NASA hacker speaks

punky_munky · 6 May 2006 at 11:31

http://news.bbc.co.uk/1/hi/programmes/click_online/4977134.stm

He's so full of crap. I think he might be a little insane.

punky_munky · 6 May 2006 at 11:55

CHokKA said:
What makes you think he's so full of crap? a lot of what he has said in that article is quite viable. None of us know which way the truth is, so it is impossible to say that he is lying or that he didn't see what he saw.

Anti mavity technology being hidden? Yes that does sound plausable :confused:

Anyways, if this guy was such a l33t h4x0r and was on a quest for proof surely he'd actually have some.

punky_munky · 6 May 2006 at 12:18

If you just wanted files why would you hack in using a VNC client? Not that I know anything about hacking but it's not a very stealthy way of doing it.

-edit-

The whole thing he was saying about opening a 235mb image over a 56k dial up sounds like BS to me too. Why would he need to turn it down to 4bit/pixel? If it's VNC then it doens't copy the file over. :confused:

And he can't press Print Screen? Or set up a screen cam?

punky_munky · 6 May 2006 at 12:59

squiffy said:
Any of you worked out if he did have evidence he'll be even more trouble now? He probably has evidence but not releasing directly, pretty stupid if he does.

Only a idiot would keep print outs at his home/aunties.

He was on a quest for the truth so it would be pretty stupid for him to not have any evidence.

punky_munky · 6 May 2006 at 13:17

I had another thought. Whenever I've used VNC it doesn't control the mouse on the screen, it just logs you in invisibly. The only time i've seen it take over is with Remote Assistance. I'm sure you could set up VNC to do that but why would you?? It's just sounds like such BS. If he could write a Pearl Script to find all the machines with blank admin passwords and he could get a VNC server installed and configured undetected surely he could have done better.

punky_munky · 6 May 2006 at 13:29

Morlan said:
I would have thought that hacker was a complate liar but after watching the Disclosure Project videos and reading their evidence, I believe everything that hacker says. And I think he does have photos/information but he would be in a lot more trouble if he was caught with it.

Get involved folks!

http://video.google.com/videoplay?docid=-1166743665260900218&q=disclosure
http://www.disclosureproject.org/

That's a very well stocked store they have there.

punky_munky · 6 May 2006 at 16:23

That videos nearly 2 hours long... you got anything more watchable to entice us?

punky_munky · 6 May 2006 at 19:47

NathanE said:
Of course firewalls are present but a firewall by itself is just one layer of protection... The firewalls can be bypassed with various forms of tunnelling - or if the security breach is vast enough, by just modifying the firewall rules.

In this case (and assuming he isn't lying about the extent of his hacking activities) I suspect he used an e-mail vulnerability from the days when Outlook Express (and, well, computer software in general) was a lump of swiss cheese. The exploit then 'dropped' a SSH tunneling client to tunnel back to a server of his choice. He then connects using SSH via that relay to the exploited system. Then progress continues from that point on... e.g. installing a VNC client as he did, scanning other computers on the network(s) for weak passwords and vulnerabilities using his Perl script (or any of the common readily available tools such as Nessus).

Yeah, but that still doesn't explain why he didn't VNC invisibly.

punky_munky · 6 May 2006 at 19:59

NathanE said:
Because he wasn't able to?

If you want to remote desktop/VNC "invisibly" it means (from a technical standpoint) creating a new/seperate user session from the one that is logged-on. This may not have been possible because he may not have known any passwords or usernames on that particular computer or domain to do so.

The logged-on user also may not have had sufficient permissions to allow him to create his own account to perform his VNC activities in. Or if it did, the account was worthless because it didn't also exist on the domain controller or other computers rendering it relatively useless for remote vulnerability testing.

I seem to remember him saying he admin privileges but still, who knows what systems they were using.

punky_munky · 10 May 2006 at 13:22

squiffy said:
Disgusting. If it were the other way round would they allow an American citizen to be extredited to the UK? Not a chance.

I would have agreed with you before but after reading this...

The district judge reserved the decision until today following a hearing last month that was told McKinnon intended to gain access to the US military's classified information network. He was alleged to have deleted system files and logs from computers at the naval weapon station Earle at a critical time following the September 11 attacks, rendering the base’s entire network of more than 300 computers inoperable.

That's pretty serious.