Skip to main content

Secrets, Lies, and Email Passwords

British hacker Gary McKinnon apparently was able to crack over 90 computer systems at various government agencies of the United States, including NASA, the U.S. Army, the U.S. Air Force, and the Department of Defense in 2001 and 2002. He was apparently hunting for secrets about aliens. No, he wasn't searching for illegal immigrants, but rather, aliens from outer space. He believed that the U.S. government was hiding evidence that these aliens exist, and maybe hiding materials and bodies of dead aliens, as well. I hope that if he's extradited and then tried, the judge goes easy on him. Yes, he's guilty of embarrassing several U.S. government agencies by breaking into their computer systems and rifling through data. It shouldn't have been so easy for him to do. The layers of management who didn't take network and information system security seriously until 9/11 will not be on trial, and they certainly bear partial responsibility for contributing to this problem. Mr. McKinnon wasn't the only person to break into many computer systems at these (and other) agencies during the late 1990s and early 2000s, he just happens to be one of the very, very few who were caught. One could say that Mr. McKinnon is a victim here, too, as well as a perpetrator. That is to say, he's a victim of a free market in, and cottage industry of, ideas about conspiracy. Yeah, there probably are some government conspiracies. It's a big, big government that has done some embarrassing things they would like to hide. Most of those things are probably mundane. Hiding the bodies of aliens that crash landed in Roswell, New Mexico, is not likely to be among them. He should have been reading the Bad Astronomy blog. Phil Plait (Bad Astronomer) on UFOs Phil Plait's Bad Astronomy: Rebuttal to a Bad Boook Review from a UFO, uhm, enthusiast Apparently Mr. McKinnon was caught because some action of his was traced back to the email account of his girlfriend.
Alleged Pentagon hacker loses extradition appeal
"McKinnon has acknowledged accessing the computers, but he disputes the reported damage and said he did it because he wanted to find evidence that America was concealing the existence of aliens. He was caught in 2002 after some of the software used in the attacks was traced back to his girlfriend's e-mail account."
If there is a lesson to be learned here, it's probably this: If your Significant Other is a UFO hunting nut job and a computer whiz, don't let him or her know your passwords, change them regularly, and for good measure, use a Macintosh.


Popular posts from this blog

Verified by Visa (Veriphied Phishing?)

If you have used a Visa card to make a purchase online lately you may have encountered a relatively new program, Verified by Visa . I've encountered it twice. The system is an interesting attempt by Visa to reduce online fraud and identity theft. It's a noble effort, but the user experience is unsettling, and the security implications are not exactly crystal clear. Here's what happened to me, both times the system was activated. I was redirected away from the domain at which I was shopping, to a URL which was: not the domain where I was shopping, not the domain of the bank that issued my card not I've been telling people for years that if anything like that happens to you, close your web browser immediately and do not under any circumstances enter any personal information into the form, because this is a sure sign of a man in the middle or phishing scam. (Never mind that all the best phishing scams now-a-days look like the actual domai…

Hacker 0x80 0wn3d by FBI (Arrested after Accidental Outing by Washington Post) [1]

What can the botmaster 0x80's impending misfortune [1] teach us about information security? Quite a bit. What the botmaster and the reporter didn't count on is a security risk known as "the aggregation problem" or "point and click aggregation". It's not surprising, as even practicing security professionals are often unaware of this problem, or vaguely aware of the concept but not the name. Information Security dictionaries online generally lack the terms, and don't mention them in their discussion of "disclosure" either. The aggregation problem happens when a series of small facts, any one of which if disclosed present a minimal security risk, combine to present a greater security risk when disclosed together. When aggregated, information from publicly available sources may accidentally disclose information that was intended to remain confidential. As it happens, an IETF glossary contains a definition of the basic term. RFC 282…

Splunk acquires Phantom Cyber

I hope it doesn't come across as too cynical, the observation that most acquisitions in the tech domain fail to produce anything useful and often as not wind up killing a promising upstart technology, even if only by accident.

I have hope for this one, though. Splunk strikes me as a likely exception. This acquisition of fresh ideas and talent might breathe new life into a solid, if somewhat staid, security company.

Splunk’s data analytics gets a security boost with $350 million acquisition of Phantom Cyber