|Home » Industry Watch
Bevan on McKinnon
Or what Gary's story is really all about.
Gary McKinnon can face extradition to the US any day. Certainly his own people have let him down time and again. What awaits is trial by rednecks - most likely in Virginia where people believe anything born or grown outside the US is evil and must be bombed and invaded.
But Gary McKinnon's case is not the first of its kind. Ten years ago (in 1996) UK (Welsh) hacker Matthew Bevan, using the handle 'Kuji', made his way into computer systems at the Griffiss Air Force Base Research Laboratory in New York. He too was intent on proving a UFO coverup. He too was busted.
The US special agents involved at the time claimed Bevan had been close to starting 'a third world war'.
But Bevan never faced the threat of extradition and his own government at home eventually tired of the whole thing. Bevan was never prosecuted.
Ten years later Bevan is a security consultant and has very definite opinions on the McKinnon scandal he's related to John Leyden of The Register.
Things Not What They Appear to Be?
Now sporting a white hat, Bevan says he warned of things like this ten years ago. Bevan says the lax security has not changed - at least on that side of the Atlantic - and even suggests things are kept this way on purpose.
'Tacitly allowing access to machines by ensuring that default passwords or in fact access methods without passwords is suggestive of a system that really does not care too much about many of the machines connected to it', Bevan told Leyden.
And Gary McKinnon didn't reflect very much on how easy it was for everyone to hack into the Pentagon but Bevan definitely does - for why in all the world would anyone connect thousands of feeble Windows PCs directly to the Internet, each with their own unique IPs? Are the generals in the Pentagon really that stupid?
And why and how was Gary McKinnon singled out?
'Why is it that only a tiny number of those people ever face prosecution?' asks Bevan. 'It is clearly not because the others cannot be found. You cannot believe that out of so many people Gary just happened to be caught.'
This is outright trickery - something commercial organisations would never get away with, says Bevan. McKinnon is being used not only as a scapegoat but as a way to secure additional funding from the government.
'I think it's all about timing and whether or not the hacker will make a good scapegoat whilst allowing the administration to request further money. The fear machine can keep churning out propaganda as per normal but don't expect those machines to actually get better security. They are not businesses, have no shareholders, and therefore do not have to answer to the same stringent rules and tests that the computer systems of corporations would.'
Those Pesky Hackers!
Bevan sees intrusion attempts as comparable to pest infestations - that can be combatted by comparable housekeeping rules. Rules the Pentagon seem uninterested in learning and adapting.
'My cynical side believes that those pesky hackers are treated just like any bug infestation, the odd one or two or even a handful is not much of an issue until the place becomes overrun. It is then that you can call in the exterminators and make a big fuss about the problem. Of course it never addresses that the usual problem with an infestation is someone has not been keeping their place tidy. You leave scraps around for rats to find - and in a short time you will have many many more rats sniffing around for the goodies.'
But that's a dangerous and irresponsible tack, says Bevan.
'If Gary had been clear minded and deliberate about what he wanted to achieve and was a malicious person rather than the pacifist he is - where exactly would we be now?'
Rixstep/7: Bevan on McKinnon
The Register: McKinnon a 'scapegoat for Pentagon insecurity'