London system administrator faces extradition for hacking US military

An unemployed computer systems administrator from north London is facing extradition to the US. He was accused of exploiting...

An unemployed computer systems administrator from north London is facing extradition to the US. He was accused of exploiting known vulnerabilities in Microsoft's Windows operating system to hack more than 100 US government, military and corporate networks.

Gary McKinnon, 36, from north London, faces eight charges of computer fraud resulting from a year-long hacking spree. The indictment alleges that McKinnon, known by his hacker name "Solo", broke into and damaged 92 computers belonging to the Pentagon, US Army, Navy, Air Force and NASA, as well as six systems owned and operated by private companies.

Once inside a network, McKinnon was alleged to have installed remote administration and hacker tools, copied password files and other sensitive but unclassified files and deleted user accounts and other critical system files.

In at least one instance, McKinnon's hacking activity allegedly caused a major military network in Washington to shut down for three days in February. The losses stemming from his hacking are estimated to be $900,000 (£567,000), according to the indictment.

"The significance of this case is that [with] his access to these records, he was able to impair the integrity of the data on these systems," said Paul McNulty, US attorney for Virginia, who brought the charges.

McKinnon allegedly "scanned tens of thousands of systems" before taking advantage of known vulnerabilities in Windows systems installed on the targeted computers.

The indictment charges McKinnon with hacking into a computer used by the US Naval Weapons Station that was used by the Navy to monitor the identity, location, physical condition, staffing, battle readiness and resupply of Navy ships.

Between April and June 2001, McKinnon allegedly stole 950 passwords stored on seven servers connected to the NWS network and used that access to damage and force the shutdown of the NWS system on 23 September, two weeks after the 11 September terrorist attacks.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.