Feeds

back to article US military advisor calls for McKinnon pardon, recruitment of "master hackers"

A leading US military strategist has urged the Obama administration to soften its stance if it wants to attract the kind of “master hackers” that would enable it to compete in cyber space with China, starting with the symbolic gesture of pardoning Gary McKinnon. John Arquilla, a US Naval Postgraduate School professor and advisor …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

"Pardoning" Gary McKinnon could save US gov some face and naïvely be hoped to help US gov repair its "world's policeman" propaganda.

There, fixed that for him.

Oh, and how, exactly, do you "pardon" a foreign national into whom your rotten lynching legal system never even managed to sink its claws? Apologise to... certainly... long overdue... but pardon?

27
0
FAIL

Apologise? How about thank him. Imagine he didn't expose the ridiculous lack of security on DOD infrastructure and force the US Gov. to at least apply some basic security policy. I doubt it's watertight now but the Chinese would be having a field day if you could just log in to machine with a blank local admin password and install LogMeIn to browse at your leisure.

8
0
Silver badge

yea except that the Chinese are already well aware of the UFOs. John Mcafee knows too.

2
0
Silver badge

Given most UFOs are powered by JP-5, I'm sure the USA is aware of them too.

0
0
Anonymous Coward

I thought most UFOs were powered by cannabis?

0
0
Bronze badge
Coat

Can the United States government make the right choice? Someone buy Obama a copy of Hackers and maybe Angelia can convince him to support the effort.

Mines the one with the directors cut of Hackers.

2
0
Bronze badge

Joshua

Surely they should start by changing WOPR's backdoor password from 'Joshua' ?

1
0
Silver badge
WTF?

Master Hacker ?

>"attract the kind of “master hackers”

Regardless of being innocent or guilty, Gary McKinnon was not a master hacker. At best he could be known as a script kiddie.

Master Hackers are definitely not the kind of people that spend their time looking for applications that are still using default passwords.

Also please refrain from using "Hacker" only in the negative sense.....

These two "Master Hackers" have identified a weakness in TLS encryption by studying reponse times. They are definitely not in the same category as GM.

17
0

Re: Master Hacker ?

I don't think he was referring to McKinnon himself as one of the "master hackers", rather as an example of the US government/legal system's general attitude toward the technologically curious.

Firing your shotgun toward someone who was just playing in your garden without permission, is likely going to make the elite players think twice about coming to visit.

15
0
Silver badge

Re: Master Hacker ?

I was expecting it to be Matt Bryant who called McKinnon a "script kiddie".

This story's going to make poor old Matt's head explode.

6
1
Anonymous Coward

Re: Master Hacker ?

No... Matt Bryant will be the one shouting:

HE SHOULD HAVE BEEN DEPORTED

HE'S A CRIMINAL

IT'S LIKE THE DAILY FAIL 'ROUND HERE

HE'S A CRIMINAL

DEPORT HIM

...then the poor sod's head'll assplode.

Just nipping off for the popcorn.

6
1
Silver badge

Re: Master Hacker ?

Hackers are what have been frequenting several US military databases for a while according to the press.

Doubt if the ones not found yet will be leaving anytime soon.

0
0

Re: Master Hacker ?

>Firing your shotgun toward someone who was just playing in your garden without permission, is likely going to make the elite players think twice about coming to visit.

Unless of course, 'you're trying to tell me I can dodge bullets.'

0
0
Silver badge

Re: Master Hacker ?

There's a lot not being reported. Like the script kiddies who installed a IRC bot server on NASA's original mars rover controller.back in the 90s. Much of it is simply quietly removed in the hope that superiors don't find out.

1
0
Trollface

Master Hackers get $10,000 an hour

McKinnon better get an agent.

1
0

This post has been deleted by its author

Facepalm

Re: Master Hackers get $10,000 an hour

IT'S A TRAP!

Issue him a "pardon"... tempt him over to the dark side (of the pond) with offers of SQUEEEEEEEELIONS of dollars and a cool sounding job... then... as he steps off the plane... pronounce him a terrorist who was buried at sea on the way over and disappear him of to some obscure CIA Military harmless charity outpost in Romania to answer a few enhanced questions.

Nice try Yankee types but I doubt even McKinnon is that stupid.

4
0
Bronze badge

Re: Master Hackers get $10,000 an hour

" tempt him over to the dark side (of the pond) with offers of SQUEEEEEEEELIONS of dollars"

That's what the villain in Die Hard 4 did. Worked out well for those 'hackers' too....

1
0
Pirate

Re: Die Meisterhackers von Washington

Their Guildhall is Der Pentagon

1
1

McKinnon .....

Basically the US got what they deserved. If one man searching for evidence of UFO's can infiltrate a "high security" network, then the fault lies with the network administrators. Geez, even I know how to strengthen my passwords and access to my home wifi. McKinnon was not a criminal in any sense of the word. The fault lies with some idiot "administrator" trying to cover their own pathetic arse because he left the default password to "password" or "fido" or some such crap.

