Branchoria UFO Hackers UFO Hackers

The hacking cases, UFO claims, court battles, and evidence gaps behind a modern myth.

Within Lessons

Admin Accounts Need Different Rules

The McKinnon lessons point to a simple control gap: administrator accounts need stricter access, monitoring and time limits than ordinary logins.

On this page

  • Why privileged credentials change the impact of compromise
  • Controls that separate admin access from ordinary use
  • How time limited privileges reduce standing risk
Preview for Admin Accounts Need Different Rules

Introduction

One of the clearest cybersecurity lessons associated with the Gary McKinnon case is that administrator accounts should never be treated like ordinary user accounts. A standard user account can usually access only a limited set of systems and data. An administrator account, by contrast, can alter configurations, create new accounts, install software, erase logs, and move across connected systems. When such an account is compromised, the consequences increase dramatically. Modern cybersecurity frameworks therefore treat privileged accounts as a separate risk category that requires stronger controls, tighter monitoring, and stricter governance than everyday user logins. [NIST Computer Security Resource Center+2CISA]csrc.nist.govComputer Security Resource Centerleast privilegeNIST Computer Security Resource Centerleast privilege - Glossary | CSRCDefinitions: A security principle that a system should restrict th…

Admin Accounts illustration 1 The McKinnon case remains relevant because allegations in the US indictments described a pattern in which administrative privileges enabled extensive access, the installation of remote-administration tools, password-file collection, account manipulation, and movement between systems. The lesson is not simply that passwords matter; it is that privileged credentials multiply the impact of any security failure. U.S. Department of War+2Department of Justice [media.defense.gov]media.defense.govMc Kinnon comphackerDepartment of War[PDF] U.S. Department of Justice United States Attorney Eastern District of…November 12, 2002 — The indictment allege…Published: November 12, 2002

Why Privileged Credentials Change the Impact of Compromise

A privileged account exists to perform powerful actions. System administrators, database administrators, cloud administrators, and certain service accounts are deliberately granted authority that ordinary users do not possess. Because these accounts can change how systems operate, attackers often seek them first. Modern privileged-access guidance defines these accounts as identities with elevated permissions capable of controlling systems, modifying configurations, or managing other users. [WALLIX]wallix.comWhat is Privileged Access Management (PAM)?A privileged account is a user, service, or system account with elevated permissions tha…

The McKinnon case illustrates why this distinction matters. According to US charging documents, investigators alleged that administrative privileges were obtained on numerous systems and then used to install remote-management software and additional tools. Once elevated access existed, a single compromised machine could become a platform for reaching other targets. U.S. Department of War+2Department of Justice [media.defense.gov]media.defense.govMc Kinnon comphackerDepartment of War[PDF] U.S. Department of Justice United States Attorney Eastern District of…November 12, 2002 — The indictment allege…Published: November 12, 2002

This is the core governance problem:

  • A compromised user account may expose one person’s files.
  • A compromised administrator account may expose an entire network.
  • A compromised domain or enterprise administrator account can potentially affect thousands of systems simultaneously.

That difference explains why security frameworks consistently separate privileged access from ordinary access rather than treating them as variations of the same control problem. [NCCoE+2CSF Tools]nccoe.nist.govPrivileged Account Management for the Financial Services…Organizations can use the Privileged Account Management NIST Cybersecuri…

The Man Who Hacked the U.S. Government

Channel: Newsthink · Views: 816.8K · Uploaded: March 2024 · Length: 18 minutes

Open on YouTube

Controls That Separate Admin Access From Ordinary Use

The most effective organisations create a clear boundary between normal work and administrative work. Employees who administer systems often maintain separate accounts: one for email, web browsing, and office tasks, and another used only when administrative actions are required.

This separation reduces the likelihood that a phishing email, malicious website, or compromised workstation immediately exposes high-value credentials. It also makes monitoring more effective because administrative activity becomes easier to identify and audit. Government and industry guidance consistently recommends identifying privileged identities separately and applying enhanced controls to them. [idmanagement.gov+2Industrial Cyber]idmanagement.govPrivileged Identity PlaybookDefine and identify privileged users as people, devices, and accounts with elevated access to an agency's res…

Common controls include:

  • Multi-factor authentication (MFA) for all privileged accounts.
  • Dedicated administrator workstations used only for administrative tasks.
  • Session recording and logging of privileged actions.
  • Approval workflows before elevated access is granted.
  • Regular privilege reviews to remove unnecessary permissions.
  • Separation of duties, ensuring no single administrator controls every critical function. [Cisco Duo+3Industrial Cyber+3NIST Publications]industrialcyber.coIndustrial CyberNSA, CISA publish Identity and Access Management…22 Mar 2023 — The paper identifies key mitigations to the top threats…

These measures recognise a practical reality: administrators require more power, but that power must be balanced by greater accountability.

