Friday, November 15, 2002

But He Was Just Looking for Mulder and Scully (Or Doggett and Reyes)

Gary McKinnon was arrested in the UK for taking control of over 90 US Military computer systems for over a year. I have heard from some that the 'cyber-threat' from terrorist organizations is overblown. How and why did this Super-Hacker do what he did?

He was looking for UFOs.

More precisely, he was looking for hidden information (X-Files) and evidence from US Government computers that Extraterrestrial Aliens really exist. He did this all from the computer in his home. He even dressed up for the occasion - as the article states - wearing clothes like David Bowie did during his Ziggy Stardust phase.

My favorite section of the article reads thus:

"...Gary should have known that the US is extremely protective about keeping secure its Top Secret UFO files... even the Drunken Hamster knows that from watching the X-Files TV show. No wonder the US is in such a rush to extradite him to US soil... a chip implant and an alien anal probe await at the hands of the smoking man...

..One cyber break-in, just 12 days after the September 11 terrorist attacks, caused a week-long shutdown of 300 computers at a naval weapons station in New Jersey."

Now, here's one crackpot who spends a lot of his time fanatically looking for information on aliens. How unrealistic is it to believe that some terrorist organizations haven't sent many of their agents to computer security schools, maybe even getting some their CISSP Certification.

These agents don't have to even work in the US to do damage. Not that they'd have a lot to worry about from the INS if they were here.

And that is the crux of the problem.

The incompetence that exists in the INS that is being exposed in the media is just a small slice of the overall incompetence of many government workers. In my own personal experience, there are about 5-10% of government employees that are excellent at what they do. However, they are severly overloaded and suffer burnout quickly. The other 90-95% are sitting there, taking up space and taking as many bathroom and smoke breaks as they can get away with.

And with the sad state of management in government, its not hard for them to get away with a lot.

Many of these 90-95% are in charge of securing, administrating, and managing government security systems. There is just too much for the 5-10% to do.

That's why we are so vulnerable to attacks. And with Linux gaining popularity it is under the scrutinizing eyes of hackers all over the world who are finding a plethora of vulnerabilities in the supposed 'secure' operating system. With a wholesale movement of systems from Windows to Linux, many systems are being left even more wide-open, because even the most incompetent can run Windows Update once in a while and get lucky. There isn't the same obvious tool in Linux, though the latest versions of Red Hat Linux are getting better at it. These admins can barely administer a point-and-click OS like Windows. They aren't going to have a clue about *nix based systems. So now we'll have even more vulnerable systems that can launch even more powerful attacks against other computers on the Internet or government Intranet sites.

Its really frightening if you think about the scale of it all and the number of systems that these networks touch.

BTW - If you do use Windows Update after reading this article and realizing that you've never done it before. DO NOT do the "drivers" updates unless you are ABSOLUTELY SURE that the new drivers are correct for your hardware. More often than not, they just muck things up so bad that your system won't boot. I've never used the drivers update, and I've been fine.