The US military made basic security errors that left sensitive computer systems open to hacking, the former systems administrator at the centre of a high-profile hacking case claimed this week.
Gary McKinnon, who faces possible extradition to the US and a 60-year jail sentence for allegedly hacking into computers belonging to Nasa and the Pentagon, said he was surprised by how easily he was able to penetrate military networks.
"The lapses were shocking," he told Computer Weekly. "I do not regard myself as an expert hacker."
US government systems administrators were making mistakes that have been well know for at least a decade, said McKinnon, who is accused of causing £500,000 of damage to government computer systems.
In some cases systems administrators had typed their passwords into the comment fields of programs that could be accessed over the internet. In other cases, passwords had been left blank, he said.
McKinnon said he was shocked to discover one US military administration network could be accessed directly from the internet.
Basic rules to beat the hackers
- Rename administrator accounts so they cannot be identified by hackers
- Enforce log-in and log-off times so that no one is allowed to log on outside of working hours
- Make sure staff turn their machines off when they leave the office
- Make sure machines are protected by passwords. Don't leave passwords blank.