Admin Accounts illustration 2

Why Least Privilege Matters

A key principle behind modern privileged-access management is “least privilege”. NIST defines least privilege as restricting users and processes to the minimum access necessary to perform assigned tasks. [NIST Computer Security Resource Center]csrc.nist.govComputer Security Resource Centerleast privilegeNIST Computer Security Resource Centerleast privilege - Glossary | CSRCDefinitions: A security principle that a system should restrict th…

The idea sounds simple, but it directly addresses a failure pattern seen repeatedly in major intrusions. When users accumulate permissions over time, organisations create unnecessary attack paths. An account that only needs to manage one server may end up with rights across an entire environment. If that account is compromised, the attacker inherits all of those permissions.

In the context of the McKinnon case, the lesson is not merely that administrative access existed. The lesson is that elevated privileges create leverage. Once an attacker gains powerful credentials, the intrusion can expand far beyond the original entry point. Modern privileged-access programmes therefore focus on limiting both the number of privileged accounts and the scope of each account’s authority. ZenGRC+3U.S. Department of War+3The Guardian [media.defense.gov]media.defense.govMc Kinnon comphackerDepartment of War[PDF] U.S. Department of Justice United States Attorney Eastern District of…November 12, 2002 — The indictment allege…Published: November 12, 2002

Least privilege also helps reduce lateral movement—the process by which an intruder moves from one system to another after gaining initial access. By restricting permissions, organisations reduce the number of pathways available to an attacker. [TechDemocracy]techdemocracy.comprivileged access management and nist 220Cloud Environments and Privileged Access.Read more…

UK hacker to learn extradition fate

Channel: Al Jazeera English · Views: 20.8K · Uploaded: October 2012 · Length: 2 minutes 6 seconds

Open on YouTube

How Time-Limited Privileges Reduce Standing Risk

One of the most important developments since the early 2000s is the move away from permanent administrator rights.

Historically, many administrators retained elevated access at all times. While convenient, this approach created a standing risk: if the account was ever compromised, the attacker immediately inherited full administrative authority.

Modern privileged-access management increasingly uses time-limited or “just-in-time” access. Under this model, administrative rights are granted only when required for a specific task and are automatically removed afterwards. Access is scoped to a defined purpose, system, and duration. [TechDemocracy+2Non-Human Identity Management Group]techdemocracy.comprivileged access management and nist 220Cloud Environments and Privileged Access.Read more…

The governance benefits are significant:

  • Fewer permanently privileged accounts exist.
  • Stolen credentials are less useful.
  • Administrative actions become easier to review.
  • Excess privileges are less likely to accumulate over time.

This approach reflects a broader shift in cybersecurity thinking. Rather than assuming trusted administrators should always possess unrestricted access, organisations increasingly assume that every account could eventually be compromised and design controls accordingly. [CISA+2Non-Human Identity Management Group]cisa.govCDM ICAM Reference Architecture 508cIdentity, Credential, and Access Management (ICAM)…12 Sept 2023 — 6.3.2 Privileged Access Management. PAM protects access to accou…

Admin Accounts illustration 3

The Lasting Governance Lesson

The McKinnon case is often remembered because of its UFO-related motivation, but the enduring security lesson is far more practical. Sensitive organisations cannot rely on the assumption that administrator accounts will always be used correctly or remain uncompromised. The authority attached to those accounts is simply too great.

Modern privileged-access management emerged from exactly this recognition. Administrative credentials receive stronger authentication, more extensive monitoring, narrower permissions, and increasingly temporary access windows because the consequences of compromise are fundamentally different from those associated with ordinary users. When an organisation treats privileged accounts as just another login, a minor access failure can become a major incident. When it treats them as a distinct category of risk, the damage from inevitable mistakes becomes much harder to amplify. [BeyondTrust+3NCCoE+3idmanagement.gov]nccoe.nist.govPrivileged Account Management for the Financial Services…Organizations can use the Privileged Account Management NIST Cybersecuri…

What is PAM? Privileged Access Management Explained | Zero Standing Privileges & JIT Access

Channel: Askmeidentity - Identity Experts

Open on YouTube

Amazon book picks

Further Reading

Books and field guides related to Admin Accounts Need Different Rules. Use these as the next step if you want deeper reading beyond the article.

