NASA Hacker Gary McKinnon Interviewed

An anonymous reader writes "A BBC article reports about an interview between Click and Gary McKinnon who in 2002 hacked into NASA and other US Military networks. In the interview he talks about how he accessed machines by using default passwords and a conversation with a NASA network engineer using Wordpad. He also talks about how he found information about anti-gravity, UFO technology, free energy and how UFOs are regularly airbrushed out from high-resolution satellite images."

Doesn't make sense

[ardor]

1) Hacking into NASA for three years with a 56k only?
2) What about using the "Print" button which makes a screenshot? (Well, in Windows it does.)
3) They are suppressing free energy? Why? Free energy would launch an incredible boom for economy, help greatly in pollution reduction, provide an excellent way of getting rid of oil dependency, provide instant cheap space exploration (and thus access to the vast resources on the moon and in the asteroid belt, for example), erase any poverty and/or hunger etc. So WHY should anyone suppress that? Can anyone tell me why?

Re:I'm really skeptical

If you had watched the video recording of the interview you would know that the transcript presented is actually pretty dumbed down and poor.

It seems more credible from the video.

Re:65000 passwords in 8 minutes?

[StuartFreeman]

Not that I beleive the guy or anything, but this actually seems possible. He's just checking for a blank password, so all he has to do is set up an array of ips to check and start forking off processes to check them, just do 135 in parrallel and you can scan them all within a second.

Skepticism

[sasserstyl]

It's good to be skeptical. But this guy clearly hacked into various US government organisations otherwise they wouldn't want him extradited.

For me three important things are thrown up by this case:
1. the incredibly harsh suggested punishment by the US govt. (60 years in jail)
2. the amazing lack of security at multiple us govt organisations
3. the broad dismissal of "conspiracy theories" as being fantastical (to use a Dane Cook-ism), before serious consideration

On the conspiracy theory point. People are free to form their own theories, such as this guy's that the US govt. is supressing alien technology, and these theories can actually be helpful in challenging governments where there might be a genuine public interest.

Take a look at http://video.google.com/videoplay?docid=-826005992 3762628848 [google video] for info on another conspiracy theory (9/11).

My point is this: some (even most) conspiracy theories may be based on a misplaced sense of paranoia, but this doesn't mean that they can't raise valid questions that should be answered by the organisations concerned.

Re:Hand of God, Perhaps

[sasserstyl]

I'm pretty sure when he said hand, he meant cursor. It sounded to me like he was using a remote control application, in which case what he describes is perfectly plausible. It would have been v slow over 56k though.

On the wordpad conversation, in windows 98, you definitely could have a two way conversation with any text-editor you want.

We used to do it using the sub-seven trojan when i was at uni.

I havent looked into similar technology with windows xp, but no doubt it's possible.

Re:Hand of God, Perhaps

[Bungopolis]

He was (idiotically) using a VNC style remote administration program. It sends a jpeg stream of desktop screen captures and forwards your mouse movements/clicks. By "hand" he surely meant "cursor" which he could see move if somebody else touched the mouse. The WordPad conversation was possible simply because both parties were looking at and inputting to the same window.

Re:TRUTH OR NOT??

[close_wait]

Give the guy a polygraph

polygraphs are worthless pseudocience, whose only merit is in their ability to trick the gullible into confessing. They can be trivially defeated, for example by tensing your anal sphincter during the control questions (the ones where they try to get you to lie), in order to set a high baseline.

Re:I'm really skeptical

[malsdavis]

If you had read or watched the interview you would know he was using the remote operating program RemoteAnywhere. In which case his story is totally consistent.

He states that the image was downloading when a staff member physically accessed the computer and disconnected him. I know personally the program can freeze for a couple of seconds on a slow connection while taking screen shots. It is therefor quite plausable that he was waiting for the image to download before taking the screenshot and then did not have time - in the few seconds it takes for a person to go the bottom-right-corner of the screen and select disconnect - to take a screenshot of what had already downloaded (as he would have had no indication of someone being about to use the computer locally). 1 frame later and any cache of the image would have been lost.

This doesn't at all prove his claim of viewing a NASA UFO image are true but they are atleast plausable.

Re:I'm really skeptical

[gerardrj]

This guy's full of shit. His answers don't make sense.

...and bearing in mind this is a 56k dial-up, so a very slow internet connection, in dial-up days..."

"...No, the graphical remote viewer works frame by frame. It's a Java application..."

"SK: You were actually cut off the time you were downloading the picture?
GM: Yes, I saw the guy's hand move across."

Can someone show me a a Java VM that existed and would have been the programming language of choice in the "dial-up days"? At least to me the heyday of dialup was the late 80s to mid 90s, then cable and DSL started taking over. The first version of Java wasn't released until about '96 and wasn't widely deployed/accepted until 2000 or so.

