Within Remote Tools
Why Stolen Password Files Raised the Stakes
Password files were not just trophies; they could help an intruder move from one military or NASA machine to the next.
On this page
- What password files could reveal
- How hashes and reused credentials enabled movement
- Why the Earle password allegation mattered
Page outline Jump by section
Introduction
In the Gary McKinnon case, copied password files mattered because they allegedly transformed isolated access to individual computers into a pathway through much larger government networks. The central issue was not simply that files containing passwords were taken. Prosecutors alleged that operating-system files containing account names and encrypted passwords were copied from numerous Army, Navy and NASA computers, creating the possibility of using one compromised system as a stepping stone to reach others. In early-2000s Windows environments, where administrative credentials were often reused and network trust relationships were common, credential harvesting could dramatically expand the scope of an intrusion. [UK Parliament]publications.parliament.ukmckinn 1UK ParliamentMckinnon V Government of The United States of America…Jul 30, 2008 — The appellant also copied data and files onto his ow…
This mechanism helps explain why the allegations against McKinnon were viewed as more serious than unauthorised browsing. According to US court and extradition materials, the copied password data was allegedly part of a broader pattern in which compromised machines were used to identify and reach additional military and NASA systems. [UK Parliament]publications.parliament.ukmckinn 1UK ParliamentMckinnon V Government of The United States of America…Jul 30, 2008 — The appellant also copied data and files onto his ow…
What password files could reveal
The key files at issue were not plain-text lists of passwords. According to court records, McKinnon was accused of copying operating-system files that contained account names and encrypted passwords from 22 computers across Army, Navy and NASA networks. The House of Lords judgment summarising the US allegations stated that these files included approximately 950 passwords from server computers at Naval Weapons Station Earle. [UK Parliament]publications.parliament.ukmckinn 1UK ParliamentMckinnon V Government of The United States of America…Jul 30, 2008 — The appellant also copied data and files onto his ow…
Even in encrypted form, such files could be valuable. Windows systems stored password hashes—mathematical representations of passwords rather than the passwords themselves. Security researchers have long noted that possession of hashes can allow an attacker to attempt offline password-cracking or to exploit authentication mechanisms that rely on the hash itself. The significance therefore lay not in reading passwords directly but in obtaining credential material that could potentially unlock additional systems. [UK Parliament]publications.parliament.ukmckinn 1UK ParliamentMckinnon V Government of The United States of America…Jul 30, 2008 — The appellant also copied data and files onto his ow…
For investigators, the alleged copying of these files was important because it suggested a deliberate effort to gather credentials rather than merely view documents. The indictment and later legal proceedings repeatedly treated password-file copying as a distinct part of the alleged activity, alongside remote-access software installation and file deletion. [Department of Justice]justice.govDepartment of JusticeLondon, England Hacker Indicted Under Computer Fraud…Gary McKinnon, of London, England, was indicted in Alexandri…
How hashes and reused credentials enabled movement
To understand why prosecutors emphasised password files, it helps to consider how many enterprise networks operated at the time. Large Windows environments frequently relied on shared administrative practices. Password reuse between servers, workstations and administrative accounts was far more common than it is today, and network segmentation was often weaker. [Future Intelligence]futureintelligence.co.ukFuture Intelligence Gary Mc Kinnon was unluckyHe's not even a very good hacker18 Oct 2012 — How he would search for blank passwords and then once inside the US computers, install a re…
In such an environment, obtaining credentials from one machine could create several opportunities:
- An account might work on multiple systems because administrators reused passwords.
- Administrative accounts could have privileges extending across entire network segments.
- Password hashes could be analysed offline, allowing repeated cracking attempts without interacting with the target network.
- Credentials from one organisation’s server could reveal naming conventions and account structures useful for locating further targets.