17
1
Silver badge

It's a bit like

In cartoons where the bad guy gets his ass kicked and then goes "I'll let you off easy this time" before running with their tail between their legs.

Effectively admitting defeat without admitting defeat.

5
0
Silver badge

McKinnon is a false flag operation designed to simultaneously convince the world the US military have poor security networks and secondly that the US military has no evidence of UFOs entering the atmosphere on a daily basis.

"build trust between hackers and the government"

A master hacker would trust no-one

4
1
Meh

And sack Carmen Ortiz....

2
0
FAIL

They could put her head on a stake

And it would make no difference;

it's not the well they've poisoned,

it's the water table.

Dhu

2
0
Silver badge

The £88,888,888 question .......

Aside from persuading IT professionals to sign-up and “click for their country”, or using artificial intelligence, the best way to build out capacity in this area is to recruit more hackers, he argued.

However, by failing to act quickly it runs the risk of losing out on recruiting the small number of world-class “master hackers” who can “walk right through firewalls”.

Hmmm? A question for John Arquilla, a US Naval Postgraduate School professor and advisor to former defence secretary Donald Rumsfeld …… Is there any significant measurable difference between Master Pilot Controllers and the few missing recruits who be world-class “master hackers” who can “walk right through firewalls”?

3
0
Silver badge

I forget who it was that said something this

No-one knows who the world's greatest hackers are, because you've never heard of them. They leave no abusive messages on the system, they mess with as little as possible and above all they keep their mouths shut.

Hiring someone from Anonymous or Lulzsec will be as much use to you as a chocolate kettle and considerably more noisy.

5
0
Bronze badge

Re: I forget who it was that said something this

No-one knows who the world's greatest hackers are, because you've never heard of them.

Of course, "the world's greatest hackers" is obviously a meaningless term, like "the world's greatest writers" - either it's so inclusive that it's an enormous category with a huge range of talents, or it's based on completely arbitrary criteria.

But even the pretty good hackers, in the "breaking security" sense, are rarely heard from. What we do see sometimes is evidence of their passage, as in the hack of the Internet Auditing Project (search for "they're heeeere") back in 2001. One of their locked-down systems was broken in by an intruder who gained access to the network using credentials stolen from a different compromised machine. The attacker got into the BASS system, rooted it with a zero-day exploit, and installed a backdoor and rootkit. All over an ssh connection (files uploaded via the shell, uuencoded), and all in 8 seconds - proving this was an automated attack. The IAP folks only knew about it because they had a kernel hack in place that logged all activity through any tty/pty descriptors.

That kind of sophisticated malware is produced by teams of clever, knowledgeable folks, with lots of resources at their disposal. It's not McGee and Abby furiously typing on the same keyboard.

Hiring someone from Anonymous or Lulzsec will be as much use to you as a chocolate kettle and considerably more noisy.

And not as tasty.

0
0
Silver badge

::rolls eyes::

Earth to John Arquilla: This is not the movies. Hope this helps. Have a nice day.

4
0
Silver badge

The US government need to find people who can walk through firewalls but are also capable of putting a logic bomb through the backdoor

0
0
Anonymous Coward

I once had a logic bomb put through my backdoor. At least that's what I think she said it was. Didn't much go for it.

0
0

Pardon me

How can he be "pardoned" if he has not been convicted of a crime?

6
0
Silver badge

Re: Pardon me

Because he's obviously guilty.

It's how the legal system works -- no jury of peers, no hard evidence, lots of FUD, and the correct meaning of 'prejudice'

Oh, plus he's a Brit and in Hollywood they are usually either the bad guys or a complete fop.

As McKinnon has not got the laydeez swooning I can only assume he's been picked to play the part of villain.

4
0
Silver badge

Re: Pardon me

A pardon 'forgives' (for lack of a better term) him of any crimes he may or may not have committed. Under US law no conviction is necessary for a pardon. You can stop prosecution cold with one before the trial even starts.

3
0
Boffin

Re: Pardon me

The most famous example of a US pardon without any prosecution is the pardon of Richard Nixon by Gerald R. Ford. It can be seen at http://www.youtube.com/watch?v=_qC2b6ibOK0 .

0
0

Re: Pardon me

He hasn't been convicted because the Home Secretary didn't extradite him. If he ever falls under US jurisdiction, he could still be prosecuted (and would presumably be convicted, because he has admitted responsibility for the intrusion, and the law is an ass). A pardon would put an end to that.

0
0
Anonymous Coward

Re: Pardon me

"Statute of limitations"?

0
0
Silver badge
Joke

I'm suddenly reminded of an episode of CSI where a dude breaks into the FBI database in an effort to get a job then gets hired by the NSA instead of going to jail. Are we going ta ask the 'master hackers' to write a GUI in Visual Basic to trace an IP to?

