservative corporations to justify when they are being paid to keep costs down and perform projects based on annual funding.

Finally, with their current 'sub-contractor' based mode of operation, they [the feds] can't really enforce a lot of standards as they would like. These sub-contractors don't care about the data. Their contracts are tied to performance based bonuses, which they earn by succeeding in some measurable project (not IT).

In short, the system is severely broken.

I'm not real familiar with what this guy was doing, but it seems to me that he thought it was a game. They're gonna smack him around so that the rest of the script kiddies out there get the idea that it's NOT a game *much like the RIAA, et al.* did with Peer to Peer networks.

I'm no security expert (heard of port-scanning, but I have better things to do with my time), but

I KNOW that there are vulnerabilities in the DOE system. I was asked to quit because I kept bringing them up. How's that for a supportive work environment?!

[rant]
Let me ask this question... is knocking on a door a crime? What if it's unlocked? What if it swings open? What if you peek in? If no one asks you to stop, (or there are no signs, etc.) is it illegal to walk in? It IS illegal to impersonate an authority figure (cops, etc)... So, I would assume that a SysAdmin is an authority figure? Maybe that's the only law that they should change. But, are you an authority figure, if you have a password? How do we define juridiction? Maybe the other laws (cyber security) were just a knee-jerk reaction to something that they didn't bother to research and understand. One last thing, is it illegal for everyone to go to the bank and ask for their money? Is it illegal for everyone to go to the library? DOS attacks are protests, they should be protected under the 'freedom to assemble.'

And, yes, I am an anonymous coward. I hope this makes things a bit more interesting.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[Freexe]

In England you can claim Squatters Rights if a house is emtpy and you enter it, if however, you break in and then sleep, it is Tresspass.

Re:Smart? Yes. A Nut? Perhaps. How about both?

Hold on a sec.
He was'nt busted in Pentagon, but they got him in UFO DB?
Just WHAT is in that database if it's got better security than pentagon?

Felony st00pid

[Jay+Maynard]

Merciful $DEITY. How much of a crackpot can one person be?

If anyone ever deserved to go to prison for felony st00pid, this guy does (assuming, of course, that he's actually guilty).

The Worlds Biggest Hacker doesn't exist.

[SB5]

The world's biggest hacker will be the one that brings the entire internet to its knees in a couple of hours, the entire internet will be dead. That will be the world's biggest hacker.

Of course the internet will start to come back online after everyone is done patching and reinstalling.

In all fairness

I remember having some tangential contact with the guy. One of those stranger out-of-the-blue "I'd really like to help out with your (perfectly legal, coding) project, but you should know that I'm in a little bit of trouble" sorts of thing.

Thankfully, our forums crashed since then, so I can't even remember clearly what he said; but it was along the lines of it being overblown, and as any look into what he actually did shows, this guy is not the hacking mastermind you're looking for.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[Lemmy+Caution]

Yep. It's still illegal. But while it's illegal for a burglar to enter your unlocked house, you're no less of an idiot for leaving it unlocked. And exaggerating the scope of the break-in ("he diabolically circumvented the integrity of the house by adjusting the rotational position of the entry affordance!") has as more to do with CYA (in the case of the homeowner, perhaps to collect insurance) than it has to do with the guilt of the burglar.

World's biggest hacker

[utnow]

weighs in at an amazing 4000 lbs.

The suspect was found with an incriminating box of Jr Mints and a case of mountain dew.

Scapegoat

[g0bshiTe]

I RTFA, and it seems to me that this guy is getting the blame for more than what he has done.
It is unusual for my government to make themselves look this stupid, though they do it everyday. I think they are trying to pin more on this guy. I could be wrong, I don't know all the details. The article did keep mentioning that he did all this from his home computer. Wow, if he scanned tens of thousands of US Military computers from his home network seems to me , he would have been found much sooner than it took them. Of course, he could have bounced, or spoofed but still I thought the US government had tighter security than this. Whether or not he is guitly should not be an issue here. If he was able to do all he has done, for as long as he has done it, I say give him a job securing those networks, seems like they need it.

World's Biggest Hacker Held

[rs232]

One sometimes wonder at the level of intelligence in the intelligence community. See here where they have blacked out sensitive information by the time honoured method of setting the foreground and background to black. Not realising that the data is *still* embedded in the document. The only people who should be jailed here are the idiot systems operators who allowed it to happened in the first place.

As for the alleged hack it was done by something called RemotelyAnywhere. So much for the biggest military hacker of all time.

http://doj.topcities.com/

George W. Bush

[VeganBob]

"... it would only take about 6,000 people to cause enough damage to double the national debt!"

Nah, only one needed.

Original indictment...

[thrill12]

here.

US citizens be cautioned: the use of copy and paste to 'read between the lines' in this document could get you in Cuba (or some other place).

fix the "hole"

IIRC, the code of Hammarubi included something about using the burgler's body to patch the hole that he used to get into your mud-daub house...

you could try using that as a legal precident... :-)

Can a light-switch be broken or recalibrated?

[NRAdude]

Well diffence between hacking and breaking and entering are somewhat simular. The only diffence is no physical damage to system, and potentially no logical damage as well. But that is where the difference stops.

Yep, no physical damage is the problem; so many defaced websites can be restored by so-many documents about fluffy bunnies. If you intend intellectual property law to be applicable in citing for remedy, then freedom is lost. I suggest burning your webpage on a CDROM or protected by a hardware read-only mechanism. As this post's subject begins, can a switch (1 or 0) be broken? I'ld be entertained to see people suing eachother for causing bad-sectors on their block devices.

If I owned a shop and I closed the door and forgot to lock it and turn on the security system. But put the closed sign up at the end of the day and a guy walked in and robbed me blind. And the next day we found the theif he would still be arrested for stealing or if he read my books he would still be guilty of corprate esponage.

Affirmativ captain; you removed the ships sale, closed the LARBOARD (port of entry), silenced and battoned the STARBOARD (doused the lights on display), you set a flag for C-L-O-S-D and flew the YANKEE (dragging anchor), and you are confused what to do when a tresspasser walks in the front door? Captain, I want not mutiny to enter your cabin; dispense some godly canons already; be it canonical law, or a firearm; remedy the situation, man! Admiralty law is just as applicable on soil as it is on sea. How do you suppose that imposter "United States", a Title 28 Section 3002 15b "federal corporation" from the District of Columbia, uses salvage rights to steal your private property or dictate limited use and conditions to your property?