Browse more on Amazon: Security Engineering Cybersecurity Identity Attack Vectors

As an Amazon Associate I earn from qualifying purchases.

eBay marketplace picks

Marketplace Samples

Example marketplace items related to this page. Use the search link to explore similar finds on eBay.

Using USA
Browse more on eBay.co.uk

Example items shown for inspiration; availability and pricing can change. Branchoria may earn a commission if you purchase through outbound eBay links.

Endnotes

  1. Source: csrc.nist.gov
    Title: Computer Security Resource Centerleast privilege
    Link: https://csrc.nist.gov/glossary/term/least_privilege
    Source snippet

    NIST Computer Security Resource Centerleast privilege - Glossary | CSRCDefinitions: A security principle that a system should restrict th...

  2. Source: cisa.gov
    Title: CDM ICAM Reference Architecture 508c
    Link: https://www.cisa.gov/sites/default/files/2023-09/CDM-ICAM_Reference_Architecture_508c.pdf
    Source snippet

    Identity, Credential, and Access Management (ICAM)...12 Sept 2023 — 6.3.2 Privileged Access Management. PAM protects access to accou...

  3. Source: idmanagement.gov
    Link: https://www.idmanagement.gov/playbooks/pam/
    Source snippet

    Privileged Identity PlaybookDefine and identify privileged users as people, devices, and accounts with elevated access to an agency's res...

  4. Source: media.defense.gov
    Title: [Mc Kinnon]({{ ‘mc-kinnon/’ | relative_url }}) comphacker
    Link: https://media.defense.gov/2002/Nov/12/2001711901/-1/-1/1/McKinnon_comphacker.pdf
    Source snippet

    Department of War[PDF] U.S. Department of Justice United States Attorney Eastern District of...November 12, 2002 — The [indictment]({{ 'indictment/' | relative_url }}) allege...

    Published: November 12, 2002

  5. Source: justice.gov
    Title: Department of Justice[PDF] Indictment
    Link: https://www.justice.gov/archive/usao/nj/Press/files/pdffiles/Older/edva_mckinnon_indictment.pdf
    Source snippet

    Department of JusticeRemotelyAnywhere provides the user with the ability to transfer and delete files or data, and the ability to access...

  6. Source: wallix.com
    Link: https://www.wallix.com/blogpost/what-is-privileged-access-management-pam/
    Source snippet

    What is Privileged Access Management (PAM)?A privileged account is a user, service, or system account with elevated permissions tha...

  7. Source: nccoe.nist.gov
    Link: https://www.nccoe.nist.gov/financial-services/privileged-account-management
    Source snippet

    Privileged Account Management for the Financial Services...Organizations can use the Privileged Account Management NIST Cybersecuri...

  8. Source: csf.tools
    Link: https://csf.tools/reference/nist-sp-800-53/r4/ac/ac-6/ac-6-5/
    Source snippet

    AC-6(5): Privileged AccountsPrivileged accounts, including super user accounts, are typically described as system administrator for vario...

  9. Source: csf.tools
    Link: https://csf.tools/reference/nist-sp-800-53/r5/ac/ac-6/
    Source snippet

    AC-6: Least PrivilegeEmploy the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf...

  10. Source: nvlpubs.nist.gov
    Link: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04212016.pdf
    Source snippet

    NIST PublicationsBest Practices for Privileged User PIV Authentication21 Apr 2016 — This review should ensure compliance with the princip...

  11. Source: techdemocracy.com
    Title: privileged access management and nist 220
    Link: https://www.techdemocracy.com/resources/privileged-access-management-and-nist-220
    Source snippet

    Cloud Environments and Privileged Access.Read more...

  12. Source: duo.com
    Link: https://duo.com/learn/privileged-access-management-best-practices
    Source snippet

    Cisco DuoPrivileged Access Management Best PracticesExplore privileged access management best practices to strengthen access controls, mi...

  13. Source: zengrc.com
    Link: https://www.zengrc.com/blog/what-is-nist-privileged-access-management/
    Source snippet

    What is NIST Privileged Access Management?NIST 800-53 also requires organizations to use the principle of least privilege, i.e., limiting...

