Gary McKinnon and the “biggest military computer hack of all time”

by | Nov 16, 2020 | Articles, Hacking Stories

hacking,stories,gary mckinnon,hacker,nasa,usa,army,

Post Views: 6,271

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Reading Time: 8 Minutes

Who is Gary McKinnon?

Gary McKinnon, a Scottish systems administrator and hacker, was born on February 10, 1966. McKinnon became infamous when it was discovered that he had hacked into military computer systems over a 13-month period between February 2001 and March 2002.

At the age of 36, McKinnon was accused of hacking into 97 computers belonging to the US Army, Navy, Air Force, Department of Defense, and NASA.

Early life

At 14, McKinnon received his first computer, sparking a lifelong interest in the field. Despite dropping out of school and becoming a hairdresser, he eventually returned to computers. In the early 1990s, friends convinced him to take a computer course, leading to contract work in the industry.

UFO “Research” and the Start of Hacking

McKinnon’s primary motivation for accessing military systems was to uncover evidence of UFO cover-ups and expose it to the public. In the late 1990s, he decided to use his hacking skills to conduct what he called “research” on UFOs.

In an interview with the BBC, McKinnon expressed his belief that the United States government was withholding critical information about UFOs. “It wasn’t just an interest in little green men and flying saucers,” he said. “I believe that there are spacecraft, or there have been craft, flying around that the public doesn’t know about.” He claimed that the US military had reverse-engineered anti-gravity propulsion systems from a spacecraft and kept them secret. His search became an obsession, leading to neglect of his personal life and relationships.

A book that kickstarted hacking

McKinnon’s journey into hacking began after reading “The Hacker’s Handbook,” a classic 1980s guide for computer hackers. Late at night, he began experimenting with the book’s techniques. By 2000, he decided to look for UFO evidence on the U.S. government’s computer systems.

Hacking NASA and military

McKinnon gained access to these systems by finding publicly available IP blocks for the Johnson Space Center (NASA did not use non-routable IP addresses) and exploiting the insecure Windows Office Protocol, NetBIOS, that NASA’s computers used. He used similar methods to hack into Navy, Army, and Pentagon systems.

Using the Perl programming language, he wrote a script that allowed him to scan up to 65,000 machines for passwords in under eight minutes. He discovered that many machines could be accessed with a blank admin login, meaning he could log in with admin rights using “admin” as the username and leaving the password field blank.

On these unsecured machines, McKinnon installed a software program called RemotelyAnywhere, which allowed remote access and control over the internet. He could browse through the machines, transfer or delete files, and monitor all activity. This allowed him to log off the moment he saw anyone else logging on.

Gary McKinnon’s hacking activities highlighted significant vulnerabilities in government computer systems, leading to widespread attention and controversy. His quest for UFO evidence and subsequent legal battles have made him a notorious figure in the history of hacking.

Building 8 at Johnson Space Center

Johnson Space Center NASA

McKinnon obtained information about Building 8 at Johnson Space Center, where NASA allegedly airbrushed UFO images out of high-resolution satellite imaging. He used the command-line interface to scan the subnet of Building 8 and found 255 machines on which he could log in as an admin and have full access since NASA’s computers weren’t configured to block blank admin logins.

Using a program called LAN-search, he could search all the files and folders in the computer systems. He discovered an Excel spreadsheet titled “Non-Terrestrial Officers,” containing names and ranks of US Air Force personnel not registered anywhere else.

 Reconstruction of Excel Spreadsheet Non Terrestrial Officers that McKinnon found

He also found pictures and documents and had to lower the resolution to download some satellite images of what he described as “cigar-shaped objects” above the earth. McKinnon posted a notice on the military’s website: “Your security is crap.”

The U.S. Department of Justice has not publicly stated how they became aware of his illegal actions, but McKinnon believes he got caught when he logged in at Johnson Space Center at the wrong time. His connection was immediately cut off, leading the government to discover the RemotelyAnywhere software on the machine and trace its purchase to his email address. As a result, NASA, with the help of UK police, tracked him down and found his home address.

                                RemotelyAnywhere Software

Arrest and first interviews with authorities

McKinnon was arrested by the British National Hi-Tech Crime Unit in March 2002. He was held in custody for about six hours while authorities searched his and his girlfriend’s house, confiscating multiple computers and other machines he was fixing for clients. While most of the machines were returned, some hard drives containing his “findings” were sent to the US for further investigation.

McKinnon confessed to his actions because British authorities had his hard drive, which contained everything he had downloaded illegally from US systems. Without a lawyer present during the first interview, he was promised a light sentence of up to six months of community service. However, by the time of his second interview on August 8, 2002, after British authorities had met with US officials, the tone had changed to more serious charges, including the possibility of extradition to the US.

Hacking Accusations and Extradition Proceedings

In November 2002, McKinnon was indicted on seven counts of computer-related crimes by a federal jury in the District of Virginia, each carrying a potential 10-year jail sentence, totaling up to 70 years in prison. Over 13 months, he was accused of hacking into 97 computers of the US Army, Navy, Air Force, Department of Defense, and NASA. He was also suspected of crashing a network of over 300 computers at the Naval Air Station and deleting weapon logs at the Earle Naval Weapons Station after the 9/11 attacks. McKinnon’s hacking caused around a million dollars in damages, according to the US government.