Or say I have a convirtible and I locked the door but left the top open. And he just reached around and unlocked my doors and hotwired my car (Or even if I left the keys in). He stole my car. If cought he would be tried for grand theft auto. Even if he returned the car at the end of the day he will still be arested for steeling my car.

Is your car private property or has it been deeded for commercial use by hired hands? When someone steels my car, I send them a Bill demanding silver for compensation because as I say to the DMV I also say to police and related tresspassers that it is NOT-FOR-SALE or to be used commercially. Just to build some scope in your imagination of my character, I have no keylocks or ignition key on my car; it's just as old world common sense, you just press a button and the engine turns. The same can be intended of a bicycle, a moped, etc. If someone takes your server, send them a bill. If they don't pay, send a court order for compensation. These days, someone is always assuming your property is for sale; just play along, give them a bill; squeeze some lawful money out of their presumption that you have a business license and have dedicated that property in dispute for retail.

Just because your victim is stupid it doesn't make comitting a crime right.

There are no victims in commerce, only debtors. :D You need to remind your persecutors that they don't have to be caught stealing if they've merelly forgotten to pay for the property they needed to use. You are a great poster, BTW; there is much love in you.

After Colin Powells....

[AIXadmin]

He was after Colin Powells sidekick...

No. Society drives language

And society has taken hacker to mean someone who breaks into system. Deal with it and find a new word.

Language evolves. Many words now mean something different from their original intents.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[h4rm0ny]

And on a related note, what accounts for the $1billion damages? I'd wager a large part of that is plugging security holes that should not have been there in the first place. Although it's stated in the article that fixing the problem and tracking him down cost £570,000 pounds.

In fact, reading the article, I can find no reference to $1 billion. It's estimated that he may be fined £900,000 (that figure makes so much sense), but if that equates to $1 billion at the current exchange rate then I think I better get over there and buy a town. Editors not reading the story?

Biggest Hacker?

you mean him?

Smarter: Avoid Computers Altogether

[barryfandango]

A smarter person would gather information by physically breaking into government sites rather than using the internet. If you're caught trespassing in the pentagon you're going to jail, but you won't get seventy years. With the way the government inflates the punishment for computer related offenses, they make the physical crime more attractive than the virtual.

And remember:

[idonthack]

We have always been at war with Eastasia.

Re:And remember:

[koreaman]

sorry I don't have mod points, or you'd get one.

Re:And remember:

[Dix_sw]

that torpedo did not self-destruct. You heard it hit the hull, and I... was never here.

Re:And remember:

Funny, I thought we have always been at war with Eurasia.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[hesiod]

> But the default is that you're not.

OOh, ooh, I know! You're Canadian! I've heard it's legal in Canada, but the U.S. is another story altogether.

UFO evidence found

[ehiris]

There was no evidence of a ship but there was evidence of an alien

So what you're saying is...

In addition to being very smart, he is also very stupid. ;-)

Who caused the damage??

It is alleged that he used software available on the internet to scan tens of thousands of computers on US military networks from his home PC, looking for machines that might be exposed due to flaws in the Windows operating system. May be the blame should be on Microsoft for providing such an insecure software! Oh well..

World's biggest? Hardly

[allanc]

I was just looking at his picture, an I'm *way* fatter than he is.

What? Oh. Nevermind.

Mod parent DISTURBING

[wembley]

I really don't want to know why you had that photo so readily available.

Loving arms

[lullabud]

The headline "world's biggest hacker held" is too positively connoted. It makes me think that some fat smart guy is getting some lovin'.

a 39 year old script kiddie?

Using software downloaded off the internet, McKinnon allegedly hacked his way into almost 100 networks operated by NASA, the US Army, US Navy, Department of Defence and the US Air Force, with the US government estimating that his antics have cost around one million dollars (£570,000, 790,000) to track down and fix.

... Members of a closely knit group of elite hackers are also suspect. Investigation shows that they may have been in contact by the internet chatroom efnet#hax0rs.

Unfortunately, members of the group are under 12 years old and living in Russia, so cannot be prosecuted, per se.

Run to Sealand

[wembley]

What's Sealand's extradition policy?

Re:Run to Sealand

[magarity]

Does it really matter? Sealand is a guy and his wife and son on two concrete pylons. Tell me their sovereignty is due to anything other than because no one cares enough as long as they don't do anything stupid like harbor fugitives.

Re:Run to Sealand

If I was on the run I'd go to north Cyprus (Turkish controlled part). No government on the planet recognizes it (besides Turkey) or has an extradition agreement with it. Go there and you'll be surprised at the huge expat community... many of them Western fraudsters, muderers, and rapists.

Only problem in this guy's case is it's the US gov after him. If they want him bad enough they'll snatch him off the street or let a bounty hunter bring him in. I doubt he'll get more than a couple of years so it's not worth him spending the rest of his life hiding in Asia and teaching English for food. But if he looks at a plea agreement and sees double-digits...... run! Run forest, run!

Re:Smart? Yes. A Nut? Perhaps. How about both?

[menkhaura]

And on a related note, what accounts for the $1billion damages?

I've just read Bruce Sterling's "Hacker Crackdown", in which there is a similar claim by a large corporation (AT&T) of a document being worth almost $80k, while a very similar document was sold for 13 bucks by the same company to anyone who asked for it.

The interesting part was how they arrived to the 80k figure for a 12 page doc. In it they computed, among other things, two weeks of a typist and an observer...

I have news for you, Slashdotted brother.

[NRAdude]

That "Federal code" you are quoting is describing the behaviour of an operating system. For all your wants and needs, quote somthing that dictates the behavior of software as much as you want. You have yet to discern the intent of my post; hackers or whatever you want to call them, they ARE authenticating! Just the conclusion of that previous sentence unremarkably sets your post to silense. Who can you believe to give true testimony on who authenticated correctly with a server, some half-baked "Adminstrator" or a server log? The code you cite is an unjustified paradigm shift. Let's talk about software affirming honest and truthful authorization, people notwithstanding unless they break into a room and physically Hack-hack-hack the computer to peices like a Hun or Goth or ...or...a troll.

Good!

[Cervantes]

The little bastard deserves everything he gets. No defense coming from me here.

It's bastards like this that screw things up for grey-hats everywhere. Ok, you were curious, you wanted information, and the information wanted to be free... good enough. But you don't go deleting files and user accounts! How fraggin dumb can you be? "Hmm, I just hacked NASA and no-one knows.... I think I'll fuck things up!".

