The US military made basic security errors that left
sensitive computer systems open to hacking, the former systems
administrator at the centre of a high-profile hacking case claimed
this week.
Gary McKinnon, who faces possible extradition to the US and a
60-year jail sentence for allegedly hacking into computers
belonging to Nasa and the Pentagon, said he was surprised by how
easily he was able to penetrate military networks.
"The lapses were shocking," he told Computer Weekly. "I do not
regard myself as an expert hacker."
US government systems administrators were making mistakes that
have been well know for at least a decade, said McKinnon, who is
accused of causing £500,000 of damage to government computer
systems.
In some cases systems administrators had typed their passwords
into the comment fields of programs that could be accessed over the
internet. In other cases, passwords had been left blank, he
said.
McKinnon said he was shocked to discover one US military
administration network could be accessed directly from the
internet.
Basic rules to beat the hackers
- Rename administrator accounts so they cannot be identified by
hackers
- Enforce log-in and log-off times so that no one is allowed to
log on outside of working hours
- Make sure staff turn their machines off when they leave the
office
- Make sure machines are protected by passwords. Don't leave
passwords blank.