Branchoria UFO Hackers UFO Hackers

The hacking cases, UFO claims, court battles, and evidence gaps behind a modern myth.

Within Remote Tools

Why Windows Sharing Was So Exposed

Old Windows file-sharing services made administration convenient inside networks but risky when reachable from outside with weak authentication.

On this page

  • How Windows networking supported administration
  • What went wrong when internal services faced the internet
  • Why convenience created a wider attack surface
Preview for Why Windows Sharing Was So Exposed

Introduction

In the era of the Gary McKinnon case, one of the most important but often overlooked security weaknesses was the exposure of Windows file-sharing services directly to the internet. Many Windows NT and Windows 2000 systems were designed around the assumption that they would operate inside trusted corporate or government networks. When those same services became reachable from outside, weak passwords, misconfigurations and poor network segmentation could turn ordinary administrative features into entry points for unauthorised users. This was not a uniquely McKinnon-related problem; it was a widespread characteristic of early-2000s Windows networking that affected businesses, universities and government agencies alike. [vidstromlabs.com]vidstromlabs.comI'll explain what this port is for.Read moreThe use of TCP ports 139 and 445 in Windows15 May 2019 — Microsoft introduced TCP port 445 with Windows 2000, and it's still in use in Wi…Published: May 2019

File Sharing illustration 1

Why Windows Sharing Was So Exposed

Windows networking relied heavily on the Server Message Block (SMB) protocol, which allowed administrators and authorised users to share files, printers and other resources across a network. In Windows NT environments, SMB commonly operated through NetBIOS services on TCP port 139. With Windows 2000, Microsoft introduced direct SMB over TCP using port 445, simplifying administration and making networked resources easier to reach. [vidstromlabs.com+2Petri IT Knowledgebase]vidstromlabs.comI'll explain what this port is for.Read moreThe use of TCP ports 139 and 445 in Windows15 May 2019 — Microsoft introduced TCP port 445 with Windows 2000, and it's still in use in Wi…Published: May 2019

Within an internal network, this design was highly practical. Administrators could remotely manage systems, browse shared folders, copy files, distribute software and perform maintenance without travelling to each machine. Shared drives became a normal part of organisational computing. The same infrastructure also supported domain logins and other essential Windows network functions. [ManageEngine]manageengine.comOlder environments may use TCP port 139, which routes SMB traffic over NetBIOS. Port 139 is a legacy…Read more…

The problem arose when organisations treated these internal services as though they were still operating in a trusted environment after connecting their networks to the wider internet.

The Man Who Hacked the U.S. Government

Channel: Newsthink · Views: 816.8K · Uploaded: March 2024 · Length: 18 minutes

Open on YouTube

How Windows Networking Supported Administration

Early Windows networks were built around convenience and interoperability. Administrators frequently enabled file and printer sharing across entire departments or sites. Hidden administrative shares, such as drive-letter shares intended for system management, allowed privileged users to access machines remotely without requiring additional software. Combined with Windows authentication mechanisms, this created a powerful remote-administration platform. [folsec.com]folsec.comfile sharing, Windows networking, and enterprise systems…

In practice, many organisations depended on these capabilities. A network administrator could connect to a remote server, review logs, copy configuration files or install updates through the same file-sharing infrastructure used for ordinary business operations. The distinction between file sharing and system administration was often blurred because SMB provided both. [folsec.com]folsec.comfile sharing, Windows networking, and enterprise systems…

This administrative model made sense when most traffic remained inside a controlled corporate or government network. It became far riskier when those same ports were accessible from anywhere on the internet.

File Sharing illustration 2

What Went Wrong When Internal Services Faced the Internet

The critical mistake was not the existence of file sharing itself but exposing it beyond trusted boundaries. Ports 139 and 445 became visible targets because they advertised Windows networking services to anyone who could reach them. Attackers no longer needed physical access or insider status to interact with systems that had been designed for internal administration. [netwrix.com+2vidstromlabs.com]netwrix.comsmb portWhat are SMB Ports, Port 139 & Port 445?27 Sept 2024 — SMB requires either port 139 or port 445 to be an open port. Port 139. Originally…

In many environments, authentication practices were also weaker than modern standards. Blank administrator passwords, predictable passwords and excessive privileges were not uncommon. Once a user obtained valid credentials—or found a system configured with inadequate authentication—the file-sharing infrastructure could provide extensive access to files and administrative functions. [Future Intelligence]futureintelligence.co.ukFuture Intelligence Gary Mc Kinnon was unluckyHe's not even a very good hacker18 Oct 2012 — How he would search for blank passwords and then once inside the US computers, install a re…

Security researchers and later security guidance repeatedly highlighted the dangers of exposing SMB services externally. Modern recommendations generally assume that SMB should remain restricted to internal networks because the protocol was designed primarily for trusted environments, not direct internet exposure. [SecurityScorecard+2folsec.com]securityscorecard.comSecurity Scorecard What Is Port 445 (SMB)?Strategies for Secure Network…7 Nov 2024 — Port 445 enables SMB traffic but is a prime target for ransomware and wormable exploits. Le…

UK hacker to learn extradition fate

Channel: Al Jazeera English · Views: 20.8K · Uploaded: October 2012 · Length: 2 minutes 6 seconds

Open on YouTube

A Different Threat Landscape

It is important to remember how different the internet looked at the time. Many organisations were still adapting to permanent internet connectivity. Firewalls, network segmentation and exposure management were less mature than they would become later. Windows 2000 itself appeared during a period when remotely reachable services increasingly became targets for internet-based attacks. [Wikipedia]WikipediaWindows 2000Windows 2000

As a result, systems that administrators viewed as ordinary network resources could become discoverable to outsiders. A service intended to simplify internal management could unintentionally become a publicly reachable doorway.

File Sharing illustration 3

Why Convenience Created a Wider Attack Surface

The same features that made Windows networking efficient also expanded the number of ways a system could be reached. Administrators wanted remote access because it reduced operational costs and simplified support. Users wanted shared drives because they improved collaboration. Network engineers wanted interoperability between systems. Each convenience added another component that required secure configuration. [folsec.com]folsec.comfile sharing, Windows networking, and enterprise systems…

When security controls lagged behind connectivity, exposure multiplied. Open SMB services could reveal information about systems, permit authentication attempts and provide access to shared resources. Even if a particular machine was not fully compromised, exposing file-sharing infrastructure increased the opportunities available to an attacker. This broader attack surface became one of the defining characteristics of Windows network security discussions during the period. [nFlo+2SecurityScorecard]nflo.techSMB protocol: vulnerabilities, attacks and how to secure it - nFloSeptember 5, 2023 — 5 Sept 2023 — Historic NetBIOS ports (137-139)…Published: September 5, 2023

The lesson was not that file sharing was inherently unsafe. Rather, technologies designed for trusted internal administration were often deployed in environments where that trust no longer existed.

UK Hacker extradition to US blocked

Channel: Al Jazeera English · Views: 3.1K · Uploaded: October 2012 · Length: 3 minutes 12 seconds

Open on YouTube

Connection to the McKinnon Era

The Gary McKinnon case is frequently remembered through its UFO-related claims and allegations involving NASA and military systems. Yet from a technical perspective, it also reflected broader weaknesses common in early-2000s Windows environments. Prosecutors alleged that McKinnon exploited poorly protected systems, obtained administrative access and installed remote-management software for continued access. Contemporary reporting and court documents repeatedly emphasised weak passwords and administrative exposure rather than exotic intrusion techniques. [Department of Justice+2WIRED]justice.govDepartment of Justice IndictmentDepartment of JusticeIndictmentJanuary 24, 2012 — **. GARY MCKINNON. Defendant. } Criminal No. } 18 U.S.C. § 1030. } Fraud and… Remot…Published: January 24, 2012

Windows file sharing exposed to the internet formed part of that wider environment. Organisations relied on powerful network-management features that worked well inside trusted networks but became risky when reachable from outside. The historical significance of the period lies not only in individual hacking cases but in how ordinary administrative infrastructure, combined with weak security practices, created opportunities that would be far harder to find in modern, better-segmented networks. [vidstromlabs.com+2danielmiessler.com]vidstromlabs.comI'll explain what this port is for.Read moreThe use of TCP ports 139 and 445 in Windows15 May 2019 — Microsoft introduced TCP port 445 with Windows 2000, and it's still in use in Wi…Published: May 2019

Amazon book picks

Further Reading

Books and field guides related to Why Windows Sharing Was So Exposed. Use these as the next step if you want deeper reading beyond the article.

Browse more on Amazon: Hacking Exposed Windows Internals The Practice of Network Security Monitoring

As an Amazon Associate I earn from qualifying purchases.

eBay marketplace picks

Marketplace Samples

Example marketplace items related to this page. Use the search link to explore similar finds on eBay.

Using USA
Browse more on eBay.co.uk

Example items shown for inspiration; availability and pricing can change. Branchoria may earn a commission if you purchase through outbound eBay links.

Endnotes

  1. Source: vidstromlabs.com
    Title: I’ll explain what this port is for.Read more
    Link: https://vidstromlabs.com/blog/the-use-of-tcp-ports-139-and-445-in-windows/
    Source snippet

    The use of TCP ports 139 and 445 in Windows15 May 2019 — Microsoft introduced TCP port 445 with Windows 2000, and it's still in use in Wi...

    Published: May 2019

  2. Source: petri.com
    Title: smb port 445 139 138 137
    Link: https://petri.com/smb-port-445-139-138-137/
    Source snippet

    Petri IT KnowledgebaseWindows File Sharing with SMB: Port 445, 139, 138, and 13720 Feb 2023 — SMB originally depended on NetBIOS over TCP...

  3. Source: manageengine.com
    Link: https://www.manageengine.com/products/active-directory-audit/kb/smb-file-share.html
    Source snippet

    Older environments may use TCP port 139, which routes SMB traffic over NetBIOS. Port 139 is a legacy...Read more...

  4. Source: folsec.com
    Link: https://folsec.com/en/blog/what-are-smb-ports
    Source snippet

    file sharing, Windows networking, and enterprise systems...

  5. Source: netwrix.com
    Title: smb port
    Link: https://netwrix.com/en/resources/blog/smb-port/
    Source snippet

    What are SMB Ports, Port 139 & Port 445?27 Sept 2024 — SMB requires either port 139 or port 445 to be an open port. Port 139. Originally...

  6. Source: danielmiessler.com
    Link: https://danielmiessler.com/blog/windowsfilesharing
    Source snippet

    Windows File Sharing: Facing the Mystery29 Jun 2005 — Due to the consolidation of many of the NetBIOS functions into a single port (445)...

  7. Source: justice.gov
    Link: https://www.justice.gov/archive/criminal/cybercrime/press-releases/2002/mckinnonIndict.htm
    Source snippet

    Department of JusticeLondon, England Hacker Indicted Under Computer Fraud...Gary McKinnon, of London, England, was indicted in Alexandri...

  8. Source: securityscorecard.com
    Title: Security Scorecard What Is Port 445 (SMB)?
    Link: https://securityscorecard.com/blog/navigating-the-risks-of-tcp-445-strategies-for-secure-network-communication/
    Source snippet

    Strategies for Secure Network...7 Nov 2024 — Port 445 enables SMB traffic but is a prime target for ransomware and wormable exploits. Le...

  9. Source: Wikipedia
    Title: Windows 2000
    Link: https://en.wikipedia.org/wiki/Windows_2000

  10. Source: nflo.tech
    Link: https://nflo.tech/knowledge-base/smb-protocol-vulnerabilities-attacks-security-threats-and-security-methods/
    Source snippet

    SMB protocol: vulnerabilities, attacks and how to secure it - nFloSeptember 5, 2023 — 5 Sept 2023 — Historic NetBIOS ports (137-139)...

    Published: September 5, 2023

  11. Source: justice.gov
    Title: Department of Justice [Indictment]({{ ‘indictment/’ | relative_url }})
    Link: https://www.justice.gov/archive/usao/nj/Press/files/pdffiles/Older/edva_mckinnon_indictment.pdf
    Source snippet

    Department of JusticeIndictmentJanuary 24, 2012 — **. GARY MCKINNON. Defendant. } Criminal No. } 18 U.S.C. § 1030. } Fraud and... Remot...

    Published: January 24, 2012

  12. Source: wired.com
    Title: dot mil hackers download mistake
    Link: https://www.wired.com/2002/11/dot-mil-hackers-download-mistake/
    Source snippet

    Dot-Mil Hacker's Download Mistake15 Nov 2002 — Gary McKinnon, the Briton indicted this week for hacking into scores of U.S. military comp...