If he'd just gone looking for the information and gotten busted, I would have had sympathy for him. But he just went to wreck shit up. "Looking for UFOs" is just AOL-Speak for "Shit, I got caught being a dick and I need an excuse, quick!"

no more tinfoil!

[Spez]

Finally!

Since the only hacker god has been captured, I can remove the tinfoil around my computer. I can now live free!!!

By chance there is only 1 hacker in the Internet!.... Right?

Conspiracy Nut

[adius]

I urge anyone that considers this hacker a conspiracy nut to Google for "MK Ultra" and then tell me whether government conspiracies are for loonies.

Put this guy on a diet

[LemonFire]

If this guy is the worlds biggest hacker, then the solution is easy:

Just put him on a diet

-- SIG along with me. "Nothing to see here..."

Re:Put this guy on a diet

> If this guy is the worlds biggest hacker, then the solution is easy:

> Just put him on a diet

Preferably The Hacker's Diet! :)

Re:Smart? Yes. A Nut? Perhaps. How about both?

[egypt_jimbob]

From http://news.findlaw.com/hdocs/docs/cyberlaw/usmck1 102vaind.pdf(pdf)

The defendant then obtained administrator privileges and transmitted codes, information and commands that: (1) deleted approximately 1300 user accounts; (2) installed RemotelyAnywhere; (3) deleted critical system files necessary for the operation of the computer; (4) copied a file containing usernames and encrypted passwords for the computer; and (5) installed tools used for obtaining unauthorized access to computers.

This guy is not all that smart. The first thing a real hacker does is attempt to hide her presence, not broadcast it by deleting crap. He's a script kiddie that got lucky.

LQQKs like ...

He is a rather good-looking fellow too. Too bad a bit nuts... UFO is never my cup of cake.

You'd be dead in my state

[peter303]

Now, if the homeowner tells you to leave, you may be guilty of trespass. But the default is that you're not.

My state has a "Make my day" law where you probably would not be prosecuted executing a trespasser if there is any fear of bodilty harm. It was successfully used when one neighbor tried to forceably enter the home of another over a dog dispute.

World's biggest hacker? Pah!

[JonToycrafter]

If he's the world's biggest hacker, how come he isn't famous...oh. OH. OK, nevermind.

bigest hacker?

[brizok]

you have to be kidding me...apparently this guy is port scanning the government from his HOUSE. My little sister wouldnt even do that.

Send HIm To Gitmo

. . . and flush his copy of Neuromancer down the john.

Re:Smart? Yes. A Nut? Perhaps. How about both?

roflmao

Brit men brag about seven centimenters

Yanks say they are six inches, so the Brits up them one more, but forget about the conversion factor.

And my reply, if I were an editor would be

[Sycraft-fu]

Dear Person,

As it turns out, that is not correct. According to the Merriam-Webster Unabridged Dictionary, the American Heritage Dictionary, and the Oxford English Dictionary the word hacker has two meaning in relating to computers. One of them is a person who is an expert with computer and/or someone who peruses computer knowledge for its own sake, the other is a person who uses their skill with computers to gain unauthorized access to systems.

This is not an uncommon situation in English, for a word to have two related connotations, one positive and one negative: For example the word exploit. When used as a verb it can be used to mean a full positive use of something, such as to exploit one's talents means to make full use of your talents in a good way to achieve a goal. It can also be used in a negative way, such as to exploit illegal immigrant financial gain means to take unfair advantage of someone's position to your own selfish benefit. Both uses are not only accepted, but common. It is the context that dictates the meaning of the word.

The same is true with the word hacker. Your special interest sites like Slashdot do not set the stage for the English language, nor are they the authority on its correct usage. Thus in our article using hacker to describe someone who uses computer skill to gain illegal entry to systems is in every way as correct and accurate and a skilled programmer calling themselves a hacker. Thus we will not be issuing a correction, as there is nothing to correct.

In the future if you believe a word is being used incorrectly, I suggest you make a quick check with a dictionary to ensure that you are not confused. There are several online websites including www.dictionary.com, www.oed.com, and www.webster.com that will allow you to look up the definitions of words with ease.

Sincerely,

Editor-in-Chief person.

Re:And my reply, if I were an editor would be

[guitaristx]

Good thing you're not an editor. First, www.dictionary.com shows that the malicious definition of 'hacker' is deprecated. Next, www.webster.com shows both meanings, as you say, but (as with most lexicons) the more common or more proper definitions are listed first. Notice that the malicious definition is listed last. Furthermore, in the context of the offending article, the term 'hacker' is jargon, and is therefore subject to definition by the particular field to which the jargon term belongs: computer technology. Therefore, Webster, OED, and any other general-knowledge dictionaries' definitions of said term are superseded by the generally-understood meaning within the field of computer technology.

A respectful computer expert (that is, a computer expert that respects the skills, opinions, and decisions of other computer experts) would understand the distinction between the usual news article's use of the term 'hacker' and the more correct term as I have described it. However, the average lay-person will not understand the distinction, and will be left with a negative connotation whenever encountering the word 'hacker'. Therefore, as a hacker (in the non-malicious sense), it is my duty to defend myself, and others like me, by communicating to insensitive publications the inherent offensiveness of careless use of the term 'hacker'. If a publication receives a request like mine (see GP), and chooses to respond to it as you have, it is an indication of the publication's insensitivity and intentional alienation of a significant non-malicious worldwide subculture. Therefore, if I do receive a response from either of the publications I've contacted today, and it's similar to yours, I will do whatever is in my power to spread the word about their discriminatory practices. Not that I want to do that - I hope that my letters will incite changes in the treatment of the term 'hacker'. In any case, I'm doing my part to ensure that 'hacker' loses its negative connotation, since the correct definition of it describes me, and others like me, much better than 'computer expert', 'computer enthusiast', 'geek', 'nerd', 'programmer' (et. al.). If ethnic groups can be defensive about what they wish to be called, then subcultures should have the same right.

Re:And my reply, if I were an editor would be

[halber_mensch]

You're fighting fire with gasoline my friend. Grandparent has void* p_clue but obviously hasn't yet done a #include "clue.h" and therefore will not be able to read((clue_t)(*p_clue)). Your only hope is to signal(SIGKILL) and move on.

Re:And my reply, if I were an editor would be

[halber_mensch]

The same is true with the word hacker. Your special interest sites like Slashdot do not set the stage for the English language, nor are they the authority on its correct usage. Thus in our article using hacker to describe someone who uses computer skill to gain illegal entry to systems is in every way as correct and accurate and a skilled programmer calling themselves a hacker.

