Not only was he silly enough to commit the crime, he left sarcastic messages behind, I understand? This begs the question how sensitive was the material? If McKinnon could access it, lets face so could anyone who wanted a look.
So..has there ever been any reprisals for the lack of security with the machines he hacked? My understanding was that he used 'off-the-shelf' tools to gain access because the servers weren't patched? In my mind that as negligent as the illegal access.
The negligence in this case is stunning. His 'hack' was to write a Perl script which scanned a range of IPs, looking for remote access accounts that did not have a password. So, the compromised machines were:
- connected to the public internet, with a publicly routable address
- not firewalled
- running remote access software without a password
I strongly believe the strength of feeling shown by the US authorities here is primarily one of embarrassment. It is more comforting to believe you are facing a genius superhacker than it is to believe the people responsible for your network security are literally incompetent.
Also, while he was logged in to these machines he had notepad.exe-based conversations with other hackers - he was definitely not the only person who accessed these systems.
My understanding is that they used the £500k they said the hack cost to plug the security holes. In an interview I saw a while ago it basically said he walked in through the front door, the "Administrator" account did not have a password and the computers in question were accessible remotely.
So..has there ever been any reprisals for the lack of security with the machines he hacked? My understanding was that he used 'off-the-shelf' tools to gain access because the servers weren't patched? In my mind that as negligent as the illegal access.