PDA

View Full Version : Hacker News



sarongsong
2005-Jun-09, 03:55 AM
June 8 (http://www.thisislondon.com/news/articles/19164714?source=Evening%20Standard)
"Gary McKinnon, 39...unemployed former computer engineer is accused of causing the US government $1billion of damage by breaking into its most secure computers at the Pentagon and Nasa. He is likely to be extradited to America [from Britain] to face eight counts of computer crime in 14 states and could be jailed for 70 years..."He's been interested in UFOs for some time and believes the Americans are holding back information - although he didn't find any proof."..."
Tonite on C2C (http://www.coasttocoastam.com/):
"First Hour: Computer security expert Kevin Mitnick will comment on a hacking effort against US military networks..."

Morrolan
2005-Jun-09, 04:01 AM
70 years in jail for stubbornly believing in a Conspiray Theory... :roll: see how this stuff can be dangerous for your health? #-o

Gillianren
2005-Jun-09, 04:19 AM
there's a moral to this story somewhere; maybe by the time I come back Sunday night, I'll have thought of it.

sarongsong
2005-Jun-09, 04:24 AM
The US government should hire the guy!
At least Brazil is co-operating with his wishes:
Brazilian Air Force Opens Its UFO Files to Public (http://www.earthfiles.com/news/news.cfm?ID=914&category=Environment)

Archer17
2005-Jun-09, 07:19 AM
The US government should hire the guy!
At least Brazil is co-operating with his wishes:
Brazilian Air Force Opens Its UFO Files to Public (http://www.earthfiles.com/news/news.cfm?ID=914&category=Environment)When Brazil produces, I know I can count on you to break the story here. Keep us posted. :wink:

Morrolan
2005-Jun-09, 07:45 AM
The US government should hire the guy!
At least Brazil is co-operating with his wishes:
Brazilian Air Force Opens Its UFO Files to Public (http://www.earthfiles.com/news/news.cfm?ID=914&category=Environment)

somehow i don't think they are actually concerned with the wishes of a computer hacking woo-woo. especially one who may be spending a major portion of the rest of his life behind bars... :lol:

edited to add:

an interesting quote from the 'article'-
...<snip>...close encounters with what seem to be non-human beings since his own first experience with a tall, red-haired, green-eyed female in 1968.
ROFL! =D> :lol:

frogesque
2005-Jun-09, 08:11 AM
If the US wants to extradite him they can have him. It will save us from keeping the waster on benefits for the rest of his life.

Morrolan
2005-Jun-09, 08:38 AM
interestingly, according to other US news sources (CNN, but still) the maximum penalty would be only 5 years.

sarongsong
2005-Jun-09, 09:00 AM
No, no, that's just five years until the trial... :^o
What would Singapore have penalized him?
If he pleads insanity, would it be off-set by his demonstrated computer 'skills'?

Morrolan
2005-Jun-09, 09:33 AM
What would Singapore have penalized him?

since everyone does what the government tells us to, we have no crime... :wink:

seriously, most if not all kids here only switch on their computer to chat online or play computer games...

besides, internet usage is monitored so no one dares anything like hacking...

[edited to repair link]

TriangleMan
2005-Jun-09, 10:49 AM
besides, internet usage is monitored so no one dares anything like hacking...
8-[

Hi Singapore Government! *waves*

sidmel
2005-Jun-09, 02:21 PM
Quote:
...<snip>...close encounters with what seem to be non-human beings since his own first experience with a tall, red-haired, green-eyed female in 1968.

ROFL!

Isn't that from the movie Earth Girls are Easy? :D

Argos
2005-Jun-09, 03:15 PM
Isn't that from the movie Earth Girls are Easy? :D

Hey, Ive watch that one. :D

Bilateralrope
2005-Jun-09, 10:48 PM
Of course, if such files actually exist (I doubt it), they would not be on any computer with internet access (especially windows ones). They most likely only exist in paper form secured somewhere.