You're deliberately missing the point though. There is another term that more accurately describes this - a 'cracker'. A cracker is nothing more or less than exactly a person that uses computer skill to gain illegal entry to systems. The only reason hacker has the double definition is to correct for the mistakes made by writers and journalists many years ago that coined the phrase wrong - much like how Murphy's Law has been mangled enough to prove itself true. So many people have coined Murphy's Law in all of the wrong ways that you often see it as "Anything that can go wrong, will"; but that it is incorrect. And no abundance of agreement on the incorrect form will change the fact that it is incorrect.

Re:And my reply, if I were an editor would be

[guitaristx]

See here for a transcript of my endeavors with MSNBC.com.

The UK should *not* extradite anyone to the US...

[johansalk]

The extradition agreement signed between the US's Ashcroft and the UK's Blunkett over terror is seriously flawed; it doesn't require the the Americans to provide *any* evidence, but demands so from the Brits, and American authorities have proved too willing to misuse it, far beyond "terror". Furthermore, the treaty removes key protections, and the UK parliament was *not* consulted at all http://tinyurl.com/4yph4. For all I've seen, it's all been one-sided so far, with Brits extradited for various reasons, even to a Brit CEO demanded by the Americans for "price-fixing"(!!) http://tinyurl.com/7tdkv. The UK should *not* extradite any Brits to the US, at all!!! This American Gitmo administration is not fit for any role of justice!

Re:Smart? Yes. A Nut? Perhaps. How about both?

[Winkhorst]

I am perpetually amazed at how closed minded the folks who post here are. Seems to have something to do with a "not invented here" mindset. Not until *we* invent something does it become believable to these folks. And this extends into the dimension of time as well. The very idea that someone on Earth could have invented something that we have just discovered thousands of years ago is in some ways even less acceptable to them than its invention on another planet.

Having said that, I am also continually amazed that anyone would think that the US military would have the answer to something this complex and unusual when these same geniuses managed to allow the Pakistani government to snooker them out of O. bin Laden.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[Xiaran]

Exactly. If some nutter from Wood Green(What is it with Wood Green... Its just up the road from where I live... the terrorist guys who were making ricin there) can bring down the US miltary computer network for a period of *days* then somethign is wrong.

This guy should score a 6 in Funny

There should be an extra score so that REALLY funny stuff can be modded up one extra...

Not a volume that goes to eleven type situation though...

windows sucks

"looking for machines that might be exposed due to flaws in the Windows operating system"

How's this for TCO:
"causing the US government $1billion of damage"

It is so pathetic that the military runs this crap software. Although I doubt America's "most secure computers" are running windows!

ps - I am not a farking script!!!!!!!!!

Re:It's a good thing he didn't download Eminem son

[mrjb]

Well, word goes the problem wasn't that he downloaded them. Problem is he *uploaded* some of them.

Broke into Fort Myer? Why bother?

[Animats]

Fort Myer, at Arlington National Cemetery, is primarily a ceremonial post. "The Army's Showcase in the National Capitol Region". They provide support for military funerals, housing for some Pentagon staff, and military museum space. They house the Army Band and the Army's remaining horse unit. This isn't a mission-critical organization.

Only someone clueless would break into Fort Myer.

Guess the FBI doesn't like searching for UFOs

[WillAffleckUW]

unless you're Skully or Mulder.

Whatever ... meanwhile our borders are at 1/3 manpower ...

Re:Smart? Yes. A Nut? Perhaps. How about both?

[hesiod]

> Why else take such a risk, unless you KNEW something was wrong or being covered up??

You're a fucking nutjob; that's 'why else.' I guess that could fall under "knew," as in "I just know the aliens REALLY are building landing strips for gay martians..."

I love being limited to posting one comment per hour... What happened to testing something before releasing it? Blame Microsoft!

Slashdot requires you to wait 2 minutes between each successful posting of a comment to allow everyone a fair chance at posting a comment.
It's been 59 minutes since you last successfully posted a comment

"Mentally off?"

[LesPaul75]

Yes, it's an odd case, but why does the guy have to be "mentally off" just because he supsects that the government is covering up UFO evidence? He may be "mentally off" for thinking that he wouldn't get caught, but belief in UFOs hardly qualifies as a mental disease. How many regular viewers did the X-Files have? And they certainly weren't watching because of the stellar acting. Yeah, I know it's just a silly, fictional TV series, but I'm just pointing out that lots of people at least entertain the idea that UFOs exist.

UK...heck no...how about the PRoT...

[HalfOfOne]

You can extradite him to the People's Republic of Texas, where they have a rich history of creative and fun punishments such as Stumping.

That's where they cut down a tree, soak the stump in gasoline, affix a certain irreplaceable part of you to the stump, then light a match and hand you a knife. It's usually reserved for men who can't seem to take No for an answer when it comes to women, but that's kinda like hacking, right?

Moral of the story...

The next time your IT department asks how to save money, suggest that the government was saving billions by not securing their networks, and now consider it a loss of money when prosecuting a hacker.

Re:Smart? Yes. A Nut? Perhaps. How about both?

the US government says it was $900,000 dollars in damage.

http://www.cybercrime.gov/mckinnonIndict.htm

Kimble?

This guy must be HUGE to be bigger then Kimble, hell, Kimble's easily around the 300LB mark.

Misleading Article Title

[Firehead]

I was thinking the story would be about FBI agents removing a wall and using a crane to lift a 700lb (317.5kg) hacker from a room he hadn't left in 5 years.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[kfg]

You seem to have missed that I consider it obvious that the universe is teeming with life, some of which is no doubt intelligent; and that I am the founder of the "They Weren't Idiots" school of paleoanthropology.

My comments were directed strictly at the idea of a government coverup of interplanetary beings visiting us.

These people can't keep their own weenies covered up, little alone little green men and the idea that there are other intelligent beings in the universe is an entirely seperate one from whether they're flying around New Hampshire.

KFG

Re:Smart? Yes. Israeli funding

[Azzhole]

Not true. He found out about the secret weapons and unpublished funds we give Israel. Shame the goyim !

So did he find evidence of UFO cover-ups?

[jzarling]

Just wondering.

Obligitory "Real Genius" quote:

[GogglesPisano]

Professor Hathaway: I want to see more of you around the lab.

Chris: Fine. I'll gain weight.

Now the hacker suffers ..

