Gary McKinnon, the British hacker at the heart of an extradition battle with the US Government was not alone and was the most junior member of a hacking group largely ignored by the authorities.
An investigation by Future intelligence has been told that McKinnon, who faces a potential 60 year jail sentence if he is handed over to the US, was not a lone hacker roving through US computer systems but was instead the most junior member of an informal five-strong group that regularly exchanged information on US systems.
The news that McKinnon was not the only one roaming over US systems known about by the authorities does beg the question as to whether the US policy is to make an example of the hacker who suffers from Aspergers Syndrome, a medical condition that makes it difficult for sufferers to understand social situations.
According to Fi’s sources, McKinnon first came to the attention of the authorities during a monitoring exercise carried out by Surrey Police into the activities of a hacking gang whose members were spread Europe-wide and included hackers based in Spain, Bristol and Scotland.
“McKinnon was a long way from being the leader. There was someone much bigger than McKinnon in the group. One of the reasons that we were blind-sided by McKinnon in the original investigation was because this particular Mr Big had been responsible for damaging a lot of things in the UK,” said Fi’s source.
McKinnon, had an identifiable ‘US history’, though he was not the only one and subsequently suffered because his activities in the US were highlighted in an intelligence package that eventually made its way to the US authorities.
Ironically the main gang members, who were subsequently broken up by Surrey Police, had the case against them dropped because credit card companies that had been caught up in the group’s activities had decided to withdraw their charges to avoid any damaging publicity.
That McKinnon was not the only person stalking through the US defence systems was given more support over a year before his arrest, when hackers outside of the UK approached Future Intelligence, and offered the organisation computer files that they claimed contained video footage of US ballistics experiments and other material.
At the time Fi suggested that the hackers should either destroy the material or hand it over to the relevant authorities.
It was only later when details of the charges against McKinnon came to light that it became apparent that similar files were in existence.
Entry to the US systems was easy, according to hackers in the hacking forums McKinnon was monitored attending, often because US security systems had never had passwords installed so the password was set at the system default.
Something McKinnnon admitted in a BBC Click News programme.
“GM: Unlike the press would have you believe, it wasn’t very clever. I searched for blank passwords, I wrote a tiny Perl script that tied together other people’s programs that search for blank passwords, so you could scan 65,000 machines in just over eight minutes.
Interviewer: So you’re saying that you found computers which had a high-ranking status, administrator status, which hadn’t had their passwords set – they were still set to default?
GM: Yes, precisely.
Interviewer: Were you the only hacker to make it past the slightly lower-than-expected lines of defence?
GM: ….There was a permanent tenancy of foreign hackers.” (http://tinyurl.com/md26v )
Backdoors were set into the US systems in the most embarrassing of ways by installing a remote management tool known as ‘GotomyPC’ which allows home and work computers to be controlled from any distance, effectively creating a network within the US defence network.
An embarrassment that US officials have not forgotten: “there are lot of people in law enforcement in the US who want to get a hold of McKinnon,” said one former US intelligence agent.
According to Fi’s sources, McKinnon was regarded as a maverick and a simpleton with an obsession with extra-terrestrial research and was not taken seriously by the hacking group.
“McKinnon would actually go and ask the others questions, he was if anything being coached. He would turn up at the forum that they used and ask them for exploits and kiddie tricks.”
According to McKinnon, speaking in an interview with Fi immediately after his arrest, he had been tracked down by US officials because he had alerted a woman working on a computer at the Johnson Space Centre by taking over her computer.
“I suppose you could say that I really just wanted to get the whole thing over by then,” said McKinnon. “I was watching what she was doing on her screen on my computer and I just felt I wanted to say something to her, so I typed ‘why are you doing this,’ on her screen.
“I knew she knew right from that moment because her computer was turned off instantly,” said McKinnon, who has also admitted leaving a threat on another computer saying: “I am SOLO. I will continue to disrupt at the highest levels.”
The truth was anything but, rather than being solo and rather than being caught by the US, McKinnon was discovered on a hacking forum being monitored as part of an investigation into another hacker.
Seen as a small fish in the scheme of things McKinnon’s details were then passed onto the then National High Tech Crime Unit who passed them in turn onto the FBI Legal Attache at the London Embassy who alerted the US authorities to McKinnon’s existence.
Now in a final ironic twist the US Embassy Cables have revealed that both Gordon Brown and Prime Minister David Cameron have been fighting for McKinnon’s sentence to be served in the UK, in return for a statement of contrition.
Ironic, because release of the diplomatic communiqués collected by US private Bradley Manning on the Wikileaks website which has caused a massive loss of US worldwide credibility will only lead to a maximum prison sentence for the US citizen of 52 years.