HOW did he see a "guy's hand move" over a dial-up connection that was sending about 1 frame every 2 minutes at best?

Idiot. I'm guessing the interview was so short because the BBC interviewer smelled the BS.

Re:I'm really skeptical

It is quite likely he was still on dial-up in the mid-90s. Broadband wasn't really widely available in the UK until a couple of years ago.

The rest of it does sound a bit suspect.

Re:I'm really skeptical

I'm still skeptical over his claims (is he being coerced to give the appearance that he's a bit of a nut? does he have a bit of an agenda? was he actually being manipulated at the time that he was hacking into NASA, or thought he was?), but you need to watch the video interview, not just read the transcript (which is quite badly edited imo)- it really isn't that short (actually over 16 mins long), and is quite clear that he's talking about the cursor moving across (not an actual hand), and that given he was viewing the remote desktop it was possible to use the wordpad to communicate with the person at the actual terminal (he seemed to find this amusing).

And 2000 - 2002 broadband was hardly available anywhere apart from central London and some metropolitan areas(satellite TV has always dominated, rather than cable TV, so the cable infrastructure is nothing like in the US, and British Telecom had previously held a monopoly over the telephone infrastructure, and was therefore ridiculously slow in updating local telephone exchanges to allow broadband); even where it was available, broadband was ridiculously expensive.

Nevertheless, I still think that what this guy is saying cannot be taken at face value.

Honeypots

[JacksonAces]

This guy is just trying to cover his rear. Here is a quote from another site covering this story. I think it should sort some of the conspiracy theorist's fears about national security:

from http://forums.fark.com/cgi/fark/comments.pl?IDLink =2051653 :

erewhon wrote:

"muninsfire: Calling erewhon....

Last time this came up, IIRC, it was stated that NASA, et al, have 'honeypot' systems filled with spurious, though tantalizing, information--if you go cracking into 'em multiple times, they trace you and send the guys in the suits who have no sense of humour.

You rang? This is what, like rerun #4 for this one guy?

Ok, kiddies, here is something that is the absolute truth. Consider it closely when you go groping around other people's systems.

All these agencies have their very own MIS departments, who, contrary to popular opinion, are very VERY good at what they do. The military guys have the Defense Information Systems Agency, for example, although quite often the intelligence branches for the various services get in the game as well. We have at least two military MIS guys that post regularly on Fark. One of them works at NORAD, for example.

Now, it's not unheard of for DIA to launch attacks on various military MIS systems just to see how well they are doing. I recall one physical invasion where they infiltrated a Marine base and corrupted their system, but I digress.

Here's the deal. There are no less than three military networks. The lowest level is NIPRNET, and it is tied to the civilian internet by gateways. It is fairly secure, but no secure data is trusted on it.

Next is SIPRNET. SIPRNET is ok for traffic up to 'TS'. SIPRNET is not physically connected to the civilian Internet. Anywhere. At all. You can't "hack into it" because there are no systems with both connections. That is verboten. They audit you to make sure you didn't do some dorky multihomed system with links to both. All the time. There's even rules about how close you can put a NIPRNET and a SIPRNET machine in the same room.

But wait, SIPRNET is TS at best. It has its very own web program called Intelink-S. SIPRNET has all SORTS of cool stuff on it, but it's been described as tactical instead of strategic and while I don't go surfing around just to see what I can get into (bad form) that's probably true.

Then you have JWICS. JWICS is top level. It has SCI level stuff. You use Intelink-SCI. It has battle plan type crap, strategic level info. On JWICS the elder gods of They® reside, like Zeus on Olympus. You thought DISA was a biatch about SIPRNET. JWICS isn't the sort of thing you want due to the asspain level it brings you.

Like SIPRNET, JWICS is totally separate, it has NO physical connections to ANYTHING civilian. It's the sort of thing where they might monitor the freaking dispersion characteristics and signal flight time of the fiber for taps. The sort of thing where they'll probably end up using OAM-entangled modulation. Where the cable sheath might be pressurized and double walled with marker gas in the outer sheath that sets off alarms when the slightest pinhole occurs. Personally, I don't know how the physical level of JWICS is protected and don't want to.

Now, for the sort of thing our young Brit is discussing, data for SCI projects, that would be on JWICS, if it were stored on ANY accessible server. You would not be getting into JWICS. I can't imagine a more classified project. Hell, it's probably OVER SCI, whatever's up there in the security stratosphere. But it couldn't be less than SCI.

It would be a violation of any number of legal documents and/or oaths to put something like that on NIPRNET, much less on a civilian web server.

So, what did he find? Well, they put out honeypots. The term is "military intrusion detection honeypot". You can't readily get to it,