The British courts have seen details of numerous embarrassing
intrusions by hackers into some of theUS military's most sensitive systems.
The extraordinary list of violated military agencies is detailed
in a
document published exclusively by Computer Weekly today, a
Crown Prosecution Service review of US evidence against
Gary McKinnon, the UFO hacker.
Mckinnon's lawyers used the
CPS' 'Review Note 3' to support their
argument in the High Court that US evidence against McKinnon is
too weak to secure a prosecution in this country and unlikely even
to uphold allegations against McKinnon in the US.
The document nevertheless demonstrates how
vulnerable US military computer systems were to attack before
and after 11 September 2001.
Easy access
The document describes how Remotely Anywhere, a remote access PC
tool, was installed on systems belonging to the United States Army
Intelligence Center's Battle Lab
Fort Benning in the
early months of 2002, when the US military was on high alert.
This is the site where the US military tested its Future Combat
System of computer-networked infantry which hooked into a HQ
battlefield intelligence system designed to give US soldiers the
edge in combat. Intruders copied files from Battle Lab's computers,
said the report.
Between 28 December 2001 and 5 January 2002 systems belonging to
the
Patuxent River Naval Warfare Aircraft Division, were broken
into, according to the document. 8,000 military scientists conduct
research and development at Patuxent into manned and unmanned
aircraft systems.
This spring, the US military admitted the
Joint
Strike Fighter Program Office in Pearl Harbour had been hacked.
The JSF is being developed jointly with the UK as a replacement to
numerous warcraft, including the Harrier Jump Jet. It was thought
the hacks went back only as far as 2007. But US military
intelligence was aware of hacks into JSFPO systems in 2002, the
document reveals.
The CPS document also details hacks on the
US Army Information Systems Command Pentagon, the US military
HQ's IT department. From this hub, another 2,500 military computers
were scanned prior to 7 February 2002.
The department had been criticised for a loss of focus after
reorganisation. Other military IT departments were also hacked.
Systems belonging to the
311th Theatre Signal Command, which runs military
communications in the theatre of war, were used to scan other
computers on two occasions before 3 March 2002, one of which
involved a scan of 92 machines.
The accused
The US has accused Gary McKinnon of accessing these systems, and
copying, altering and deleting files from these and other US
military systems. But the UK's public prosecutor said the US did
not have enough evidence to bring him to trial.
Much of the evidence brought by the US government against
McKinnon also records intrusions into systems belonging to the
premier intelligence units of the US military. Whether or not
McKinnon performed these hacks, and whether or not the US can prove
that he did, the dossier of hacks lists yet further embarrassments
for the US.
It claims that hackers installed Remotely Anywhere on machines
belonging to US 902nd Military Intelligence, a counter-intelligence
unit at Fort Meade, Maryland, prior to 6 March 2002. The 902nd is
charged with staying one step ahead of digital foes.
Other intelligence services that the US admits were hacked with
Remotely Anywhere include the HQ Command Air Force Special
Activities Center at Fort Belvoir, which is part of the Air Force
Intelligence Service (AFIS), and the US Army Criminal Investigation
Command in Washington. Intruders actually managed to delete files,
says the report.
Hackers also broke into the
US
Army Land Information Warfare Activity (LIWA), which tries to
get battlefield dominance by "protecting, managing and
exploiting...information and information systems".
US Republican security chief Curt Weldon told Congress in May
2002, three months after McKinnon's arrest, that the US military's
$38bn technology budget included funds to ensure the LIWA's
Information Dominant Center monitored all classified military
systems 24 hours a day, seven days a week. LIWA's
Computer Emergency
Response Team had also been hacked.
McKinnon's hacking activities were discovered almost a year
before, after intrusions into Weapons Station Earle in Washington,
the US Navy Supervisor of Shipbuilding and various NASA and related
civilian systems such as one belonging to Computer Sciences
Corporation. The attack on Earle was deemed so serious that the
Command Centre had to be closed for a week.
Read the Crown Prosecution Service analysis of the evidence
against McKinnonhere.