Going Solo Across the Atlantic

Let me see if I have this right? A British hacker, Gary ‘Solo’ McKinnon not Osama Bin Laden mind you and for no other purpose than personal amusement – allegedly – managed, in the wake of September 11, to wreak havoc among US military systems, until he was finally clobbered by the Hi Tech Crime Unit here in the UK.

Of course nothing valuable was stolen say the US authorities. No plans for the latest stealth fighter or the story of what really happened at Roswell, which all rather leads to a certain jurisdictional fuzziness as I’m informed that in this country at least, “information is not capable of theft” and that while it’s an offense to deceive a person it’s not an offense to deceive a machine. Hold on, you say, what about a cash-point with a stolen pin number? That’s different I’m told because theft by deception is involved.

Quite understandably, Mr. McKinnon would prefer to avoid being extradited to a country which first tested the electric chair on an innocent elephant and saw Congress rush in new legislation, which can carry a life sentence for hacking. Most unlike the UK, which you may recall in the case of Raphael “Curador” Gray, who was given probation and a sound ‘telling off’.

What does this latest revelation tell us, other than the need for this Government to introduce a new crime of ‘Criminal Stupidity’ in the next Queen’s speech? Last week, I was talking with Tony Neate of the national Hi-Tech Crime Unit (NHTCU) and he was telling me that one in five organizations had suffered a security breach. Security has increasingly little to do with your choice of platform, although it’s an important factor and I see that Apple’s OSX has been confirmed as vulnerable to a number of exploits.

It’s no longer good enough for the media to lay the broader responsibility for Internet security at Microsoft’s feet, because the evidence clearly shows that the different Unix flavours, Linux, Solaris, Mac OSX are suffering just as badly, if not worse then Windows, when it comes to published exploits and recorded compromise. Truly secure computing, whether its Windows or even Open Source, remains an aspiration and will do, for some time to come. The US military sites should have been hacker-resistant but they weren’t and I would guess the problem lies more with people, processes and policy than with the choice of technology. In combination and badly managed, a hole opens up in the network infrastructure that offers a skilled hacker, such as ‘Solo’ enough space to drive a truck through and if the increasingly paranoid and security conscious Americans have been caught with their pants down, then God only knows what’s been happening closer to home over the last twelve months?

While people still use guessable passwords and administrators fail to apply security patches, the problem isn’t going to go away. We can of course ‘Export’ Mr. McKinnon to the United States for trial but he’s simply one of many thousands of others who very obviously aren’t deterred by the prospect of making new ‘friends’ in a Federal penitentiary. Education remains the answer to better security. Not trustworthy computing but responsible or even common-sense computing is what’s needed, anywhere where a computing device of any kind, is connected to the World Wide Web.


Popular posts from this blog

Civilisational Data Mining

The Nature of Nurture?