[theLankan]

I bet if they hired an outside firm to track this guy, the "cost" of finding him would have been much much lower. Government spending is usually profligate and never frugal, and it's this hacker who's going to have to pay the consequences of this inflated figure.

Re:Now the hacker suffers ..

the US government says $900,000 in damage public and private.

http://www.cybercrime.gov/mckinnonIndict.htm

Re:Most secure? On the public interent? Not !

[jimp79]

Technically not true. In most places the SIPRNET runs over the same infrastructure (wires, switches, etc) that the unclassified traffic runs over. The SIPRNET traffic is just encrypted using TACLANEs, so it is essentially a classified VPN as opposed to a physically separate network. It would be theoretically possible to hack into the SIPRNET from the Internet by compromising a TACLANE.

Useful unit for measuring "hackness"

[l0b0]

We need a more accurate measure than $s and £s: Libraries of congress per average decay time of a proton in vacuum.

Lack of facts

[SEWilco]

"World's Biggest Hacker Held"

I see no mention in the article of his weight.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[GWTPict]

What ricin?

http://www.globalsecurity.org/org/nsn/nsn-050411.h tm

Search the site for 'ricin', it's interesting.....

Heise.de has different numbers

[spitshine]

Strange, the usually well informed German IT news site www.heise.de has very different numbers.

They talk about 5 years in jail and a 250.000$ fine.
Sounds more reasonable (but too little for the Biggest Hacker, eh?)

World's Biggest Computer Hacker?

[SilverJets]

Really?

So, either he hacked the world's biggest computer or
he weighs 900 pounds.

Which is it?

Personally I am hoping the its the latter one...it would be pretty funny to see him mashing the keyboard with his hand because his fingers are too fat for the keys. Of course he could order a "dialing stick" (ala Simpsons) to type with. ;-)

Re:Smart? Yes. A Nut? Perhaps. How about both?

the idea that there are other intelligent beings in the universe is an entirely seperate one from whether they're flying around New Hampshire

Amen to that... One of the things that has always bothered me about the UFO nuts is that assuming an alien race exists with the technology to cross untold light years to get here... the question becomes, why the hell would they come here? We'd be nothing more than slightly advanced apes in comparison... hardly worth the trip. Oh, and you've really gotta love the crop circle nuts. Alien race can travel faster than light but uses fields of wheat to communicate with us... Oh yes, that makes perfect sense. Heh... sorry about the rant there.

I also love your They Weren't Idiots idea... always irks me when someone says the pyramids were built by ETs. Though I do tend to believe the evidence that the Sphynx may very well be older than the pyramids, I don't buy into the "If we can't do it in 2005AD, it had to be done by ET" bullshit.

Unbalanced legal system

It was recently reported that Mark Hacking, who shot his wife in the head while she slept and dumped her body into a garbage bin, will receive 6 years for his crime.

McKinnon, on the other hand, who committed a nonviolent crime, could be jailed for 70 years. That's more than 10 times a murderer's sentence.

Apparently it's not such a big deal if you kill one of the common peasants, but they'll come down on you like a ton of bricks if you vandalize something belonging to the most high and holy government.

Jail Him ???

[camsbad]

Not that this guy doesn't deserve to be punished, but shouldn't we be looking into ways to harness his knowledge and make those systems he hacked more secure. Just doesn't make alot of sense to put a computer hacker in jail for 70 years and waste all that good(or bad) talent. I'm sure there are Government agencies that could benefit from his Consulting Services. He can make "Restitution" by advising those who were hacked ...

Just my 2 cents

The Met arrested him?

[Blaede]

Just to clarify, is this the Major League Baseball team, or the Metropolitan Museum of Art that is now apparently involved in helping police the world?

Re:This is the government

[symbolic]

Wouldn't it be better if they just wiped everything and started from scratch?

...probing?

I don't know what he learned about aliens on those networks, but he'll certainly get an education on probing in prison.

Re:Smart Yes. A Nut Perhaps. How about your mother

[hesiod]

> if he were claiming to find proof of Area 51 or something, then he'd be a nut...

Yeah, very nutty. Especially since we already know it's there! If he found proof of aliens at Area 51, that would be an altogether different story. ;)

He'll get five years

[HangingChad]

At Camp Cupcake and pull down seven figures consulting for the military afterwards.

And the military will pay him millions, then ignore his advice.

Re:It's a good thing he didn't download Eminem son

[trex005]

Agreed whole heartedly... the US gov't is nothing compaired to the evil he could face from the RIAA

Re:Smart? Yes. A Nut? Perhaps. How about both?

[ohzero]

Costs for remediation of compromised systems usually comprise the overall "this hacker caused this much damage" number. Given that the systems he was breaking into were those of organizations who purchase $500.00 toilet seats, i'm not at all surprised by the $1B number. These numbers are almost always used to increase the charges against the accused.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[Master+of+Transhuman]

They did more than that - they counted the entire cost of the Wang word processor used to produce the document!

2 cents from the conspiracy SIG.

[Digital_Mercenary]

I just heard an NPR radio report on this hacker. The US Gov't claims he's responsible for deleting a huge number of files. That doesn't really sound like a hacker to me. If you had access into Army, Navy, Airforce and a bunch of other US Gov't agency computers, why would you draw attention to yourself by deleting files? On the other hand I guess the Gov't can now claim all files related to the Kennedy Assasination are missing.
--
"They said it was a weather Balloon" -Soul Coughing

It is simply not true

THis statement "..breaking into its most secure computers at the Pentagon and Nasa. .." shows complete ignorance by the writter. I know absolutly that "most secure computers" are simply not connectd either directly or indirectly to the Internet. Heck they don't even connect the A/C power grounds directly to the building ground system least RFI leak out via some cold water pipe. If the machine is connected in any way to the Internet it holds at worst "sensitive" information not "clasiffied" information

Whoooosh

[woah]

That was the sound of the joke blah blah blah.................... you know the rest.

Seriously, the guy is all over the news here in the UK. And he actually looks quite skinny.

Re:MOD PARENT UP...

[darkPHi3er]

" Except that if it ISN'T a crime where I did the action is it still a crime?