The allegation in the McKinnon case was that compromised systems became launch points for discovering and accessing additional military and NASA computers. Court proceedings described how he allegedly gained access to administrative accounts, installed remote-access software, copied password files and then used compromised machines to identify further victims. [The Guardian]theguardian.comThe GuardianHacker 'left note on US army computer' | Hacking27 Jul 2005 — Mr McKinnon, 39, faces extradition to the US over claims he acc…
This is what security professionals mean by lateral movement: progressing from one foothold to another rather than relying on a single point of entry. Although the term became more widely used later, the underlying technique was already well understood. Credential harvesting was the mechanism that could turn dozens of loosely connected computers into a much larger network problem. [Department of Justice]justice.govDepartment of JusticeLondon, England Hacker Indicted Under Computer Fraud…Gary McKinnon, of London, England, was indicted in Alexandri…
Why the Earle password allegation mattered
Among the most frequently cited allegations was the copying of password-related files from systems at Naval Weapons Station Earle in New Jersey. The House of Lords summary of the US case specifically referenced approximately 950 passwords associated with server computers at the base. [UK Parliament]publications.parliament.ukmckinn 1UK ParliamentMckinnon V Government of The United States of America…Jul 30, 2008 — The appellant also copied data and files onto his ow…
The importance of this allegation was not merely the number itself. Prosecutors argued that Earle’s systems formed part of a wider naval network and that deletion of logs and files there rendered more than 300 computers inoperable after the September 2001 attacks. The allegation that password information was also taken suggested a risk extending beyond the immediate disruption of the local network. [UK Parliament+2The Guardian]publications.parliament.ukmckinn 1UK ParliamentMckinnon V Government of The United States of America…Jul 30, 2008 — The appellant also copied data and files onto his ow…
From an evidential perspective, the Earle allegations illustrated why investigators treated credential files differently from ordinary documents. A copied report or spreadsheet might reveal information. A copied password database could potentially provide access. That distinction helps explain why legal summaries repeatedly mentioned the password files separately from other data allegedly obtained. [UK Parliament]publications.parliament.ukmckinn 1UK ParliamentMckinnon V Government of The United States of America…Jul 30, 2008 — The appellant also copied data and files onto his ow…
Why password harvesting raised the stakes
The popular image of the “UFO hacker” often focuses on McKinnon’s stated search for evidence of extraterrestrial technology or hidden space programmes. Yet the technical allegations that most concerned investigators involved network access, administrative control and credential collection. [WIRED]wired.comufo hacker tells what he foundWIRED'UFO Hacker' Tells What He FoundJun 21, 2006 — The search for proof of the existence of UFOs landed Gary McKinnon in a world of trou…
Remote-administration software such as RemotelyAnywhere allowed continued access to a machine. Password files potentially allowed access to additional machines. Together, those mechanisms created a multiplier effect: one vulnerable computer could become a platform for reaching many others. Prosecutors argued that this was precisely what occurred across military and NASA networks during the period covered by the indictment. [Wikisource+2Department of Justice]en.wikisource.orgUS v Gary Mc Kinnon IndictmentUS v Gary McKinnon Indictment27 Feb 2021 — RemotelyAnywhere is a software program that provides a remote access and remote admi…
For that reason, the copied password files were not treated as trophies or incidental downloads. In the government’s account of the case, they were part of the mechanism that allegedly enabled movement through connected Windows networks and elevated what might otherwise have been isolated intrusions into a much broader security concern. [UK Parliament]publications.parliament.ukmckinn 1UK ParliamentMckinnon V Government of The United States of America…Jul 30, 2008 — The appellant also copied data and files onto his ow…
eBay marketplace picks
Marketplace Samples
Example marketplace items related to this page. Use the search link to explore similar finds on eBay.
Endnotes
-
Source: publications.parliament.uk
Title: mckinn 1
Link: https://publications.parliament.uk/pa/ld200708/ldjudgmt/jd080730/mckinn-1.htmSource snippet
UK ParliamentMckinnon V Government of The United States of America...Jul 30, 2008 — The appellant also copied data and files onto his ow...
-
Source: justice.gov
Link: https://www.justice.gov/archive/criminal/cybercrime/press-releases/2002/mckinnonIndict.htmSource snippet
Department of JusticeLondon, England Hacker Indicted Under Computer Fraud...Gary McKinnon, of London, England, was indicted in Alexandri...
-
Source: time.com
Title: hack attack 2
Link: https://time.com/archive/6943962/hack-attack-2/Source snippet
Hack Attack30 Jul 2008 — 2001 and March 2002 McKinnon hacked into 81 U.S. armed forces computers and another 16 belonging to NASA, compro...
Published: March 2002
-
Source: wired.com
Title: ufo hacker tells what he found
Link: https://www.wired.com/2006/06/ufo-hacker-tells-what-he-found/Source snippet
WIRED'UFO Hacker' Tells What He FoundJun 21, 2006 — The search for proof of the existence of UFOs landed Gary McKinnon in a world of trou...
-
Source: en.wikisource.org
Title: US v Gary [Mc Kinnon]({{ ‘mc-kinnon/’ | relative_url }}) Indictment
Link: https://en.wikisource.org/wiki/US_v_Gary_McKinnon_IndictmentSource snippet
US v Gary McKinnon Indictment27 Feb 2021 — RemotelyAnywhere is a software program that provides a remote access and remote admi...
