Gary McKinnon has a lot to worry about. His job prospects are bleak. He will shortly have to leave his home in North London and could be facing up to 70 years in a U.S. federal prison--a prospect that terrifies him.
His actions have been well-recorded. Over a period of years he managed to bypass the security of what should be the most sophisticated IT systems on the planet, many of which belong to the U.S. Department of Defense and NASA.
That was back in 2002. McKinnon has already been investigated thoroughly by the legal authorities in the United Kingdom and released without charge. But what some see as the slow-working cogs of the U.S. legal system are clicking into action now--leaving him hanging in limbo as he awaits a hearing later this month that will determine whether he's to be extradited. He's accused of CNN.. Paul McNulty, the U.S. attorney for the eastern district of Virginia, said in 2002 that "Mr. McKinnon is charged with the biggest military computer hack of all time," according to several publications, including
The unemployed UFO enthusiast was, metaphorically speaking, able to walk right in, look around and make himself at home in what are supposedly some of the most secure systems in the world. Although breaking into the Department of Defense required a combination of ingenuity and hours of mindless drudgery, ultimately, McKinnon says, it was the "dangerously lax IT systems" that made it possible, he claims. And as for the "minor" damage to the systems concerned, it was not deliberate, he said, but happened accidentally while he was trying to cover his tracks.
McKinnon, now 39, admits that there was a period of his life when he was "addicted" to computers. It threatened his life, his health and his relationships at the time, but he couldn't leave them alone.
His interest in IT was sparked, as it was for many others, by an interest in science, science fiction and the unknown. It was the search for proof of extraterrestrial life and suspicions about federal policies and actions in the wake of Sept. 11, 2001, that led him to the restricted government sites in the first place.
McKinnon's story, some say, raises critical issues about the rights of British citizens accused of committing crimes in the United States, the state of IT security internationally, and the possible existence of antigravity technology in a U.S. military establishment.
Q: Why do you think the U.S. authorities behaved the way they did, with an extradition order?
McKinnon: Well, the reason they give is that I, on my own, closed down the entire metro district of Washington for a few days, including a weapons station, which I dispute.
My thing was being quiet and not being seen and getting the information out. And also, when I was there, you do a NetStat routine and you see all the other connections to that machine, and there is a permanent weakness for foreign hackers because their security is not even lax, it is nonexistent. You wouldn't believe it.
They might claim that by installing a remote control program, I opened them (the systems) up, but the access was already there. I didn't even have to crack passwords.
What about the damage you are said to have caused?
McKinnon: What they call damage is really just them realizing that they have been accessed without authorization. Then they say things like I deleted 300 users, deleted systems files and such. That was one instance when I did a batch file to clean up all my stuff--I think once and only once, though perhaps I ran it on the root drive of the "c:" drive. But it certainly wasn't every machine I was on and, if you believe them, they talk about 94 networks being damaged.
Surely all the data was backed up anyway?
McKinnon: Well, it should be, and it should be behind a firewall, and the local administrator should not have a blank password. Take one defense computer, where they use image-based installation techniques where most of the machines have the same BIOS, the same hard drive, the same hardware specification, and you just whack it out across the systems. Unfortunately for them, the local system administrator's password was blank. So you don't even need to become the domain administrator. That's 5,000 machines all with a blank system level administrator password. To be fair to them, as I got deeper into it, they closed me down pretty quickly.
Did it worry you, this lack of protection for systems?
McKinnon: I was always very frightened when I realized there were always other people from all over the world on there. These were like foreign ISPs, routinely going through things. It is very worrying that it is the world's only superpower, and it is that easy to breach security.
What were you doing prior to the most recent arrest?
McKinnon: I wanted to get the trailing documentation to screw the Americans. I looked at things and I didn't like what I was seeing. They talk about the war on terror, and meanwhile they are training people in