  14. Source: wallix.com
    Link: https://www.wallix.com/blogpost/what-is-the-principle-of-least-privilege-and-how-do-you-implement-it-2/
    Source snippet

    g each entity to the minimum access necessary for its purpose.Read more...

  15. Source: beyondtrust.com
    Link: https://www.beyondtrust.com/resources/glossary/privileged-access-management-pam
    Source snippet

    What is Privileged Access Management (PAM)?Privileged access management (PAM) consists of the cybersecurity strategies and technologies f...

  16. Source: justice.gov
    Link: https://www.justice.gov/archive/criminal/cybercrime/press-releases/2002/mckinnonIndict.htm

  17. Source: justice.gov
    Title: British National Charged with Hacking Into N.J
    Link: https://www.justice.gov/archive/criminal/cybercrime/press-releases/2002/mckinnonIndict2.htm
    Source snippet

    seven-count Virginia Indictment charges McKinnon for intrusions into 92 computer systems belonging to the U.S. Army, Navy, A...

  18. Source: csrc.nist.gov
    Title: SP 800 53 v5 1 derived OSCAL
    Link: https://csrc.nist.gov/CSRC/media/Projects/risk-management/800-53%20Downloads/800-53r5/SP_800-53_v5_1-derived-OSCAL.pdf
    Source snippet

    and Privacy Controls for Information Systems and...Note that NIST Special Publication (SP) 800-53, Revision 5 contains additional backgr...

  19. Source: nist.gov
    Link: https://www.nist.gov/
    Source snippet

    National Institute of Standards and TechnologyNIST promotes U.S. innovation and industrial competitiveness by advancing measurement scien...

  20. Source: nist.gov
    Link: https://www.nist.gov/news-events/news/2026/05/department-commerce-announces-letters-intent-9-companies-2-billion

  21. Source: time.com
    Title: hack attack 2
    Link: https://time.com/archive/6943962/hack-attack-2/
    Source snippet

    Hack Attack30 Jul 2008 — The July 30 decision by Britain's Court of Appeal to allow the extradition of alleged cyber-hacker Gary McKinnon...

  22. Source: cisa.gov
    Title: enhanced visibility and hardening guidance communications infrastructure
    Link: https://www.cisa.gov/resources-tools/resources/enhanced-visibility-and-hardening-guidance-communications-infrastructure
    Source snippet

    Enhanced Visibility and Hardening Guidance for...4 Dec 2024 — This guide provides network engineers and defenders of communications infr...

  23. Source: csrc.nist.rip
    Title: fs pam nist sp1800 18 draft
    Link: https://csrc.nist.rip/library/fs-pam-nist-sp1800-18-draft.pdf
    Source snippet

    1326 users and accounts by enforcing the principle of least-privilege access controls. The reference...Read more...

  24. Source: theguardian.com
    Title: The Guardian Hacker ‘left note on US army computer’ | Hacking
    Link: https://www.theguardian.com/technology/2005/jul/27/hacking.internetcrime
    Source snippet

    Hacker 'left note on US army computer' | Hacking - The GuardianJuly 27, 2005 — Mr Summers said that Mr McKinnon, having gained access to...

    Published: July 27, 2005

  25. Source: industrialcyber.co
    Link: https://industrialcyber.co/cisa/nsa-cisa-publish-identity-and-access-management-recommended-best-practices-for-administrators/
    Source snippet

    Industrial CyberNSA, CISA publish Identity and Access Management...22 Mar 2023 — The paper identifies key mitigations to the top threats...

  26. Source: nhimg.org
    Title: how should organisations implement privileged access management in cloud environ
    Link: https://nhimg.org/faq/how-should-organisations-implement-privileged-access-management-in-cloud-environ/
    Source snippet

    Non-Human Identity Management GroupHow should organisations implement privileged access...28 May 2026 — Start by discovering every privi...

    Published: May 2026

  27. Source: schneier.com
    Title: Gary Mc Kinnon
    Link: https://www.schneier.com/blog/archives/2008/08/garuy_mckinnon.html
    Source snippet

    Gary McKinnon - Schneier on SecurityAugust 4, 2008 — The interview I saw with McKinnon implied that he just hit systems with the default...

    Published: August 4, 2008

  28. Source: theguardian.com
    Link: https://www.theguardian.com/theguardian/2005/jul/09/weekend7.weekend2
    Source snippet

    Game over | Gary McKinnon9 Jul 2005 — Gary McKinnon has been accused of committing the 'biggest military computer hack of all time', and...

