Biggest military computer hack of all time – What is hacking?

Old No Comments on Biggest military computer hack of all time – What is hacking? 16

Gary McKinnon, a Scottish systems administrator born in the late 60’s is known for the “biggest military computer hack of all time”, he said he was looking for evidence of free energy and UFO cover ups.

He had been diagnosed with Asperger’s Syndrome and the method he used to gain access, myself can not call hacking. Its not something to condone but it certainly is not hacking. He properly could of used other methods, but he didn’t need to thanks to nasa great security.

Where do we draw the line of what is hacking? A lot of us know there is a lot of misconception about the meaning of hacking and accept the meaning the general public think’s it represents most the time. But at what point does it become illegal? To me i think well if he was able to access it, it obviously was written to allow him access. It might not of been attended but that is the reality of it.

In a documentary he explained how he gained access, He had wrote a small application to generate IP addresses and by chance got the IP of a computer at NASA. He then simply connected via remote desktop connecting using the username administrator and the password was blank, as in empty.

Another simple exploit would be local file inclusion, Of course they never attended for you to be able to download their word press config file but that is what happens when you do not plan or tread carefully while programming.

Both of these methods could be explained to a script kiddie or even a grandma, local file inclusion most the time is just going to a hyperlink with certain get data in the address bar. What about the recently major security with with OpenSSL? Was that hacking to exploit it?

You could send a packet to the OpenSSL server for a heartbeat to keep the connection alive, but you could request more data then that existed meaning it would give you extra data from raw memory.  It was then just a matter of looking for some HTTP post data, and you could see the username and passwords of users who was logging in at the same time you was getting data back from the memory. But it all comes down to the fact you could request x bytes in the packet and there was no code to make sure you did not request more bytes then you should.

I have conflicting thoughts about this, for example brute forcing allows you access sometimes, you could say its a bad password but you still are brute forcing. Brute forcing passwords is a bit difference to downloading a file from a web server that just so happens to contain MySQL authentication information.

Whats your opinions?

Author

Ashley Meah

Young programmer and developer interested in computing, technology, and networking. Current interests are C# and the TCP/UDP protocols.

Related Articles

Leave a comment

Back to Top