-
Source: wired.com
Title: dot mil hackers download mistake
Link: https://www.wired.com/2002/11/dot-mil-hackers-download-mistake/Source snippet
Dot-Mil Hacker's Download Mistake15 Nov 2002 — Gary McKinnon, the Briton indicted this week for hacking into scores of U.S. military comp...
-
Source: futureintelligence.co.uk
Title: Future Intelligence Gary Mc Kinnon was unlucky
Link: https://www.futureintelligence.co.uk/2012/10/18/gary-mckinnon-was-unlucky-hes-not-even-a-good-hacker/Source snippet
He's not even a very good hacker18 Oct 2012 — How he would search for blank passwords and then once inside the US computers, install a re...
-
Source: theguardian.com
Link: https://www.theguardian.com/technology/2005/jul/27/hacking.internetcrimeSource snippet
The GuardianHacker 'left note on US army computer' | Hacking27 Jul 2005 — Mr McKinnon, 39, faces extradition to the US over claims he acc...
-
Source: theguardian.com
Title: gary [mckinnon timeline]({{ ‘timeline/’ | relative_url }}) extradition
Link: https://www.theguardian.com/world/2012/oct/16/gary-mckinnon-timeline-extraditionSource snippet
Gary McKinnon timeline: events leading up to extradition...Oct 16, 2012 — British computer hacker Gary McKinnon has been living under th...
-
Source: theguardian.com
Link: https://www.theguardian.com/theguardian/2005/jul/09/weekend7.weekend2Source snippet
Game over | Gary McKinnon9 Jul 2005 — Gary McKinnon has been accused of committing the 'biggest military computer hack of all time', and...
-
Source: Wikipedia
Title: Gary Mc Kinnon
Link: https://en.wikipedia.org/wiki/Gary_McKinnonSource snippet
Gary McKinnonMcKinnon was also accused of copying data, account files and passwords onto his own computer. US authorities stated that...
-
Source: media.techtarget.com
Link: https://media.techtarget.com/rms/computerweekly/DowntimePDF/pdf/mckinnon.pdfSource snippet
re GARY MCKINNON23 Sept 2001 — Between February 2001 and March 2002 Gary McKinnon gained unauthorised access to a number of US Government...
Published: February 2001
Additional References
-
Source: guinnessworldrecords.de
Link: https://guinnessworldrecords.de/world-records/90133-biggest-military-computer-hackSource snippet
Biggest military computer hackGary McKinnon, a 42-year old Englishman, is accused of hacking into 97 US military computers (53 US Army, 2...
-
Source: linuxsecurity.com
Link: https://linuxsecurity.com/news/hackscracks/dot-mil-hackers-download-mistakeSource snippet
Gary McKinnon Indicted For Hacking U.S. Military SystemsIn a dramatic case, Gary McKinnon faced charges for breaching defense systems, wi...
-
Source: reddit.com
Link: https://www.reddit.com/r/hacking/comments/1etqs6b/how_gary_mckinnon_did_what_he_did/ -
Source: cybereason.com
Link: https://www.cybereason.com/blog/malicious-life-podcast-the-u.s-vs.-gary-mckinnonSource snippet
Malicious Life Podcast: The U.S. vs. Gary McKinnonGary McKinnon, a British hacker with Asperger's, broke into NASA and US Army networks t...
-
Source: cybernews.com
Title: nasa gary mckinnon hacking ufo
Link: https://cybernews.com/news/nasa-gary-mckinnon-hacking-ufo/Source snippet
“Non-terrestrial officers:” the UFO files Gary McKinnon says...Mar 2, 2026 — McKinnon further claims that he downloaded an Excel spreads...
-
Source: arxiv.org
Link: https://arxiv.org/abs/1706.01939 -
Source: youtube.com
Link: https://www.youtube.com/watch?v=b5afwWUYWVQSource snippet
PM Discusses The Fate Of Hacker Gary McKinnon...
-
Source: youtube.com
Title: The Man Who Hacked the U.S. Government
Link: https://www.youtube.com/watch?v=ND0zQX1rGdgSource snippet
Gary McKinnon Case (Interview from 2009)...
-
Source: youtube.com
Title: PM Discusses The Fate Of Hacker Gary Mc Kinnon
Link: https://www.youtube.com/watch?v=WChPMnpJncoSource snippet
UK hacker to learn extradition fate...
-
Source: youtube.com
Title: UK hacker to learn extradition fate
Link: https://www.youtube.com/watch?v=LEvGU1b4yswSource snippet
UK Hacker extradition to US blocked...
Topic Tree