When I first heard about it I was impressed with his skill, but after reading that article I see that he hacked into windows machines and/or machines with poor passwords. meh

sarongsong
2005-Jun-10, 01:52 AM
...When I first heard about it I was impressed with his skill, but after reading that article I see that he hacked into windows machines and/or machines with poor passwords. mehRight; none of the compromised computers were secured, as Mitnick pointed out on the radio show, so a high level of sophistication was not required after all. Mitnick further surmised 'chasing UFO material' was not really the goal, but didn't say what he thought the hacker was up to. Also, because the suspect is a British citizen, Mitnick felt it might take the legal system up to a year to actually get him to the U.S. if he chooses to appeal extradition.

Lurker
2005-Jun-10, 02:05 AM
The US government should hire the guy!
At least Brazil is co-operating with his wishes:
Brazilian Air Force Opens Its UFO Files to Public (http://www.earthfiles.com/news/news.cfm?ID=914&category=Environment)
Hmmmmm.... indulge me here for just a moment... So if this guy didn't find anything maybe its an indication that there isn't anything to find.... I realize this is a lot less fun to ponder and it doesn't make good tv or good movies, but it just might explain his data... or more precisely his lack there of... :-k

It has always astounded me that in this country where no secret, including the identity of deep throat, seems to last forever, everyone is sure that the government can keep a lid on this huge secret. UFO's don't boggle my mind... the idea that someone could believe that our government could have successfully kept it a secret all these years boggles my mine.

N C More
2006-May-07, 03:05 PM
Update: Well, it now appears that Mr. McKinnon is claiming that he found out all sorts of things during his hacking adventure...see here. (http://news.bbc.co.uk/2/hi/programmes/click_online/4977134.stm) Yep, UFOs, free energy, he saw it all. Hmmm...seems like his story has changed a tad over the last 11 months!

Dragon Star
2006-May-07, 03:20 PM
ROFL...the banned him from using the internet?!1?1

:lol:

mugaliens
2006-May-07, 05:25 PM
Very telling quote:


GM: Unlike the press would have you believe, it wasn't very clever. I searched for blank passwords, I wrote a tiny Perl script that tied together other people's programs that search for blank passwords, so you could scan 65,000 machines in just over eight minutes.

SK: So you're saying that you found computers which had a high-ranking status, administrator status, which hadn't had their passwords set - they were still set to default?

GM: Yes, precisely.

SK: Were you the only hacker to make it past the slightly lower-than-expected lines of defence?

I understand how breaking into a locked building and entering it is considered "breaking and entering."

Please explain to me how entering apparantly abandoned building with no locks on it (to break) constitutes breaking and entering.

Please explain to me how stumbling across (whether by accident or design) open files on the Internet constitutes any sort of crime whatsoever.

"I looked, and I saw, your honor, that the files were unprotected, apparently abandoned, with a combination lock set to 0-0-0. I opened it, and the files were there for the taking."

Since when did the government begin holding its citizens liable for the government's ineptitude to secure important things?

Think about it - what's the first thing people are taught in basic training (for those of you who've been through it): Secure your footlocker! Who's responsibility is it if someone takes something from an insecure footlocker? I guarantee the government will not an additional investigation if the asset was unsecured. They'll simply fry the guy who failed to secure it.

Now things seem to have changed. The governments are frying people for viewing things online that they're "not supposed to view."

What happens if I Google a link, it takes me to a site where some government employee classified information? Am I responsible because they failed to secure the information? Am I going to jail for 60 years?

I think it's media hype for ad sales, and government hype to prove a point. If it really had "$1 Billion" in damage as it claimed, that "damage" was only either get more money from Congress, probably to fix the gaping holes that are apparently out there if some guy like GM can actually hack this stuff. But that's like telling the cops you need $100 for a better lock because the guy who just entered my house walked right in when I failed to lock it.

I certainly hope calmer heads more well-versed in legal matters hold to the truth of the matter in court.

mugaliens
2006-May-07, 05:36 PM
ROFL...the banned him from using the internet?!1?1

:lol:

So long as he's in custody, yes. Once out of custody, they'd have to somehow prove it was him, vs whatever friend he might have been staying with.

TheBlackCat
2006-May-07, 06:20 PM
Please explain to me how entering apparantly abandoned building with no locks on it (to break) constitutes breaking and entering.
Because you are knowingly entering someone else's property without their permission, which is illegal. And your analogy doesn't really hold. It is more like he was going to an office building with hundreds of windows and doors, all but a few of which were locked, and systematically searching until he found one of the few unlocked windows or doors. That is definitely breaking and entering.