  29. Source: Wikipedia
    Title: Gary Mc Kinnon
    Link: https://en.wikipedia.org/wiki/Gary_McKinnon
    Source snippet

    Gary McKinnon - WikipediaMcKinnon was also accused of copying data, account files and passwords onto his own computer. US authorities...

  30. Source: media.defense.gov
    Link: https://media.defense.gov/2023/Mar/21/2003183448/-1/-1/0/ESF%20IDENTITY%20AND%20ACCESS%20MANAGEMENT%20RECOMMENDED%20BEST%20PRACTICES%20FOR%20ADMINISTRATORS%20PP-23-0248_508C.PDF
    Source snippet

    and Access Management: Recommended Best...21 Mar 2023 — Privileged accounts require additional monitoring and control and should be sepa...

Additional References

  1. Source: linkedin.com
    Link: https://www.linkedin.com/top-content/technology/best-practices-in-technology/best-practices-for-managing-privileged-access/
    Source snippet

    Best Practices for Managing Privileged AccessBest practices for managing privileged access focus on controlling who can access critical s...

  2. Source: cisanet.org.tw
    Link: https://www.cisanet.org.tw/eng/home
    Source snippet

    CISA Information Service Industry Association of R.O.C.-Information Service Industry Association of R.O.C., known as CISA, is Taiwan's so...

  3. Source: linuxsecurity.com
    Link: https://linuxsecurity.com/news/hackscracks/dot-mil-hackers-download-mistake
    Source snippet

    Gary McKinnon Indicted For Hacking U.S. Military SystemsIn a dramatic case, Gary McKinnon faced charges for breaching defense systems, wi...

  4. Source: idsalliance.org
    Link: https://www.idsalliance.org/security-outcome/privileged-access-rights-are-granted-according-to-the-principle-of-least-privilege/
    Source snippet

    IDSO-016: Privileged access rights are granted according...Least privilege helps regulate security by limiting an individual's capabilit...

  5. Source: idsalliance.org
    Link: https://www.idsalliance.org/blog/managing-non-human-identities-for-vendor-access-and-least-privilege-application-management/
    Source snippet

    Managing Non-Human Identities for Vendor Access and...28 Jan 2021 — Enforcing least privilege restricts lateral movement from attackers...

  6. Source: hoop.dev
    Title: privileged access management in nist 800 53 securing high level credentials
    Link: https://hoop.dev/blog/privileged-access-management-in-nist-800-53-securing-high-level-credentials
    Source snippet

    Privileged Access Management in NIST 800-5316 Oct 2025 — NIST 800-53 maps PAM into several specific controls, including AC-2 (Account Man...

  7. Source: cuicktrac.com
    Title: demystifying security controls in nist sp 800 171 rev 2 a 14 part series
    Link: https://cuicktrac.com/blog/demystifying-security-controls-in-nist-sp-800-171-rev-2-a-14-part-series
    Source snippet

    NIST SP 800-171 Least Privilege Explained8 Jul 2025 — It helps prevent unauthorized disclosure or modification of CUI and supports the pr...

  8. Source: publications.parliament.uk
    Title: uk Mckinnon V Government of The United States of America and Another
    Link: https://publications.parliament.uk/pa/ld200708/ldjudgmt/jd080730/mckinn-1.htm
    Source snippet

    V Government of The United States of America and AnotherJuly 30, 2008 — Having gained access to those accounts he installed unauthorised...

    Published: July 30, 2008

  9. Source: authnull.com
    Title: What you need to know about NIST 800 53, least privilege, and PAM
    Link: https://authnull.com/blog/posts/What-you-need-to-know-about-NIST-800-53%2C-least-privilege%2C-and-PAM/
    Source snippet

    What you need to know about NIST 800-53, least privilege...5 Jun 2024 — PAM, a core component of least privilege methodology, focuses o...

  10. Source: cyberark.com
    Title: Cyber Ark What is Privileged Access Management (PAM)?
    Link: https://www.cyberark.com/what-is/privileged-access-management/
    Source snippet

    What is Privileged Access Management (PAM)? - DefinitionPrivilege access management is a cybersecurity strategy to control, monitor, secu...

Topic Tree

Follow this branch

Parent topic

Lessons What Security Teams Can Learn From Mc Kinnon

Related pages 5