SCI/TECH: Most Costly Hacker Ever Arrested

Gary McKinnon, 39, a man being called "The Biggest Hacker Ever" was arrested by London police. He is facing charges of breaking into several US Goverment computer systems and doing roughly 1 Billion dollars in damage. Over a period of 12 months he compromised 92 systems including computers at the Pentagon, NASA and a few unnamed private organizations. Once extradited to the US he faces a possible 70 year jail sentence if convicted of all charges.


Its rather amazing that one person is being blamed with such a large ammount of damages. Its also quite interesting that his motivations are so different from the run of the mill hackers(crackers) who are always causing trouble across the internet; most are out to spread some political message, steal credit card information, or just tag websites with their handle and some shoutouts.

Though his friends say he found no evidence, I can't help but wonder if he found anything at all that may indicate a coverup or at least some less-than-honest activities.

[edit on 8-6-2005 by alternateheaven]

The story won't load for me, but I'm curious how they arrived at the figure of $1B in damages. If he was merely breaking in to get information, how does that equate to monetary loss? Did they spend a billion dollars to upgrade network security and trace the intrusions? If so, there was obviously a stupendously inefficient use of funds.

[edit on 2005/6/8 by wecomeinpeace]

$1 Billion!? That's gotta be a mistake, the news report I watched said he'd done $750,000 worth of damage, quite a large difference. Besides, this is pathetic, the guys doing them a favour if anything, make them tighend up security a bit. If one guy can do it, then I'm sure a 'rogue state' that has a team of hackers can too.

Well its known that the figures come up with in cases of hacking are padded, to ensure getting the proper amount of attention. As for the number 1 billion, they could have spent that much in tracking him down, or at least pretending to. According to the article he also removed accounts and even shut down some of the systems he penetrated, which takes man hours and equivilant funds just to restore, since after a penetration a machine should be put on a segregated LAN and picked over by a computer forensic expert, then completely formatted, restored, and only after being found functional and clean placed back on the network in its original role. Have a few of those being done by someone who already pulls an insane price per hour (and of course it would require overtime) and you are looking a hefty bill, so its no suprise that the figures are extremely high for damages and such.

How do you define the damage, though? If a trade secret is hacked into and sold to a competetor, the initial damages would probably just involve a security overhaul and hiring a few ex-hackers to test how secure the network is. However, long term, the company could stand to lose millions, if not billions, because some proprietary whatever was leaked to their competetors and caused them to lose their edge on the market prematurely.

I'm not sure how it would work with this government hack, but there are a lot of beneath the surface effects of your system getting hacked into, even if it's just to look around.

wecomeinpeace
The story won't load for me, but I'm curious how they arrived at the figure of $1B in damages. If he was merely breaking in to get information, how does that equate to monetary loss? Did they spend a billion dollars to upgrade network security and trace the intrusions? If so, there was obviously a stupendously inefficient use of funds.

I checked the story to see if it showed for me and it did;
The story did not go into cost detail. My best guess (having some experience in the cost of codes) would be the cost of changing the codes over and over while they were tracking him down. That alone can add up real fast. 45 years ago each change cost was estimated at 50k so I would assume at this time it would be atleast 150k each change if not more. Now multiply that by 1000 and you get an estimated cost albeit inflated figures used by the government.

I am sure you have heard about those thousand dollar hammers that cost you and I only 20 right

[edit on 6/8/2005 by shots]

Those are special hammers with the GI Joe Kung Fu grip! They're not available for civilian use, which is why ours only cost $20.

Its also quite interesting that his motivations are so different from the run of the mill hackers(crackers) who are always causing trouble across the internet; most are out to spread some political message, steal credit card information, or just tag websites with their handle and some shoutouts.

Thats one hell of an uninformed view on hackers, if I may say so.

Theres all sorts of hackers and just because blackhats and scriptkiddies get most of the publicity because they cause general mayhem, doesn't mean they are a majority of any kind.
Also, the viruswriters, the ones that cause the most publicity, are put in the same group and named hackers, which they in general are totaly not.

