The year 2001: Harry Potter, Training Day, The Lord of the Rings, Shrek and the first The Fast and the Furious hit theaters. The Gotthard Tunnel burns, 9/11 happens and the war on terror begins in Afghanistan, the XBOX, Windows XP and ITunes appear. The Mir space station crashes into the Pacific Ocean in a controlled manner, Teenage Dirtbag, Butterfly and Clint Eastwood are at the top of the charts. Aggro Berlin is founded, BoxeR wins the World Cyber Games in Starcraft: Brood War, Aaliyah dies in a plane crash and so-called fighting dogs are banned in Germany. GTA3, HALO, Max Payne, Black & White, Gothic, Tropico and Devil May Cry are released and Gary McKinnon hacks American military facilities to look for evidence of UFOs. What a year.

Time to fire up a good 2001 playlist and take a look at what this hack was all about. (Recommendations: NERD, Gorillaz, Electrochemistry)

Atari Hackers hack the Planet

Gary was born in Glasgow on February 10, 1966, and dropped out of school at 17 to become a hairdresser. In the early nineties, friends convinced him to pursue a career in computer science and he soon got his first job in this sector. Gary showed an early interest in programming, and when he got his first Atari 400 at the age of 14, he used it less for playing games and more for programming and being creative (As reported by the telegraph).

In the mid or late nineties Gary starts to get involved with UFOs and develops a passion for various topics/technologies that the US government supposedly keeps secret from the public, such as free energy or anti-gravity drives. He takes it upon himself to get to the bottom of the matter and starts a search for secret information at NASA and the US military complex. To do this, he will hack into countless computers of U.S. agencies and the U.S. military between February 2001 and March 2002. The U.S. government will later call this the largest hack on military IT systems.

Ghost in the User=Pass Machine

How Gary initially gained access to the US military and government (mil/gov) networks is not clearly documented. However, it seems likely that this was simply done via a weak password, as Gary states in his (Reddit AMA):
“It wasn’t a clever hack, no fragmented packets to bypass firewalls or any of the glossy crap. I had a specific intention and, like any good sysadmin (which i was at the time) i wanted a simple process that would catch basic weaknesses, sometimes network-wide, with a simple script and a little creativity. It was cracking more than hacking.”

And to the point:
“Like any sysadmin knows, the laziest solution is often the best ;+}”

This is not only good for sysadmins, but also good hacker mentality. It’s also still the best advice for hackers today.

In order to spread to the various networks, Gary wrote himself a simple script in Perl. Since not all computers had Perl installed, he used perl2exe to run his program. It tried to log in as a local administrator on Windows PCs whose password was either blank, the same as the username, or simply “password”. Using this approach, Gary searched for UFO documents at a NASA lab, compromising computers at NASA, as well as systems in Washington and military bases such as the Naval Weapons Station Earle in New Jersey, according to the U.S. Government. On a military home page, he left the message “Your security is crap” in the process, and after 9/11, the message:
“U.S. foreign policy is akin to government-sponsored terrorism these days … It was not a mistake that there was a huge security stand down on September 11 last year … I am SOLO. I will continue to disrupt at the highest levels”

A Solo Story

In north London, from the bedroom of his girlfriend’s aunt, he searched for “Building 8,” which he believed contained UFO information. According to Gary, he not only found this lab, but also discovered relevant UFO information. Limited by the technology of the time, however, he was unable to copy the documents and recordings using his 56k modem (check Tronimal for good beat with oldscool chips).
When he looked at the files and images remotely instead, he was able to see metallic futuristic shapes but was detected and disconnected before Gary could copy the files. Whether this really took place is at least questionable.

What is undisputed, however, is that Gary pretty much exposed the U.S. military by showing that no relevant cybersecurity whatsoever was present in those systems, and that despite the fact that the mood at the time pretended otherwise, especially in the context of the war on terror and patriot act.

Since Gary was neither particularly technically proficient nor great at acting in secret, he was indicted in November 2002. After some back and forth, however, then UK Home Secretary Theresa May blocked his extradition to the United States. Gary always saw himself as a humanitarian-motivated hacker who wanted to find the secret information about UFOs and other secret projects and make it available to the public. He is still active in the UFO scene today and runs a small, obscure YouTube channel.