Former prosecutor: UFO hack looked like terrorist attack

Investigative resources diverted in crucial weeks, months after Sept. 11

After the computer network at the Naval Weapons Station Earle in New Jersey was breached and crashed just a few weeks after the terrorist attacks of Sept. 11, 2001, investigators thought it might be part of a larger al-Qaeda plot against the United States.

Investigators worked around the clock to figure out who had been in and out of the system that runs the weapons station for about five months, stealing passwords, installing remote access software, deleting data and ultimately shutting down the network of 300 computers for an entire week. That weeklong shutdown meant that for that period of time -- in the aftermath of attacks on the U.S. -- the station couldn't do its job of replenishing munitions and supplies to the Atlantic fleet.

Was the break-in organized by a nation-state? A terrorist group? After throwing critical resources at the probe when the government was already investigating not only the 9/11 attacks but the anthrax killings, investigators didn't track the breach to al-Qaeda. They tracked it to an unemployed system administrator in the U.K. -- Gary McKinnon, who was subsequently charged with hacking into 92 computer systems at the U.S. Army, the U.S. Air Force, the Department of Defense and NASA.

It has been seven years since the break-ins and about six since the charges were leveled against McKinnon, 42, of London, Since then, he has been fighting extradition to the U.S., but just last week the highest British court dismissed his latest appeal against the extradition.

McKinnon, who has said he broke into U.S. military computers hoping to uncover evidence of UFOs, plans to appeal the decision to the European Court of Human Rights. According to his attorney, Karen Todner, it's the last appeal he can file.

A resource drain at the worst time

Scott Christie , who at the time was an assistant U.S. attorney in New Jersey, was the first prosecutor brought into the case. Christie, who now leads the information technology group at law firm McCarter & English LLP, said McKinnon simply is "grasping at straws" with his latest appeal.

"I think it reinforces the fact that arguments against extradition had no merit and that he is continuing to avoid the inevitable," said Christie, who worked with investigators from the Naval Criminal Investigative Service on the case. "It is a very significant intrusion case, because it reinforces the fact that a lone individual who is motivated can cause significant damage to the military preparedness of this country. It showed unfortunately that security on computers at military installations was not as robust as it should have been.... If that's in fact true, it gives one concern as to what organized groups with sophisticated hacking tools who may be sponsored by organized crime or foreign governments could achieve in this area."

Christie said that since the naval station's system was shut down on the heels of 9/11, it reinforced people's worst fears. And because of the seriousness of the attack and the possibility that it could have been linked to a terrorist organization, the government threw a lot of resources at the problem -- resources that could have been used in the 9/11 investigation.

"The concern was there," said Howard Schmidt, who began working at the White house as the vice chairman of the President's Critical Infrastructure Protection Board in 2002, in the midst of the McKinnon investigation. "When these things take place, you never know till the very end what their motivation is.... You don't know if it's a nation-state or a terrorist group. You have to work it as if this was the most important case you ever worked. There is a finite amount of resources. This pulled big resources that could have been used for other things."

Schmidt, who today is CEO of R&H Security Consulting, noted that he was briefed on the investigation when he began working at the White House and that the case was something they were following.

In New Jersey, McKinnon was charged with one count of unauthorized access and causing damage to a protected computer, according to Assistant U.S. Attorney Erez Liebermann of New Jersey, who now is the lead prosecutor on the case.

The government contends that McKinnon first hacked into the naval station's network on April 7, 2001, but wasn't discovered until late in September, when he allegedly deleted computer files that were needed to power up computers on the network. In the five months that McKinnon allegedly was in and out of the system, the government charges that he installed remote access software to make it easier for him to get into the network. He also allegedly stole about 950 passwords and deleted computer logs and files.

Liebermann noted that McKinnon allegedly caused $290,431 in financial damages to Naval Weapons Station Earle.

In Virginia, McKinnon is facing seven counts of unauthorized access. There, the U.S. attorney's office claims he caused $900,000 in damages to computers in 14 states.

Liebermann noted that each of the total of eight charges carries a maximum sentence of 10 years in federal prison and a $250,000 fine. However, based on sentencing guidelines, Christie estimates that the sentences would drop down to the three- to five-year range.

UFO hunter or something more?

Christie added that McKinnon's own statements will come into play during trial. He often has told the British press that he simply was in the military systems looking for covered-up information on UFOs. However, according to a legal judgment from the House of Lords, when McKinnon was being interviewed by law enforcement in the U.K., he admitted to leaving a note on one Army computer reading, "US foreign policy is akin to government-sponsored terrorism these days.... It was not a mistake that there was a huge security stand down on September 11 last year.... I am SOLO. I will continue to disrupt at the highest levels."

McKinnon confessed to the intrusions but denied causing any damage.

Christie said being inconsistent about his story could hurt McKinnon's case.

"It goes more to jury appeal," he said, adding that McKinnon would be more likely to come off looking like an eccentric if he appears to have been someone on a quest for information about UFOs concealed by the government. But if he strikes the jury as someone who attacked U.S. military computers because he disagreed with the country's foreign policy, that's a whole different matter.

"It [would] show him to be much more deliberate, methodical and vindictive than otherwise," said Christie. "I would imagine that the government is going to... try to show that he's not this eccentric, but that he is using that as his cover story where his real motivation is attacking the government and the military because of U.S. policies.... Regardless of his explanation, he still shouldn't have accessed computers and been rummaging around and doing what he was doing."

Christie also noted that a big part of the government's job will be to prove the allegations that McKinnon's actions actually damaged the systems. Prosecutors in both New Jersey and Virginia will have to convince a jury that McKinnon's break-ins were directly linked to computer malfunctions, lost data and subsequent financial damages.

"It appears he has acknowledged gaining unauthorized access to these military computer networks, but it also appears that he does not believe he caused any damage in the course of his rooting around these computer systems," said Christie. "I don't think [this case] is a home run. The government will need to demonstrate that he caused damage... which may not be the easiest thing to prove. The government, through Mr. McKinnon's admissions, is halfway to the goal line but still has a ways to go."

For Schmidt, it doesn't matter why McKinnon was in the system. The issues are that he was in there and that he allegedly opened up easy access for anyone else to secretly get in and out, as well.

"I don't buy 'I was looking for hidden spaceships'," said Schmidt. "That doesn't wash for me.... Anytime you create an unauthorized entry point, it means [more than] one person could have used it to get into the system. Who else could have used it to piggyback into the system?"

Schmidt added that while it was "troubling" that the naval station's system could be compromised for five months without anyone noticing, he thinks security has been multiplied since then.

"We're much more focused on cybersecurity now," he said. "The controls weren't in place then. Emphasis on information security wasn't there at the time. Every year we get better. It doesn't mean we have vulnerabilities, but we are better."

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies