Within Remote Tools
One of the most revealing aspects of the Gary McKinnon case is that the software at the centre of the allegations was not inherently malicious. The remote-access program RemotelyAnywhere was a legitimate administration product used by businesses and IT departments.
Page outline Jump by section
Introduction
This created a security problem that was common in the early 2000s: defenders were often looking for obvious malware, while attackers could use ordinary administrative tools that resembled authorised activity. In the context of the UFO-related searches that McKinnon said motivated him, the technical challenge was not only preventing unauthorised access. It was recognising when software designed for system administration had become an unauthorised persistence mechanism. [WIRED+2Cybereason]wired.comdot mil hackers download mistakeDot-Mil Hacker's Download Mistake15 Nov 2002 — Gary McKinnon, the Briton indicted this week for hacking into scores of U.S. military…
Why Antivirus Treated Admin Tools Differently
Remote administration software occupied a grey area in security practice. Products such as RemotelyAnywhere were sold openly and used for routine maintenance, troubleshooting and remote support. Unlike classic remote-control trojans, they were not created to steal data or damage systems. Even critics of McKinnon’s actions noted that RemotelyAnywhere itself was a legitimate enterprise tool rather than a purpose-built hacking program. [The Guardian]theguardian.comThe GuardianGame over | Gary McKinnon9 Jul 2005 —… software called RemotelyAnywhere as a hacking programme. The programme, made by 3am…
Because of that legitimacy, antivirus vendors historically approached such software differently from malware. Security products could not simply delete every remote administration tool they encountered because many organisations depended on them. Modern security terminology often classifies these applications as “riskware”—software that is legitimate but potentially dangerous when misused. Remote administration tools remain a textbook example of this category. [Zimperium+3Kaspersky+3Avast]kaspersky.comRiskware: What It Is and How to Avoid ItRiskware defines any legitimate programs that pose potential risks due to security vulne…
The practical consequence was a detection gap. If an attacker installed a recognised administration package instead of a notorious backdoor, security software might see a valid program rather than a clear threat. Contemporary reporting on the McKinnon investigation highlighted this point, noting that the alleged use of a commercial remote-access utility helped avoid the attention typically associated with more obviously malicious tools. [WIRED]wired.comdot mil hackers download mistakeDot-Mil Hacker's Download Mistake15 Nov 2002 — Gary McKinnon, the Briton indicted this week for hacking into scores of U.S. military…
How Ordinary Software Helped Access Persist
The significance of RemotelyAnywhere was not its novelty but its functionality. Once installed, it provided remote control over a computer through standard administrative features. Court and indictment documents describe the software as enabling remote access and remote administration of internet-connected systems. [Wikisource]en.wikisource.orgUS v Gary Mc Kinnon IndictmentUS v Gary McKinnon Indictment27 Feb 2021 — RemotelyAnywhere is a software program that provides a remote access and remote admi…
From a defensive perspective, this changed a one-time intrusion into an ongoing presence. Prosecutors alleged that after gaining administrative privileges, McKinnon installed remote administration software and then returned to systems repeatedly through those channels. In one example cited in the indictment, investigators alleged that previously installed RemotelyAnywhere software was later used to regain access and obtain stored passwords from networked systems. [Department of Justice+2Department of Justice]justice.govDepartment of Justice British National Charged with Hacking Into N.Jthat time, he is alleged to have installed the software program RemotelyAnywhere on the Port Services computer and on other c…
The challenge for administrators was that the activity could resemble legitimate remote support:
- The software generated traffic that looked administrative rather than overtly destructive.
- It was capable of file management, system configuration and user administration—functions that authorised staff also performed.
- The presence of the software alone did not prove malicious intent because it had valid business uses. [Wikisource+2Kaspersky]en.wikisource.orgUS v Gary Mc Kinnon IndictmentUS v Gary McKinnon Indictment27 Feb 2021 — RemotelyAnywhere is a software program that provides a remote access and remote admi…
As a result, defenders needed contextual clues—who installed the tool, when it was installed, and whether its use matched approved operational practices. Many organisations at the time lacked the centralised logging and behavioural monitoring that later became standard. This made unauthorised use of legitimate software particularly difficult to distinguish from normal administration. [Kaspersky]kaspersky.comRiskware: What It Is and How to Avoid ItRiskware defines any legitimate programs that pose potential risks due to security vulne…
Why the Alarms Were Missed
The McKinnon allegations emerged during a period when security monitoring was far less mature than it is today. Many organisations focused on blocking known malware signatures and perimeter attacks. They were less equipped to identify abuse of authorised tools operating under administrative credentials. [Kaspersky]kaspersky.comRiskware: What It Is and How to Avoid ItRiskware defines any legitimate programs that pose potential risks due to security vulne…
Several factors contributed to missed warning signs:
Legitimate appearance. A recognised administration package generally attracted less suspicion than custom malware. Security staff often expected to see such tools somewhere within large networks. [The Guardian]theguardian.comThe GuardianGame over | Gary McKinnon9 Jul 2005 —… software called RemotelyAnywhere as a hacking programme. The programme, made by 3am…
Administrative privileges. Once an intruder obtained administrator-level access, many actions appeared indistinguishable from those of a trusted system operator. Prosecutors alleged that McKinnon routinely gained administrative privileges before installing tools and conducting further activity. Department of Justice+2U.S. Department of War [justice.gov]justice.govDepartment of JusticeLondon, England Hacker Indicted Under Computer Fraud…McKinnon installed a remote administration tool, a number of…
Weak visibility. Early-2000s monitoring systems were generally less capable of correlating software installation events, remote logins and account activity across large networks. A remote administration package could therefore remain unnoticed for longer than security teams would consider acceptable today. [Kaspersky]kaspersky.comRiskware: What It Is and How to Avoid ItRiskware defines any legitimate programs that pose potential risks due to security vulne…
The result was an environment where the difference between an administrator and an intruder could be surprisingly difficult to determine from software alone.
What the Case Foreshadowed About Living Off the Land
Modern defenders often describe this problem as “living off the land”: using legitimate tools already present in an environment rather than deploying conspicuous malware. The term became popular years after the McKinnon incidents, but the underlying principle was already visible in the allegations surrounding his activities. [Kaspersky+2Avast]kaspersky.comRiskware: What It Is and How to Avoid ItRiskware defines any legitimate programs that pose potential risks due to security vulne…
The central lesson was that software cannot be judged solely by its name or intended purpose. A remote administration package, a scripting utility or a network management tool may be completely legitimate in one context and a security incident in another. In the McKinnon case, prosecutors argued that authorised administrative capabilities became unauthorised access mechanisms once installed and used without permission. [UK Parliament+2Department of Justice]publications.parliament.ukmckinn 1UK ParliamentMckinnon V Government of The United States of America…30 Jul 2008 — Having gained access to those accounts he installed u…
Security practice eventually evolved in response to exactly this challenge. Modern detection programmes increasingly focus on behaviour rather than simply identifying known malicious files. The question is no longer only whether a tool is dangerous, but whether it is being used by the right person, on the right system, for the right purpose. The McKinnon allegations became an early illustration of why that distinction matters. [Kaspersky+2Avast]kaspersky.comRiskware: What It Is and How to Avoid ItRiskware defines any legitimate programs that pose potential risks due to security vulne…
Amazon book picks
Further Reading
Books and field guides related to Legitimate Tools Mis. Use these as the next step if you want deeper reading beyond the article.
The Practice of Network Security Monitoring
Useful for detecting unauthorized remote access.
eBay marketplace picks
Marketplace Samples
Example marketplace items related to this page. Use the search link to explore similar finds on eBay.
Endnotes
-
Source: justice.gov
Title: Department of Justice British National Charged with Hacking Into N.J
Link: https://www.justice.gov/archive/criminal/cybercrime/press-releases/2002/mckinnonIndict2.htmSource snippet
that time, he is alleged to have installed the software program RemotelyAnywhere on the [Port Services]({{ 'port-services/' | relative_url }}) computer and on other c...
-
Source: publications.parliament.uk
Title: mckinn 1
Link: https://publications.parliament.uk/pa/ld200708/ldjudgmt/jd080730/mckinn-1.htmSource snippet
UK ParliamentMckinnon V Government of The United States of America...30 Jul 2008 — Having gained access to those accounts he installed u...
-
Source: en.wikisource.org
Title: US v Gary [Mc Kinnon]({{ ‘mc-kinnon/’ | relative_url }}) Indictment
Link: https://en.wikisource.org/wiki/US_v_Gary_McKinnon_IndictmentSource snippet
US v Gary McKinnon Indictment27 Feb 2021 — RemotelyAnywhere is a software program that provides a remote access and remote admi...
-
Source: wired.com
Title: dot mil hackers download mistake
Link: https://www.wired.com/2002/11/dot-mil-hackers-download-mistake/Source snippet
Dot-Mil Hacker's Download Mistake15 Nov 2002 — Gary McKinnon, the Briton indicted this week for hacking into scores of U.S. military...
-
Source: cybereason.com
Title: Malicious Life Podcast: The U.S
Link: https://www.cybereason.com/blog/malicious-life-podcast-the-u.s-vs.-gary-mckinnonSource snippet
vs. Gary McKinnonChoosing to use RemotelyAnywhere as a means of access was a sneaky move, because it's a software tool not only used by h...
-
Source: kaspersky.com
Link: https://www.kaspersky.com/resource-center/threats/riskwareSource snippet
Riskware: What It Is and How to Avoid ItRiskware defines any legitimate programs that pose potential risks due to security vulne...
-
Source: avast.com
Title: c riskware
Link: https://www.avast.com/c-riskwareSource snippet
What Is Riskware and How to Avoid It13 Feb 2026 — Riskware is legitimate software that isn't intended to be malicious but may pose securi...
-
Source: zimperium.com
Link: https://zimperium.com/glossary/riskwareSource snippet
Riskware | Mobile Security GlossaryRiskware, AKA “risky software,” encompasses any legitimate software that, when misused or exploited, c...
-
Source: justice.gov
Link: https://www.justice.gov/archive/criminal/cybercrime/press-releases/2002/mckinnonIndict.htmSource snippet
Department of JusticeLondon, England Hacker Indicted Under Computer Fraud...McKinnon installed a remote administration tool, a number of...
-
Source: media.defense.gov
Title: Mc Kinnon comphacker
Link: https://media.defense.gov/2002/Nov/12/2001711901/-1/-1/1/McKinnon_comphacker.pdfSource snippet
Department of WarU.S. Department of Justice United States Attorney Eastern...12 Nov 2002 — The indictment alleges that Gary McKinnon sca...
-
Source: justice.gov
Link: https://www.justice.gov/archive/usao/nj/Press/files/pdffiles/Older/edva_mckinnon_indictment.pdfSource snippet
IndictmentDefendant GARY MCKINNON was an unemployed computer system administrator living in London, England. h. The above introductory al...
-
Source: malicious.life
Link: https://malicious.life/episode/us_vs_gary_mckinnon/Source snippet
The US vs. Gary McKinnonFinally, onto the unsecured computers he found, Solo uploaded RemotelyAnywhere, a remote access tool.... antivir...
-
Source: theguardian.com
Link: https://www.theguardian.com/theguardian/2005/jul/09/weekend7.weekend2Source snippet
The GuardianGame over | Gary McKinnon9 Jul 2005 —... software called RemotelyAnywhere as a hacking programme. The programme, made by 3am...
-
Source: schneier.com
Title: Gary Mc Kinnon
Link: https://www.schneier.com/blog/archives/2008/08/garuy_mckinnon.htmlSource snippet
Gary McKinnon - Schneier on SecurityAugust 4, 2008 — The interview I saw with McKinnon implied that he just hit systems with the default...
Published: August 4, 2008
-
Source: nordvpn.com
Link: https://nordvpn.com/blog/riskware/?srsltid=AfmBOorUniN6b0ILhM-uKAZMJ_Rgy_Pcy0OikDOzt1JJFTwVtCx4QUVYSource snippet
everything you need to know15 May 2024 — Riskware is legitimate software that can be exploited or reused by hackers to wreak havoc on a c...
Published: May 2024
-
Source: theguardian.com
Link: https://www.theguardian.com/technology/2005/jul/27/hacking.internetcrimeSource snippet
Hacker 'left note on US army computer' | Hacking27 Jul 2005 — Mr McKinnon, 39, faces extradition to the US over claims he accessed dozens...
