Sunday, May 07, 2006
Lies, lies, damned lies
I like to peruse Bloglines Top Links for the day; I find a great deal of interesting news, fun gadgets, and way-cool videos this way.
Today, I came across an interview with a U.K. hacker whom the U.S. is seeking to deport.
It's quite entertaining; he claims that he was hacking with a higher moral motive, that being that he wanted to find unretouched photos of UFOs squirreled away in U.S. military computers.
All well and good--I'm as enchanted with conspiracy theories as the rest of the world, and, being an SF fan well-acquainted with the arguments for and against the likelihood of alien life in our galaxy, love talk about UFOs.
But good lordy. The computer geekette in me rises high and shouts with derision at some of the things he's saying.
Not at the basic premise of how he hacked the computers. He claims he used a script that checked a wide variety of gummint computers for blank passwords. This, alas, is a reality. You would think that computer gurus in the ITS departments across the U.S. government would know better than to leave, say, MS SQL Server installs with their default system administrator password blank, but...well...we're talking the government here. Besides, even outside of government, you will find plenty of MS SQL Server installs out there totally unsecured. While Microsoft is the Evil Empire, and it's mighty irritating that they designed the (prior) installs of SQL Server to even allow people to install without changing the SA password, it doesn't give people installing it a pass to ignore basic security procedures. Grr.
But, I digress.
The first doubts this guy's interview roused in me occurred when he claimed that he was discovered in his hacking by a government network engineer (okay), and then had a conversation with this engineer using WordPad.
Ooookay. Yah, right.
Then he claims that he couldn't grab a copy of one of the pictures he saw on the government computers, using a lot of obfuscatory hand-waving. So, this guy is using MS Windows. (He had this conversation using WordPad above, right?) An accomplished hacker using (ack, gag) MS Windows doesn't know how to hit CTRL-PrtSc, open up Paint, and paste the picture in--the classic "I need to grab a copy of this screen" trick in Windows? (This trick works even if you're using Remote Control Desktop, BTW.) Furthermore, if you're downloading something from someone else's computer, it's stored somewhere on your own computer as a temporary file--no matter whether you're using Windows, Linux, OS-X, or some other type of operating system.
Then...then the "you really are a big fat liar, aren't you?" moment occurred. This hacker said, in the interview, that this particular download was disconnected at the source (the other computer), and he knew it because--are you ready??--he "saw the guy's hand move across" to disconnect him.
Oh, yeah. Riiiight. I'm a hacker, I've hacked into a U.S. gummint computer hundreds or thousands of miles away, I'm viewing a surreptitious grab of a graphics file from that other computer, and somehow or other, I'm able to see that other person's hand????
Tell me another one, Gary McKinnon.
(SlashDot has an amusing thread of commentary on this very same story. There are some possible explanations--like the Remote Desktop, as I noted above--but the consensus is GMcK is either a nutcase or is lying.)
posted by Kate @
5/07/2006 09:10:00 AM
1 Comments:
1 Comments:
-
At 5/08/2006 06:04:00 PM, josetteplank.com said…
Uh...could you write this post in English? ;-)