YES, it is still a crime -- IF your country is a member of the World Trade Organization (WTO), International Criminal Court (ICC), General Agreement on Tariffs and Trade (GATT), North American Free Trade Agreement (NAFTA), the World Court, the International Monetary Fund (IMF) and DOZENS AND DOZENS OF OTHERS, including the European Currency Agreement (EURO) and the proposed European Constitution and a member state of the United Nations.... ...your country and its citizens get to pretty much unilaterally accept the laws of your fellow member nations when it comes to this type of "crime" (quotes NOT because i doubt its a crime, but because its not really clear "where" and EXACTLY "what" the PRECISE criminal elements of this activity are atomically composed of)

The legal institutions (civil, criminal, enforcement and academic) of ALL the various G8 nations have barely caught up with the 100+ year old industrial revolution and the telecommunications revolution of the 1960's and 1970's.

These legal institutions are WAAAY behind in the "cyber" realm and the PC Revolution, let alone the newly emerging areas of 21st century intellectual property.

So, the guiding laws and legal practices are those designed to protect and prosecute 18th and 19th crimes. Therefore, you may not be breaking into a computer or system covered by the laws of your national entity, but if they are signatory to the above AND if the target national entity wants to pursue prosecution....

BINGO! you have just won a complete abdication of the laws of your nation, and "Welcome to XXXXX Correctional Facility! Where you will be opened to BIG NEW fascinating experiments and experiences in hair braiding, toilet cleaning and, AHEM, the broadening of your sexual experiences and horizons! Think of Club Med and just add the horrors of personal degredation and hair-trigger lethal violence."

Global 2000/National 500 Corporations, G8 bureaucrats and others with either large money AND/OR large clout have been loading up every international agreement of the last twenty years (to be charitable) with the export of laws and statutes favorable to their own secular partisan interests.

So, you can be sure that developing nations will be seeing a HUGE LOAD of things like the DMCA, EU Green Laws, et al stuffed down their throats (cause we all really care how many Kazaa DLs of Eminem there are in Upper Volta?).

I'm only being SLIGHTLY facetious in saying that if you were to read ALL these global agreements since the Bretton Woods Agreement (1944) you'd get the feeling that the principle purpose of international treaties was to guarantee that Mickey Mouse, French wine, British beef and German cars be protected from any international competition.

OH, it gets worse before it gets better. Atlanta Arcology anyone?

Peace, Out

Re:Smart? Yes. A Nut? Perhaps. How about both?

In Texas the moment you set foot on someone elses property without permission you are trespassing. However, most people around here are nice enough to let you walk across their front lawn without shooting.

Worlds Biggest Hacker

Is it just me or did anyone else picture a very fat hacker getting arrested?

Re:Worlds Biggest Hacker

[chawly]

You are not alone. In my picture the hacker was both very fat and very tall.

Pentagon Papers

The USSC ruled that the press couldn't be held responsible for printing the government's secure documents after the government leaked it. The government put massive ammounts of classified data onto a computer and plugged it into the net, and wants to convict this guy for looking at the information?

And don't get me started on the idea of wtf the government is doing holding information from us that WE PAY FOR. God forbid the people should be trusted with their own information and safety.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[SlowMovingTarget]

The monetary damages were listed in pounds, and at the moment one US Dollar is worth slightly more than half a British Pound ($1 = £0.51 rounded).

The guy is a national hero

Though perhaps other than looking for UFOs he could have dug out some more hard evidence about prisoner abuse at Camp X-Ray, some more documents regarding how Bush lied about Iraq, or other politically sensitive or damaging things. Perhaps the reason he didn't get any really juicy intelligence was because the US don't actually have any :o

Really the guy is a hero, not least for making a complete monkey out of US 'secure' computers. haha

C, B and grades of D

[Beryllium+Sphere(tm)]

>standalone security, not network security, and Windows is only C-class even then

The scale that has C and B on it is at right angles to how well the system protects data.

Under the Common Criteria, the amount of protection your data gets is specified in a "Protection Profile". Windows was evaluated for compliance with the Controlled Access Protection Profile, which boils down to "keeps honest people out of each other's files".

The B's and C's are the Evaluation Assurance Level, which supposedly measures how carefully the system's been checked for spec compliance. So you could write a Protection Profile which specifies that all data classified Top Secret or above will be emailed to al-Qaeda, spend hundreds of thousands of dollars on proofs of correctness and audits, and get an A1 rating. Or you could write the world's first perfectly secure OS and have the lowest possible rating because you didn't turn in any paperwork.

>Perhaps, instead of wasting time chasing UFO spotters, they should be putting more time and effort into getting their own house in order.

Amen. Tangentially, I question his story. Why would someone hunting for a UFO coverup delete files and accounts?

Two words....

[NIN1385]

GET LINUX...

Until someone makes a stupid mistake

[Beryllium+Sphere(tm)]

>I really can't believe that truly ensitive systems wouldn't just be air-gapped from the world.

Which will work fine until the CIA director takes a laptop full of classified information home and logs in to AOL. http://www.globalsecurity.org/intell/library/news/ 2000/10/irp-001012-deutsch.htm

Yes, the phrasing in the story is nonsensical.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[flosofl]

"I just know the aliens REALLY are building landing strips for gay martians..."

The Dead Milkmen!!! Something I thought I'd never see. It's been a while, but I beleive the song is "Stewart" from Bealzebubba.

These aren't the Aliens you're looking for

[billstewart]

These aren't the Space Aliens you're looking for. You can move along.

Nonsense!

[JoshRoss]

At 425 pounds, I am the BIGGEST hacker in the world!

Re:Smart? Yes. A Nut? Perhaps. How about both?

[Jeff+Benjamin]

The article on CNN seems to contradict this. It says:

'The indictment said he hacked into an Army computer at Fort Myer, Virginia, obtained administrator privileges and transmitted codes, information and commands before deleting about 1,300 user accounts.

It alleged he also "deleted critical system files" on the computer, copied a file containing usernames and encrypted passwords for the computer and installed tools to gain unauthorized access to other machines.

Further allegations include that he modified Navy and Air Force computers and copied other files.

He was accused of hacking into a network of 300 computers at the Earle Naval Weapons Station in Colts Neck, New Jersey, and stealing 950 passwords.

Because of the alleged break-in, which occurred immediately after the September 11, 2001 terrorist attacks, the whole system was effectively shut down for a week, officials said at the time.'

That certainly doesnt sound like someone looking for UFOs to me. The interesting question is, why is it that the maximum sentence this guy can recieve is 5 years of prison and a $250,000 fine???

"Most secure"? I doubt that

[John+Jorsett]

The unemployed former computer engineer is accused of causing the U.S. government $1 billion of damage by breaking into its most secure computers at the Pentagon and NASA.