Please explain to me how stumbling across (whether by accident or design) open files on the Internet constitutes any sort of crime whatsoever.
He was systematically searching for security holes in order to knowlingly access other people's computers without their knowledge or permission using software expressly created for that task, specifically targetting US government computers he knew he should not have access to, then intentionally retrieving documents he knew he should not see. This is not like stumbling upon some random web page on the internet, he was intentionally accessing a US government computer that he knew he should not be on without their knowledge or consent. How is that not a crime?


"I looked, and I saw, your honor, that the files were unprotected, apparently abandoned, with a combination lock set to 0-0-0. I opened it, and the files were there for the taking."
Oh, right, I am sure that argument would hold up for stealing lost luggage at the airport, or climbing through someone's unlocked window in the middle of the night and helping yourself to their jewlery. Same goes for computers, he was knowlingly going somewhere he should not go and taking things he should not take.

Since when did the government begin holding its citizens liable for the government's ineptitude to secure important things?


Think about it - what's the first thing people are taught in basic training (for those of you who've been through it): Secure your footlocker! Who's responsibility is it if someone takes something from an insecure footlocker? I guarantee the government will not an additional investigation if the asset was unsecured. They'll simply fry the guy who failed to secure it.
That is because the footlocker is in a public place and easily accessible to many people. I guarantee you if it was discovered that a foreign civilian was breaking into a US army base and helping himself to the contents of peoples' footlockers by trying likely combinations on the locks, there would be an investigation.


What happens if I Google a link, it takes me to a site where some government employee classified information? Am I responsible because they failed to secure the information? Am I going to jail for 60 years?
This is completely different. First of all he wasn't accessing web pages, he was accessing computers. That is completely different. Second, if a google web page takes you to a site that warns that this is a private US government site and that you could be punished with years in jail for viewing, yes you are defintiely responsible for still viewing the information despite the warning. He may not have had a warning, but intent is obvious because you can't accidentally access a computer, and he has already admitted to systematically searching for security holes in government computers (you do have to prove intent in many cases, which he already admitted to). Breaking the law is still breaking the law no matter how easy it is to do.

It would be really easy for me to walk into a store, find a spot not covered by security cameras, and star pickpocketing stuff. That doesn't make it legal. That doesn't mean I won't get into trouble if caught just because the store didn't have complete video camera coverage. It is still a crime even if the store made it easy to do. (I would never, ever do this of course, it is just an example)

It is your responsibility to obey the law, not the victim's responsibility to stop you.

Gillianren
2006-May-07, 06:21 PM
Please explain to me how entering apparantly abandoned building with no locks on it (to break) constitutes breaking and entering.

At a bare minimum, it is still trespassing. Which is still illegal.


Please explain to me how stumbling across (whether by accident or design) open files on the Internet constitutes any sort of crime whatsoever.

How do you "stumble across" things by design?


"I looked, and I saw, your honor, that the files were unprotected, apparently abandoned, with a combination lock set to 0-0-0. I opened it, and the files were there for the taking."

Since when did the government begin holding its citizens liable for the government's ineptitude to secure important things?

Well, first off, you have to believe the guy. For one, he is claiming to have found a lot of classified material on machines connected to the internet, which is not generally the case. What's more, he's claiming the stuff he found had to do with aliens and free energy and such. Isn't it equally likely that he's just nuts?

TheBlackCat
2006-May-07, 06:24 PM
interestingly, according to other US news sources (CNN, but still) the maximum penalty would be only 5 years.
Things like this are usually on a per-crime basis. If he did it 14 times with 5 years per crime that would be 70 years.

TheBlackCat
2006-May-07, 06:27 PM
The US government should hire the guy!
At least Brazil is co-operating with his wishes:
Brazilian Air Force Opens Its UFO Files to Public (http://www.earthfiles.com/news/news.cfm?ID=914&category=Environment)
Even if the US government did release its UFO files, if there are any that haven't already been declassified, they would either not be believed or wrongly taken as evidence for alien visitation. The US government has already declassified a bunch of info, UFOlogists have either twisted it to fit their opinion or dismissed it as more misinformation. No amount of information the government could declassify would satisfy them.

mugaliens
2006-May-07, 08:28 PM
Well, first off, you have to believe the guy. For one, he is claiming to have found a lot of classified material on machines connected to the internet, which is not generally the case.[quote]

Really. Check www.globalsecurity.com.