The actual majority of hackers hack to gain information, like this guy, or to help software developers and company's find bugs and backdoors in their systems.

The blackhats and scriptkiddies are the minority group, like crookid cops, that use the information they gain in their environment to serve a sinister cause. Usualy money related, like those crypto hijackers reported a few weeks back.

I'm thinking that the damages value put on this guys arrest warant should tell us all something important, that this guy, hit the right nerves and found the location of overly sencitive information.

Lets hope he was able to relay his findings to other people, so that they can spread this information to other people.

thematrix > I know there are different types, but to appease the anti-hacker sentiment here I wasn't going into anything overly specific. That aside this dude definately is more deserving of the cracker label. I would however argue about him hitting a nerve with the feds, Ive gotten quite a few comments from security experts in the field that the damage estimates are almost always padded to make it look more important, though it seems the padding is alot more prevalant on smaller situations so they can make the minimum ammount set for the FBI to investigate.

I think the UK should not give in to US extradition demands. America cannot guarantee the humane treatment of prisoners, nor can it guarantee a fair trial. Furthermore, the US penal system does not fulfill international standards of legitimacy. Also, the US being a lawless rogue regime, and the US military therefore effectively being a criminal organization, damaging them is not legitimately punishable.

There is another article here along with a 30-minute interview with the guy. Here's the Slashdot link also.

In the interview he mentions how he gained access to some of the systems: the military's computers run Windows, and their administrator passwords were blank. In my opinion, the people who set up those computers should be the actual ones going to jail. Or at least punished.

He didn't have intentions to cause trouble, sure he wanted to find out top secret information but at least he didn't want to deliberately cause damage, which would have been easily possible.

I know what it's like to be in his situation, you can get carried away and not be very ethical when you've unauthorised access to something, we're all human don't forget. But even murderers don't go to jail for 70 years.

The media always hype up hacking related stuff because they don't understand it. At all. It's very of frustrating.

Shows us that alot of the damages claimed in this case are more then likely not damages but costs that will come when they have to secure all these systems that turned out to have blank admin passwords.

Its not the hacker/cracker that did the damages, but its the incompetent installers and techstaff of the US military that caused the damages by leaving systems wide open to start with.

They should be glad he was looking for U.F.Os and not doing something a lot worse. If anything he has done them a favour by showing one person can easily break through their security.

And it seems that it keeps on going. Cmon folks. This guy is nothing special. The systems he played around on was unclassified and if he got anything off them the most he got was SSN's and email. I used to be prior military and i seriously doubt the passwords were blank for admin account. I used to run nutcracker on my lan every month and check for the passwords that got hit. If your password was a dictonary word you got a warning. If it was hit again next month, you got EMI. Well if it hit 3 times, kiss your unclassified email goodbye because you didn't get it at all. The government probably did spent quite a bit of money on this guy. He deleted 1300 user account. 1300!!! He must of known he was gonna be caught because even the most untechnological people i've worked with never caused that much damage. Think about the cost to recreate those accounts,because everyone knows if you account was to be deleted and you had important information (like email adresses) that you'd want them back. Then you gotta restore the account which takes time. Think of the wasted man hours just for that. Then start thinking about tracking this guy who probably had connections on different systems. I give him that he had some fake dead end placed in case someone decided to watch him. But that costs too because every connection was a violation. The major problem i see with this guy is he is gonna spew as much crud as he can because the chump is gonna be in jail for a good long time. Hey might as well make some stuff up so i can get maybe a book deal...ohh and maybe a tv miniseries. This stuff makes me sick how people can just break the law and then cash in on it. I really seriousy hope there is such thing as karma, because i hope they get theri just desserts.

I'm off my box...peace


-Aza

[edit on 26-7-2005 by Azathoth]

Most likely they are playing heavy handed to insure he tells them any dirty little secrets
that he discovered.

Meanwhile the system administrators affected will have some explaining to do since
their highly compensated careers could be on the line for failing to prevent something like this.

The real shame here is that most of this could have been prevented.
If each of those user accounts had been running Mac OSX Tiger this so called master hacker wouldn't have gotten very far.