I seriously doubt this. I've worked on and designed highly-classified military systems. The military is ultra paranoid that its really sensitive systems are never connected to the outside world. You have to be physically in a shielded room to get access. If he was able to get into a system, it didn't have stuff the military thought was worth much. Either that or some idiot really screwed the pooch in setting up a system. Admittedly always a possiblity, but not likely to have happened in large numbers.

Re:"Most secure"? I doubt that

[chawly]

Just curious, but I have just got to ask. Military Intelligence is/is not a contradiction in terms ? I repeat, the sole reason for my question is curiosity - so don't lets start World War 3.

Re:"Most secure"? I doubt that

[John+Jorsett]

Military Intelligence is/is not a contradiction in terms ?

Not. There's plenty of stupidity in every large endeavor, but overall I'd say the people I've encountered in military work have been above average in intelligence.

Re:"Most secure"? I doubt that

[chawly]

As you will, John, of course. British Army myself - we have had different experiences perhaps. I agree with you concerning stupidity in every large endeavor. Would add that "some people have all the luck" and so the rest of us have to do what we can. Keep smiling.

Re: Government calls the ETV not UFO

He wouldn't find anything searching for UFO, that was a media term to confuse the issue. Supposedly, internal top secret government documents use the term "ETV" for Extra Terrestrial Vehicle. They coined UFO so they could say technically accurate things while side-stepping the whole extra-terrestrial issue.

If you think this is all too insane. IMO there will be an official "first contact" type of disclosure soon. And by soon, I mean probably in the next 5-10 years soon. Supposedly, after the "Oh no the terrorists are gonna get you!" excuse runs its course, they'll switch to "Oh no the hostile extraterrestrials are gonna get you! [and so we need trillions of dollars for space based weapons.]"

Watch and see. If I'm wrong I'll eat my hat :-D (yes I know I'm "anonymous" right now)

Pssssh, ssssilly human

Obvioussssly thisss human wasss too sssstupid to know we'd never give ourssselvessss away like that...
*listens to boss*
Ah, whoopsss...ah...I'm not an alien, sssee?
*whisper* I think they bought it, bossssss *whisper*

Re:Pssssh, ssssilly human

[chawly]

Silly human indeed. He's English so he's certainly silly ..... but is he human ? But we should notice that he did break into these computers - so silly is not stupid. He did get caught - but we already noticed that he's English. AND NOBODY IS SAYING WHETHER HE FOUND WHAT HE WAS LOOKING FOR - so watch it, you aliens.

Re:Smart? Yes. A Nut? Perhaps. How about both?

would somebody please create a Highgate Wood wikipaedia entry?

Re:Smart? Yes. A Nut? Perhaps. How about both?

[kaens]

Someone's got it in their sig, I've seen it quite a few times. But yeah, I think it is stewart.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[Tiggs23]

And on a related note, what accounts for the $1billion damages? I'd wager a large part of that is plugging security holes that should not have been there in the first place.

Perhaps the government should be paying him for showing where these holes were.

Biggest Military Superhacker? How about...

[FauxReal]

I'd say the hacker mentioned in Clifford Stoll's book "The Cuckoo's Egg" would be a much better candidate for world's biggest military hacker.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[JimGardner1973]

Well I say well done to the lad. The first thing I thought when I heard about the UFO angle was it sounded like some quick thinking when he was asked why he was doing it and anything sounded better than "because I can!" Surely the point the American authorities are missing here is that he was able to do this at all. How many more massive flaws in Windows are going to allow this kind of thing to happen? As far as I can see it serves the people who are suppose to know about these sort of things right for being dumb enough to entrust the security of NASA to Microsoft.

Re:MOD PARENT UP...

[gfreeman]

I'm not sure that I understand what you mean. At the very least you are being unclear - you provide a long list of international organisations, and say that if a nation is a member of them all (you said "and" not "or") then "your country and its citizens get to pretty much unilaterally accept the laws of your fellow member nations when it comes to this type of "crime".

Not true. In fact, a long way from true. There is not a single country that is a member of all those organisations. For a start, NAFTA and the EC are mutually exclusive. The US has trouble recognising the validity and authority of the ICC, and has stated that in certain circumstances any foreign nation wanting an extradition can go whistle. China is a member of the IMF but to get an extradition order for copyright violation agreed by them? You have to be kidding. The truth is muddied when viewed across national borders.

Did he break the law? Wrong question, as there is no "the law" when you think globally. Ask a better question.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[hesiod]

Yeah, I knew it was a DM song, but the sig is what I remember it from.

Secure?

[AngusL]

I'm almost certain the really secure networks can neither confirm nor deny their own presence.

I'm sorry, but I'll have to wipe your memory now.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[kaens]

Hey I checked out some of the music linked in your sig, I was wondering what you are using to make your tunes? I've been looking to get into some computer-driven music creation but I don't know a good place to start.

Oh by the way, I think you should add a little effect to the vocals on that trip to the jungle song...just a little distortion or something.

But overall, I have enjoyed what I have heard,

Re:MOD PARENT UP...

[darkPHi3er]

First the linguistic point ..."you provide a long list of international organisations, and say that if a nation is a member of them all (you said "and" not "or")......

since we've taken a grammatical turn here, NO i certainly didn't "say" that...

I MIGHT have ERRONEOUSLY "implied" that by my use of the phrase -- "...and DOZENS AND DOZENS OF OTHERS.." HOWEVER, that phrase was intended to modify the LIST of international treaties, conventions, accords and other agreements, it wasn't meant to modify or QUALIFY the scope of the subject.

It seemed clear to me (guess i was wrong), that most reasonably well-informed /.'s would be aware that the scope and sway of NAFTA is different from the scope and sway as the proposed European Constitution....NAFTA is (i also thought rather obviously) a rather traditional "trade and tariffs" agreement, of a type that has been in use for all of recorded history. I thought that anyone who couldn't sort out NAFTA from the EU wasn't going to get much out of my comment (or probably care to).

OTOH, The proposed (and probably now moribund) European Constitution is/was intended as a social contract between independent nations.

SO rather transparently, i thought, "apples and oranges" as to the TYPE or CATEGORY of the individual entity, and focused on the parent's question of the use and application of legal structures across national identities.

From that perspective, what do NAFTA and the others have in common?

If you've read them all (i have), you will find that EVERY one of the previously mentioned entities deal with the application of either general or specific legal structures across national boundaries and in specific instances.