-
Source: theguardian.com
Link: https://www.theguardian.com/technology/2005/jun/09/hacking.internetcrimeSource snippet
'Biggest hacker' fights extradition | Hacking9 Jun 2005 — US prosecutors have alleged that Gary McKinnon, 39, from Wood Green, north Lond...
-
Source: GOV.UK
Title: latest on gary mckinnon case
Link: https://www.gov.uk/government/news/latest-on-gary-mckinnon-caseSource snippet
on Gary McKinnon case4 Nov 2010 — Mr McKinnon is accused by US authorities of the unauthorised access of 97 government computers concerne...
-
Source: Wikipedia
Title: Gary Mc Kinnon
Link: https://en.wikipedia.org/wiki/Gary_McKinnonSource snippet
Gary McKinnonGary McKinnon (born February 1966) is a Scottish systems administrator and hacker who was accused by a US prosecutor in 2...
Published: February 1966
-
Source: media.techtarget.com
Link: https://media.techtarget.com/rms/computerweekly/DowntimePDF/pdf/mckinnon.pdfSource snippet
re GARY MCKINNON23 Sept 2001 — Using various tools, in particular software known as NT Info he would identify insecurities in computer ne...
Additional References
-
Source: reddit.com
Link: https://www.reddit.com/r/hacking/comments/1etqs6b/how_gary_mckinnon_did_what_he_did/ -
Source: vlex.co.uk
Link: https://vlex.co.uk/vid/mckinnon-v-united-states-793612009Source snippet
McKinnon v United States of AmericaHaving gained access to those administrative accounts, he installed unauthorised remote access and adm...
-
Source: academia.edu
Link: https://www.academia.edu/72391270/Hackers_beware_the_cautionary_story_of_Gary_McKinnonSource snippet
This enabled further access and the ability to alter data without detection. He also installed further ―...Read more...
-
Source: blackhatethicalhacking.com
Title: gary mckinnon and the biggest military computer hack of all time
Link: https://www.blackhatethicalhacking.com/articles/gary-mckinnon-and-the-biggest-military-computer-hack-of-all-time/Source snippet
Hacking Stories: Gary McKinnon and the "biggest military...16 Nov 2020 — McKinnon became infamous when it was discovered that he had hac...
-
Source: reddit.com
Link: https://www.reddit.com/r/UFOs/comments/1bmekj3/the_man_who_hacked_the_us_government_looking_for/Source snippet
The Man Who Hacked the U.S. Government (looking for...Gary McKinnon, the man who famously hacked into NASA in 2001 in search of evidence...
-
Source: pinsentmasons.com
Title: alleged uk hacker will fight extradition to us
Link: https://www.pinsentmasons.com/out-law/news/alleged-uk-hacker-will-fight-extradition-to-usSource snippet
14 Nov 2002 — Once he was able to access the computers, McKinnon is alleged to have installed a remote administration tool, a number of h...
-
Source: us.norton.com
Title: What is riskware + how to spot and avoid it
Link: https://us.norton.com/blog/emerging-threats/riskwareSource snippet
is riskware + how to spot and avoid it - Norton15 Mar 2023 — Riskware is legitimate software that has the potential to turn malicious and...
-
Source: pinsentmasons.com
Title: pentagon hacker mckinnon fights extradition
Link: https://www.pinsentmasons.com/out-law/news/pentagon-hacker-mckinnon-fights-extraditionSource snippet
'Pentagon hacker' McKinnon fights extradition28 Jul 2005 — McKinnon is accused of scanning networks for vulnerabilities and extracting ad...
-
Source: redhotcyber.com
Title: famous hackers the story of gary mckinnon
Link: https://www.redhotcyber.com/en/post/famous-hackers-the-story-of-gary-mckinnon/Source snippet
Famous Hackers: The Story of Gary McKinnon.1 Jul 2025 — On these unsecured machines, McKinnon installed a software program called Remotel...
-
Source: verticalvertical.com
Link: https://verticalvertical.com/hacking-the-pentagon-in-search-of-ufosSource snippet
Hacking the Pentagon in search of UFO'sIn November 2002, Gary McKinnon was indicted by a federal grand jury in the Eastern District of Vi...
Published: November 2002
Topic Tree