  13. Source: Wikipedia
    Title: Gary [Mc Kinnon]({{ ‘mc-kinnon/’ | relative_url }})
    Link: https://en.wikipedia.org/wiki/Gary_McKinnon
    Source snippet

    Gary McKinnonGary McKinnon (born February 1966) is a Scottish systems administrator and hacker who was accused by a US prosecutor in 2...

    Published: February 1966

  14. Source: time.com
    Title: hack attack 2
    Link: https://time.com/archive/6943962/hack-attack-2/
    Source snippet

    Hack Attack30 Jul 2008 — The July 30 decision by Britain's Court of Appeal to allow the extradition of alleged cyber-hacker Gary McKinnon...

  15. Source: futureintelligence.co.uk
    Title: Future Intelligence Gary Mc Kinnon was unlucky
    Link: https://www.futureintelligence.co.uk/2012/10/18/gary-mckinnon-was-unlucky-hes-not-even-a-good-hacker/
    Source snippet

    He's not even a very good hacker18 Oct 2012 — How he would search for blank passwords and then once inside the US computers, install a re...

  16. Source: verylazytech.com
    Link: https://www.verylazytech.com/network-pentesting/smb-port-139-445
    Source snippet

    SMB - Port 139 44515 Apr 2025 — Port 139 enables SMB, an essential protocol that underpins shared access to files, printers, and even ser...

Additional References

  1. Source: linuxsecurity.com
    Link: https://linuxsecurity.com/news/hackscracks/dot-mil-hackers-download-mistake
    Source snippet

    Gary McKinnon Indicted For Hacking U.S. Military SystemsIn a dramatic case, Gary McKinnon faced charges for breaching defense systems, wi...

  2. Source: reddit.com
    Link: https://www.reddit.com/r/hacking/comments/1etqs6b/how_gary_mckinnon_did_what_he_did/

  3. Source: cybereason.com
    Link: https://www.cybereason.com/blog/malicious-life-podcast-the-u.s-vs.-gary-mckinnon
    Source snippet

    Malicious Life Podcast: The U.S. vs. Gary McKinnonGary McKinnon, a British hacker with Asperger's, broke into NASA and US Army networks t...

  4. Source: youtube.com
    Link: https://www.youtube.com/watch?v=ND0zQX1rGdg
    Source snippet

    The Man Who Hacked the U.S. GovernmentGary McKinnon faced 60 years behind bars for the greatest U.S. military hack of all time. Go to my...

  5. Source: edureka.co
    Title: what port does netbios use and why is it critical for security
    Link: https://www.edureka.co/community/295650/what-port-does-netbios-use-and-why-is-it-critical-for-security
    Source snippet

    20 Dec 2024 — Which specific ports (e.g., 137, 138, and 139) are used by NetBIOS, and why is understanding and securing these ports essen...

  6. Source: varonis.com
    Link: https://www.varonis.com/blog/smb-port
    Source snippet

    What is an SMB Port + Ports 445 and 139 ExplainedPort 445: Later versions of SMB (after Windows 2000) began to use port 445 on top of a T...

  7. Source: linkedin.com
    Link: https://www.linkedin.com/pulse/port-numbers-139-445-adimnakachi-chuks-nwokeforo-y4hie
    Source snippet

    ay a significant role in the Server Message...Read more...

  8. Source: isc.sans.edu
    Link: https://isc.sans.edu/data/port/445
    Source snippet

    SANS Internet Storm CenterPort 445 (tcp/udp) Attack Activity - SANS Internet Storm...In this paper we will look at what this port is use...

  9. Source: dev74.com
    Link: https://www.dev74.com/en/blog-news/smb-2025-known-vulnerabilities-evolution-mitigation
    Source snippet

    SMB in 2025: Known Vulnerabilities, Evolution, and Mitigation...30 May 2025 — Port 139 (TCP) was historically used for older SMB dialect...

    Published: May 2025

  10. Source: upguard.com
    Title: What is an SMB Port?
    Link: https://www.upguard.com/blog/smb-port
    Source snippet

    A Detailed Description of Ports 445 +...6 Jul 2025 — Port 445 is used by newer versions of SMB (after Windows 2000) on top of a TCP stac...

Topic Tree

Follow this branch

Parent topic

Remote Tools The Tools Behind Early UFO Hacking

Related pages 5