Gary McKinnon, a British citizen, is regarded in the computer software business as a ‘superhacker’. From 2001 up to 2002, Gary is believed to have infiltrated into the computers of the US Army, Air Force, Navy, and NASA. In total, Gary led to a loss that amounted to $ 700,000 for the military disciplines (Information age, 2008).
Gary McKinnon, who in 2007 was faced with extradition charges to the United States over his hacking habits, is also believed to have led to the deletion and altering of computer files at a Naval Air Station in the United States (Information age, 2008). Consequently, this the computer system of this naval station shut down. The events occurred immediately after the September 11 attacks.
MacKinnon is believed to have executed his hacking activities at the heart of his home, in north London. Although he is already been arrested, he is yet to be formally charged in the United Kingdom (Information age, 2008). McKinnon has accepted the charges, claiming that his actions were motivated out of curiosity. In addition, Gary claims that the laxity in the security system of the military computer system also facilitated his hacking actions.
In total, MacKinnon is believed to have infiltrated 97 computer networks belonging to the government of the United States. According to one of the prosecutors in the United States, MacKinnon is regarded by the United States as the most feared computer hacker of the military computer system (Information age, 2008).
On his part, MacKinnon has defended himself, arguing that his actions were not only innocent, but also harmless. Mackinnon has argued that the reason behind his hacking the military computer system was to fulfill his curiosity for obtaining UFO’s related materials. Once found guilty, MacKinnon may be forced to pay a fine to the tune of $ 2 million, besides a possible life in prison.
Perhaps one would be wondering, how can an individual single-handedly hack close to 100 computer networks of a government as powerful as the United States? According to MacKinnon, this should not be a cause of surprise. His experience as a sytem analyst has taught him that a lot more of the smaller organisations are bound to have tighter security measures, as opposed to global companies, or even the military (Information age, 2008).
The latter, McKinnon opines, are bound to possess fringes of pockets that are a source of exploitation by hackers. McKinnon further adds that it is much easier to penetrate into the computer system of those networks that are far more removed from a centralized control. Although a lot of enterprises, including the military have invested heavily in such basic security tools as firewalls, there are still individuals that are able to have access through such a system, as McKinnon did.
Further, the hacking action of McKinnon led to a 24 hour shut down of internet access into computers of the military in the Washington area (Information age, 2008). Mackinnon has also been accused of scanning for vulnerable computer networks, retrieving passwords as well as accounts to the administration of the systems. This was before he used RemotelyAnywher to hack into the system (Information age, 2008). This versatile and cheaply available software enables hackers to have access to restricted sites
Computer misuse Act of 1990
The 1990 computer misuse act was enacted by the parliament in the United Kingdom. The introduction of this Act was in keeping with decisions arrived at in the Gold v R (1988) case. The case involved an unauthorized entry into the interactive data service of Prestel, a subsidiary of the British telecom (Woods, 2005). In this case, Robert Schifreen and Stephen Gold accomplished this act with the help of a modem and a home computer between the end of 1984 and the start of 1985.
The computer misuse act of 1990, which has its basis on the recommendations of the ELC, was brought to the floor of the house in the United Kingdom parliament by on of the members of parliament, Michael Colvin (Woods, 2005). According to this Act, an individual is often found guilty if he uses a computer to gain entry into data or a program that ids contained in a computer (Woods, 2005).
In august 1990, the Act became a law. The Act provides that the introduction of viruses and hacking are considered as criminal offences under this Act. In the case of McKinnon, he had unauthorized entry into the computer programs of 97 networks of the government of the United States, notably the military.
Solutions against unauthorized access to computer systems of organizations
Physical solution
The physical solutions to information safeguard include the policies, measure, and procedures that are applied with a view to safeguarding the programs or files of an information system against illegal intrusion (HPAA Security, 2007). Such physical solutions to a system should include the use of a workstation, the control of access facilities, as well as media and device control.
Software solutions
The use of intrusion detection solutions helps in the identification of intruders into a system. Such intruders could be from within the organization, as well as outside of the organization. The design of the intrusion technology is such that it is capable of monitoring security and actions of users in real time (Woods, 2005).
This is applicable for both the hosts and the network. Solutions for vulnerability management aids in the definition and enforcement of policies by clients at a central point. Additionally, clients are ale able to suggest remedies, besides inquiring into the network vulnerabilities. On the other hand, fire wall solutions helps in assets and data protection without compromising the performance of the system (HPAA Security, 2007).
Electronic/managerial solutions
In an organization, the use of policies can be used to minor accessibility of users, be they authorized or not, into a computer system. The identity of an individual thus has to be authenticated first. It is only then that such policies can be used to assess the validity of such an individual to access the computer system (Access policy management, 2005). Such credential of an individual may be validated relative to such a database as the Active Directory of Microsoft.
In addition, the management of an organization could also ensure that there exists a central and automated management system. This ensures that the system is both cost-effective and configurable (Access policy management, 2005). Furthermore, organization could also invest in audit logs for the entire computer system. This ensures that it become easy to identify those individuals that gains access to the system.
References
Access policy management (2005). “Access Policy Management: Authorizing for Access”. Web.
HPAA Security (2007). HPAA Security series. Web.
Information age (2008). ”Superhacker Gary McKinnon on corporate security’s weak spots”. Web.
Woods, Pauline (2005). Guidance on computer misuse Act. Web.