[quote]What's more, he's claiming the stuff he found had to do with aliens and free energy and such. Isn't it equally likely that he's just nuts?

If it's nuts, then he doesn't have any valid information. If he's not nuts, then he does.

So why is the government reacting as if he not nuts?

WOAH!!! I say this because I'm NOT a CT, and because I'm trying to mitigate the problems between those who are and the people (the taxpayers) who pay for tracking down all the crap from those who are.

The guy's got a few screws loose. Perhaps he has none loose, but he just found some good into on NSA.com and decided to run with it.

So what? The killer thing here is twofold:

1. What, exactly, was the information that he breached?

2. Was it really worth $2 BILLION?????????????????????

Oh, come on! If the Gov't were that inept! This is absolutely insance from the dollar amount beyond.

Does this mean we give 60 years to every crackpot who manages to hack through the world's supposedly tightest security systems?

That doesn't exactly do wonders for helping us maintain our reputation for the world's most powerful nation on the planet...

I would think it would look FAR better for our nation to simply plug the hole and say, "What hole?"

I'm sure this is the definative choice of options, given one.

Cl1mh4224rd
2006-May-07, 10:51 PM
I understand how breaking into a locked building and entering it is considered "breaking and entering."

Please explain to me how entering apparantly abandoned building with no locks on it (to break) constitutes breaking and entering.
If I understood correctly, he most likely had to get past any outward security (like a firewall or an uthentication system) to find those open systems on their network. It's more like breaking into a locked office building, then searching for the offices within that building whose doors are unlocked.


Please explain to me how stumbling across (whether by accident or design) open files on the Internet constitutes any sort of crime whatsoever.
I thought it was pretty clear that the network wasn't open to the public.


Since when did the government begin holding its citizens liable for the government's ineptitude to secure important things?
This I can partially agree with. The network and system administrators need a bit of a lashing, especially for that "blank password" insanity.


Now things seem to have changed. The governments are frying people for viewing things online that they're "not supposed to view."

What happens if I Google a link, it takes me to a site where some government employee classified information? Am I responsible because they failed to secure the information? Am I going to jail for 60 years?
You jumped the tracks a few paragraphs back, and you just barreled full-steam over the cliff with this statement. None of what he claimed to have found (or didn't find, depending on when you believe him :eh: ) was publically available information.

Van Rijn
2006-May-08, 12:36 AM
If it's nuts, then he doesn't have any valid information. If he's not nuts, then he does.

So why is the government reacting as if he not nuts?


That doesn't follow. He went snooping because he was a CT. There might well have been things that would be a real national security issue - no ET required. Even without that, they want to stomp down hard on things like this as a lesson for others who might like to do the same thing - especially kids that get kicks out of that sort of stuff.



1. What, exactly, was the information that he breached?


I doubt we'll ever know that. I also doubt it has anything to do with ET.



2. Was it really worth $2 BILLION?????????????????????


My guess is no. Claimed damage figures are often a work of fiction as well. No doubt a lot of that is the cost of cleaning up security.



Does this mean we give 60 years to every crackpot who manages to hack through the world's supposedly tightest security systems?


*shrug* It is just another deterrent. Security is never pefect. The best way to secure things is to limit real access: The really sneaky stuff isn't going to be available on the public network. But there is always a war between good security and ease of use. In the real world, you have the security people that put heavy shackles on things, often forcing people to use suboptimal hardware and software. Then there is a limit to how many security folks you have. On the other side are bosses that want jobs to get done, so you have some people doing things they shouldn't as workarounds to the security. And then there are the idiots . . .

Many years ago, on a computer used through California universities (old style networking), a friend* found a way to pull all userids and owner's names. He was able to grab several powerful IDs by trying the names or obvious nicknames as passwords. Everybody knows that you shouldn't use your name as a password, but some people do it anyway. Fools are the biggest problem for security.


*No, it wasn't me, it really was a friend. I wouldn't mind taking credit for it - the laws are different and it really was many years ago - but credit where credit is due. The real trick was pulling the IDs and names out of the file.