He remained free without restrictions until June 2005, when the UK enacted the Extradition Act 2003, making it easier for the US to request extradition without providing contestable evidence. He then became subject to bail conditions, including signing in nightly at his local police station and remaining at his home address at night. If extradited to the US, he could face up to 70 years in prison.

See Also: The Bug Bounty Hunting Course

House of Lords appeal

In June 2008, McKinnon’s lawyers argued before the Law Lords that he could face up to 10 years in jail per count without the chance of repatriation, but only 37-46 months if he cooperated and went voluntarily to the US.

They rejected the US-style plea deal, stating that the US tried to force McKinnon to waive his legal rights and that they could not guarantee he would serve his sentence in the UK.

McKinnon’s lawyers said that the Law Lords could deny extradition if there was an abuse of process: “If the United States wishes to use the processes of English courts to secure the extradition of an alleged offender, then they must play by our rules.”, the House of Lords rejected this argument and stated that: “The difference between the American system and our own is not perhaps so stark as McKinnon’s argument suggests” and that extradition proceedings should “accommodate legal and cultural differences between the legal systems of the many foreign-friendly states with whom the UK has entered into reciprocal extradition arrangements”

Further appeals and medical condition

European Court of Human Rights appeal

In September 2008, McKinnon appealed to the European Court of Human Rights, which imposed a bar on the extradition, but the appeal was ultimately rejected.

Free Gary McKinnon movement and Medical Condition

Free Gary McKinnon Protests

Not many people believe Gary posed a real threat to the US and supporters have set up a Free Gary McKinnon campaign website. Rock stars, human rights activists, and members of parliament were racing to free Gary.

Dan-Bull’s open letter to Home Secretary on Dec. 2009.

Dan-Bull's open letter to Home Secretary

The reason: he has Asperger Syndrome.

His medical condition speculations began when a woman saw Gary on T.V. and suggested he seek a mental health diagnosis. He agreed to be evaluated by Simon Baron-Cohen, director of the Autism Research Centre at the University of Cambridge. After a three-hour-long examination, Gary was diagnosed with Asperger’s syndrome.

Then, Psychiatrists warned there was a risk that McKinnon, who suffers from Asperger’s Syndrome and depression, would commit suicide rather than accept the grim prospect of extradition and subsequent trial in the US.

British government blocks extradition

Gary with his mother on a Daily Mail Cover after blocked extradition top the U.S

His legal team after having also lost the appeal for judicial review against his extradition to the High court on July 2009,

they then applied for a judicial review to the Homes Secretary’s rejection of medical evidence, which stated that when could try in the UK, it was unnecessary and inhumane to remove him from his homeland and family.

In October 2012, then-Home Secretary, Theresa May blocked the extradition saying that:

“Mr. McKinnon is accused of serious crimes. But there is also no doubt that he is seriously ill […] He has Asperger’s syndrome, and suffers from depressive illness. Mr. McKinnon’s extradition would give rise to such a high risk of him ending his life that a decision to extradite would be incompatible with Mr. McKinnon’s human rights.”

Theresa May

Finally, after a decade-long battle, his case came to a close in December 2012. Even after the threat of US extradition was lifted, the possibility of a UK prosecution remained for several months until it was rejected in December 2012. The decision cleared the way for McKinnon to begin working with computers again.

However, a US extradition warrant for McKinnon remains in force, preventing his travel outside the UK, the BBC reports.

Gary McKinnon’s new career

Gary McKinnon with his mother after extradition battle ended

In 2014, Gary McKinnon found a new career as a search engine optimization (SEO) expert, which specializes in making sure businesses appear prominently in search results.

As McKinnon explained for his new career: “My aim is to provide high-quality SEO to small businesses and individuals. All of my clients have so far reached the first page of Google search results for their primary keywords.”

His existing clients include law firm Kaim Todner (McKinnon’s lawyer during his extradition fights), a tutoring service outfit GMAT Tutor London and The Hair Safari, a hair salon in Oxfordshire.

References:

⦿ http://news.bbc.co.uk/2/hi/technology/4715612.stm
⦿ https://www.wired.com/2006/06/ufo-hacker-tells-what-he-found
⦿ https://www.bbc.com/news/uk-19946902
⦿ https://www.dailymail.co.uk/news/article-147167/Briton-faces-extradition-U-S-hacking-allegations.html
⦿ http://news.bbc.co.uk/2/hi/uk_news/6521255.stm
⦿ https://www.theguardian.com/commentisfree/2012/oct/16/son-gary-mcinnon-justice-at-last
⦿ https://www.snotr.com/video/6250
⦿ https://www.youtube.com/watch?v=n1CggoA_O1M&ab_channel=RichardHall
⦿ https://spectrum.ieee.org/tech-talk/telecom/security/freeing-gary-mckinnon
⦿ https://www.theregister.com/2014/07/31/ex_hacker_mckinnon_seo_guru/
⦿ https://malicious.life/episode/us_vs_gary_mckinnon/

We hope that this write up has taught you something new. If you enjoyed it, the best way that you can support us is to share it! If you’d like to hear more about us, you can find us on LinkedIn, Twitter, YouTube.

Are you a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to Information Security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]