2
0
Bronze badge

Yes, but only if it includes many message boxes with flashing red text, accompanied by some sort of annoying sound effect.

0
0
Alien

Which shade?

Black, Grey or White...

Surely which shade is based, purely upon intent? But then... if ones intent could be derived from a note somebody else wrote, as in the recent case of Casburn... hmm the worlds just a tad hypocritical and messed up!

0
0
Holmes

So someone's smelling the winds of change then?

It seems like slowly US government officials are discovering that their aggressive policy towards hackers (in the traditional sense), the technologically curious and activists for the free-flow of information is starting to cause a bit of stink... so much that it's causing even mainstream tech community to hold the US government in contempt.

This in turn makes recruitment harder if you're raising a generation that is not only technologically superior to you, but actually considers you a road-block to freedom. They won't want to work for the government because they mistrust the government, in turn the government starts to lose IQ points in it's collective mind-share as the old guard retire and die off.

Can the US government restore it's reputation? Possibly - does it have the tenacity to? Not with the current majority of politicians stuck with heads up their collective arses. It will take a major shift in how it interacts with the tech community, might be too little, too late by then.

2
1
Silver badge

Re: So someone's smelling the winds of change then?

"you're raising a generation that is not only technologically superior to you"

Post proof of this, or retract the concept as pure conjecture. Frankly, as a sometime lecturer at Berkeley & Stanford these last 30 years, I find quite the opposite to be true.

1
0
Bronze badge

Re: So someone's smelling the winds of change then?

Frankly, as a sometime lecturer at Berkeley & Stanford these last 30 years, I find quite the opposite to be true.

Going by, say, the past few decades of ACM publications or similar, I think what we're really seeing is just dilution. There are good young people working in CS and other tech fields, just as there were in previous decades; but as those fields have grown, the number of mediocre people working in them has increased faster, so the good ones are harder to spot in the crowd.

In the last grad CS class I took, a couple of years ago, there were some clever folks: one two-student team developed an algorithm for - lemme see, predictive modeling of gene methylation, maybe? - that outperformed the best one in the literature to date. That's real research. But most of the students, to be honest, were just picking up enough knowledge to add a couple words to their CVs.

I'll certainly agree with Jake that this idea that the current generation (however defined) is "technologically superior" is rather dubious. I might also note that methodologically-sound studies of "digital natives" and like have shown those concepts (the sort of stuff promoted by Wired writers and similar clowns) to be completely unfounded.

0
0
Bronze badge
Alert

And the Chinese, for example, will respond with... ?

A double-take?

"Oooooo-Kaaaaay! You asked for it!"?

Actual squeeeeeelions of dollars in a bidding war (on the off-chance that they can't already tap the top-tier talent with a flick of their collective elbow)?

Just askin'.

0
0
Anonymous Coward

If McKinnon snubs the pardon...

maybe Obama should award him the Distinguished Hacking Ribbon.

0
0
Anonymous Coward

Yeah, right that will work

I hope this strategists isn't actually getting paid for having his head up his arse and being clueless.

0
0
Bronze badge
Meh

The answer has always been easy, roll your own. They need to hire programmers in-house and custom make their own security software. Hell I have been wondering for ages why the government continues to buy Microsoft products and doesn't do like the Chinese have done, and roll their own version of Linux.

For that matter creating odd hardware (48-bit processors?) and running specially compiled software versions on that hardware would go a long way to stopping the onslaught of script-kiddies (I bet its hard to drop in an exploit through a buffer-overflow when you can't compile the proper exploit because it needs to run on some crazy out of spec hardware that no one has a compiler for).

1
0
Bronze badge

Hell I have been wondering for ages why the government continues to buy Microsoft products and doesn't do like the Chinese have done, and roll their own version of Linux.

They did, sort of: the NSA created what became SELinux.

It's politically impossible to get even the executive branch of the US Federal government to agree on, and implement, any sort of major IT change like moving to a single OS. You're talking about thousands of fiefdoms controlled by unelected bureaucrats who can argue until heat death against any encroachment on their power. Add to that Microsoft's not-inconsiderable lobbying power, and the difficulty of proving any value in moving away from the Windows/Office hegemon, and good luck getting any traction for that plan.

For that matter creating odd hardware (48-bit processors?) and running specially compiled software versions on that hardware would go a long way to stopping the onslaught of script-kiddies

Script-kiddies are not the problem; or, rather, they're a part of the attack tree that's easily pruned using known techniques (firewalls, vulnerability scanning, penalties for violating internal standards so security is no longer an externality for individual offices). Serious attackers won't be bothered by your arcane hardware, so all you'll do is push your procurement and development costs into the stratosphere.

1
0
This topic is closed for new posts.