The Backroad Astronomer
2006-May-09, 02:33 AM
the files are mor likely on the same computer with proof of weapons of mass distruction.

Van Rijn
2006-May-09, 02:57 AM
the files are mor likely on the same computer with proof of weapons of mass distruction.

I thought we had proof of weapons of mass destruction for some time now (http://en.wikipedia.org/wiki/Trinity_site).

mugaliens
2006-May-09, 09:33 PM
I thought it was pretty clear that the network wasn't open to the public.


I am not a hacker. But if memory serves me correct, an unsecured building on the side of a public highway is not considred "locked" if reasonable means by average people (turning a doorknob) gains them entry. To these people, that's apparently what happened. They simply stubled across a building, turned a few handles, and they were in. To them, there was no apparent attempt to secure the building.

GDwarf
2006-May-09, 09:57 PM
I am not a hacker. But if memory serves me correct, an unsecured building on the side of a public highway is not considred "locked" if reasonable means by average people (turning a doorknob) gains them entry. To these people, that's apparently what happened. They simply stubled across a building, turned a few handles, and they were in. To them, there was no apparent attempt to secure the building.
Not at all, they went from door to door, with a key that they knew would fit one of the locks, found a door it worked on, and went in.

Van Rijn
2006-May-09, 10:00 PM
I am not a hacker. But if memory serves me correct, an unsecured building on the side of a public highway is not considred "locked" if reasonable means by average people (turning a doorknob) gains them entry. To these people, that's apparently what happened.


For the record, here is what he was accused of doing, from the original article (http://www.thisislondon.com/news/articles/19164714?source=Evening%20Standard):

It is alleged that he used software available on the internet to scan tens of thousands of computers on US military networks from his home PC, looking for machines that might be exposed due to flaws in the Windows operating system.

Many of the computers he broke into were protected by easy-to-guess passwords, investigators said. In some cases, McKinnon allegedly shut down the computer systems he invaded.

The charge sheet alleges that he hacked into an army computer at Fort Myer, Virginia, where he obtained codes, information and commands before deleting about 1,300 user accounts.


So it is hardly fair to say the "buildings" were "unlocked." But let's follow your logic. If somebody finds an unlocked car with a key in the ignition, is it moral and legal for them to drive off in it? Or let's say I forget to lock the door on my house one day. Do you think it should be legal for someone to sneak into my house and steal or destroy my financial, medical, and other personal information?



They simply stubled across a building, turned a few handles, and they were in. To them, there was no apparent attempt to secure the building.

And that's just wrong. The guy was actively searching for holes in security and sneaking around in systems. In the real world, there is no such thing as perfect security. If somebody looks hard enough, they'll usually find security holes.

puggymuffin
2006-May-09, 10:07 PM
[QUOTE=sarongsong]The US government should hire the guy!
At least Brazil is co-operating with his wishes:

cracking!!!lets all work together. world dominations the word you're looking 4

puggymuffin
2006-May-09, 10:27 PM
The US government should hire the guy!
At least Brazil is co-operating with his wishes:
Brazilian Air Force Opens Its UFO Files to Public (http://www.earthfiles.com/news/news.cfm?ID=914&category=Environment)

cracking!!!lets all work together...world-pc domination is the ticket

HenrikOlsen
2006-May-10, 05:02 AM
The US government should hire the guy!
Hiring ex-crackers to make better security is one of the stupider myths in the IT business and it probably motivates at least some of them in the mistaken dream that it's a way to get a job that don't require an education first.

All IT professionals I know would rather resign that work with one of these people. Actually most would probably rather take a baseball bat to them given the opportunity. :)

sarongsong
2006-May-10, 08:30 AM
What was I thinking!

May 10, 2006
...To demonstrate the [security] software's effectiveness, the company hired Kevin Mitnick, once a notorious hacker...
Digital Transactions (http://www.digitaltransactions.net/newsstory.cfm?newsid=632)

HenrikOlsen
2006-May-10, 09:09 AM
That just tells me it's a company I wouldn't work for.

boppa
2006-May-10, 12:27 PM
...close encounters with what seem to be non-human beings since his own first experience with a tall, red-haired, green-eyed female in 1968.
ROFL! =D> :lol:


DADDY!!!!

explains a lot i spose ;-)