Some provide specific reconciliation and grievance mechanisms, some "agree to disagree" (for just one example, Bretton Woods is a model of "unspoken agreements" -- those rascally Central Bankers)

Since the Rooseveltian agreements created after WWII, birthing the foundational international orgs such as the World Bank, IMF and United Nations (and its incredibly profligate list of sub-orgs), the quantity and quality of international accords (for good or ill) has been skyrocketing and is continuing to do so.

For the example the parent focused on, the DMCA is definitely and/or potentially transportable via a number of these agreements, so in the case of North America, the DMCA can be transported via the NAFTA agreement.

Internationally (other than NA), the DMCA can be transported via; WTO, GATT, numerous individual bilateral or multilateral copyright protection agreements and protocols and the World Court.

So is there "International Law"?, of course not. It seems to me that only a child or naif would think so.

I don't think that I or the parent stated or implied that, if i did i apologize.

However, is there a means for extra-national enforcement, ON A CASE-BY-CASE basis, of a given law such as the DMCA?

Read those agreements and you find lots and lots of ways to try it.

EXTRA CREDIT: Want to see some real "interesting" agreements on international law enforcement, that directly undercut the laws and civil rights of many signatory nations?

Read the various UN Maritime Agreements and if those don't freak you out, then proceed to the UN Anti-Money Laundering Agreements and Protocols.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[ancientt]

I'm from Texas. You'd better be good looking or carrying cheetos.. or BANG you're lawn fertilizer!

Of couse carrying cheetos and being good looking is considered solicitation in my neighborhood

#if CLOSED_MIND #define AS_NUT_CASE #endif

[psyphiber]

It is prejudicial to just decide knowing nothing that this man is anything but onto something that may or may not be true. I myself have seen lights in the sky.. very very high, in triplicate actually, dancing in strange ways. I've also seen things with my eyes waking and sleeping and at states somewhere in between that make me very certain of one thing: We can not be certain of where we are. A strange phenomenon happens to us. Those of us who use computers all day. We go away to a different place in our mind. I feel it is extremely important that NONE OF US *KNOW* whether what he was looking for was found, was to be found or anything. However, my intuition tells me that a dude who took this long to be caught, was not breaking in "deleting 1300 user accounts" and shutting down the sytems he got into, like the journalists say. My spidey (s/spidey/bullshit) sense tingles when reading those words. Let's try to keep an open mind. DMT: alien abduction. But if it is in the brain naturally.. then what's the difference between using seratonin for learning and DMT for alien experience. All different code sections use different functions and our brain functions on electro-chemical code. We are in this. We do not understand. So.. until we do, let's not close our minds to someone else. There is no decisive proof for or against. .. but for myself.. I seriously question where I am a lot of the time. I suggest we all do that however makes sense for us with sincerity and introspective honesty. There is more out there than we know. There is just as much out there as there is in here. love to you all, -[psyphiber]-

Oh dear

[hedge_death_shootout]

If you convert the indictment (PDF) to HTML, you can read all the blacked-out IP addresses.

Sheesh.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[hesiod]

Awesome, thanks. I'm glad to know someone has heard my music besides my friends.

Re: Trip to the Jungle; not a bad idea, I have to rerecord the vocals anyway. They currently sound a little too separate from the song for my tastes, and an effect might smooth it out a bit. It was the second rap I ever wrote (the first being Nook's Rap), so it wasn't my best performance.

I use Sony's ACID Pro 5, which is a looper (maybe it's called a tracker, I forget which is which). I used it to make all the songs there, and once you get used to it, you can make simple stuff real fast. If you heard ABNS, that took me about 5 minutes to make the music... obviously, the lyrics didn't take much longer either :)

A problem, however, is that you need to find some loops, which can get annoying, especially if you want some instruments, like a sax or trumpet or something. Luckily, ACID has its own MIDI tracker with included instruments, so you can make tunes with that. I'm just not very proficient with MIDI, so I only use a very little bit. Most of the WAVs you can find are whacked-out techno drum loops. If you are willing to throw down a few dollars, there are quite a few loop collections, such as Fruity Loops. If yer a pirate (Arrr), you can find some on P2P. I've heard LimeWire has some of the FruityLoops collections on it. I tried KaZaA with minimal success, so I just bought a couple CDs (they're pretty cheap, less than $10 each and they have a lot of files).

If you want to sound like Atari Teenage Riot, it's the perfect program: just lay some random tracks and set it to 200 beats per minute. It'll be indistinguishable from the real thing. :)

For effects and editing, I use Cool Edit Pro 4, which is pretty nice sound editor. There's probably something better, but CEP is way more than enough for my needs (except I could do with more FX filters), and the interface is good.

My only big suggestion is that if you plan on singing/whatever, that you get yourself a decent ($25-40 maybe) microphone. I had on-motherboard sound when I first started, and I thought that was why my recordings were crap. I bought an Audigy ZX 2 and it was still crap: I found out that my microphone (which looked like a professional one) was junk. Getting a Shure PG58 instantly made all the vocals sound 100x better. Heck, besides the computer and a crappy little equalizer, that's the only sound equipment I have.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[kaens]

Hey, thanks for the informative reply...more than what I expect of the average /.er, heh.

I have fooled around with ACID a very little bit through a freind of mine (mainly just merging guitar tracks together.) I have also heard from many people that a good mic makes all the difference in the world.

I could be called one of those infamous internet pirates....mainly because I really don't have the funds to dish out for software that I'm not sure that I'm going to get a lot of use out of. If I needed a certain peice of software's functionality on a daily basis, or for my job I would pay for it, but I don't.

Who doesn't want to sound like Atarii Teenage Riot?

But anyhow, at the moment I am running Linux, and haven't bothered to put a windows install on my drive as well, and I haven't found much decent looping or sampling programs for *nix, although I'm sure they exist (I haven't looked very hard.)

Most of the music I make anymore is mainly guitar, maybe some lyrics - I seem to have an inability to find anyone who plays drums and also has a drumset...

Anyhow, if I make anything and upload it online anywhere, I'll be sure to let you know so you can check it out (and your freinds and so on).

The creation of music is a beautiful thing, keep it up my freind.

Re:Smart? Yes. A Nut? Perhaps. How about both?

[hesiod]

Cool, If you do find something for Linux, let me know too. I like linux, but have to keep windows for basically just music.

I am currently designing my friend's site, which will eventually be Rhymezilla.com, and my music will end up being hosted there instead of (in addition to?) soundclick. Might be a few months tho... RZ is the one who showed me how to use ACID to begin with.