Branchoria UFO Hackers UFO Hackers

The hacking cases, UFO claims, court battles, and evidence gaps behind a modern myth.

Within Weak Security

When Admin Tools Become Backdoors

Legitimate remote-control tools became risky when installed without permission, monitoring, or clear administrative boundaries.

On this page

  • Why ordinary remote software was hard to treat as malware
  • How persistence changed the breach
  • What controls military networks needed around remote access
Preview for When Admin Tools Become Backdoors

Introduction

One of the most revealing technical lessons from the Gary McKinnon case was not a sophisticated exploit or a secret vulnerability. It was the alleged use of ordinary remote-administration software to maintain access after initial entry. In networks connected to military operations, a legitimate management tool can become an unauthorised backdoor when it is installed without approval, monitoring, or clear administrative control.

Remote Tools illustration 1 According to US prosecutors and later technical accounts of the case, McKinnon allegedly installed the commercial remote-access product RemotelyAnywhere on compromised systems. The software was designed for legitimate administration, but when deployed by an unauthorised user it effectively provided continuing remote control over affected machines. The episode highlighted a broader security problem that extends far beyond the UFO-related motives associated with the case: trusted software can become a security risk when trust in the software replaces trust in the person operating it. [Department of Justice+2IEEE Spectrum]justice.govDepartment of Justice British National Charged with Hacking Into N.JMcKinnon, RemotelyAnywhere is a commercially available software program that allows an individual to remotely control a com…

Why Ordinary Remote Software Was Hard to Treat as Malware

A common misconception is that unauthorised access always depends on specialised hacking tools. In reality, many intrusions rely on software that system administrators themselves use every day.

RemotelyAnywhere was marketed as a remote administration product that allowed users to control computers over a network or the internet. Its capabilities included remote desktop access, file management, system administration functions, and remote monitoring. None of these functions were inherently malicious; they were the same features that legitimate administrators used to manage systems from a distance. [c1323042.ssl.cf0.rackcdn.com]c1323042.ssl.cf0.rackcdn.comRemotely Anywhere User GuideRemotelyAnywhere User GuideJanuary 26, 2011 — RemotelyAnywhere is a remote administration tool that lets you control and administer Micro…Published: January 26, 2011

This distinction mattered because traditional security approaches often focused on identifying obviously malicious programs. A commercial administration package did not necessarily look suspicious. The Guardian later issued a correction specifically noting that RemotelyAnywhere was not a hacking tool but a legitimate remote-access and administration product used by enterprises. [The Guardian]theguardian.comThe GuardianGame over | Gary McKinnon9 Jul 2005 — Gary McKinnon has been accused of committing the 'biggest military computer hack of all…

The security challenge was therefore behavioural rather than technical. A network could correctly identify the software and still fail to identify that the person using it lacked authorisation. The danger came from the installation context and the operator’s identity, not from the program’s intended purpose.

This problem remains relevant today. Modern cybersecurity agencies continue to warn that attackers frequently abuse legitimate remote monitoring and management tools because they blend into normal administrative activity and often evade security controls designed to detect malware. [CISA+2Malwarebytes]cisa.govProtecting Against Malicious Use of Remote Monitoring…26 Jan 2023 — In October 2022, CISA identified a widespread cyber campaign i…Published: October 2022

The Man Who Hacked the U.S. Government

Channel: Newsthink · Views: 816.8K · Uploaded: March 2024 · Length: 18 minutes

Open on YouTube

How Persistence Changed the Breach

The installation of remote-administration software transformed what might otherwise have been a temporary intrusion into a persistent presence.

US prosecutors alleged that after gaining access to systems, McKinnon installed RemotelyAnywhere on Navy computers and then returned repeatedly through the software rather than relying on the original access method each time. The indictment described the software as a commercially available product that enabled remote control of a computer via the internet. Prosecutors further alleged that it was used during subsequent unauthorised access to obtain password data from connected servers. [Department of Justice]justice.govDepartment of Justice British National Charged with Hacking Into N.JMcKinnon, RemotelyAnywhere is a commercially available software program that allows an individual to remotely control a com…

Technical descriptions of the case explain why this mattered. Once installed, the software allegedly allowed continued access, file browsing, file transfer, and monitoring of user activity. IEEE Spectrum reported that McKinnon could observe activity on compromised machines and disconnect when legitimate users appeared, reducing the likelihood of immediate detection. [IEEE Spectrum]spectrum.ieee.orgIEEE SpectrumGary McKinnon: The Autistic HackerMcKinnon installed a software program called RemotelyAnywhere, which allows remote access…

From a security perspective, persistence is often more significant than the initial compromise. A weak password may provide entry once. A remote-administration agent can provide access indefinitely until discovered and removed. That shift changes an intrusion from a single event into an ongoing security problem.

In military environments, persistence creates additional risks:

  • Sensitive information can be accessed over extended periods.
  • User activity can be monitored.
  • Additional credentials may be collected.
  • Network mapping becomes easier.
  • Access can survive password changes if the remote tool remains installed.
  • Multiple systems can be managed from a single external connection.

The alleged use of remote-access software therefore represented more than convenience. It converted a point-in-time breach into a continuing capability. [Department of Justice+2IEEE Spectrum]justice.govDepartment of Justice British National Charged with Hacking Into N.JMcKinnon, RemotelyAnywhere is a commercially available software program that allows an individual to remotely control a com…

Remote Tools illustration 2

The Trust Problem Inside Military Networks

The McKinnon case exposed a difficult reality for defenders: software that is useful for administrators is also useful for intruders.

Military and government networks often require remote-management capabilities because systems are distributed across multiple locations. Administrators need ways to diagnose problems, deploy updates, and manage machines without physically visiting each device. As a result, remote-access technology is not unusual; in many environments it is essential.

The problem arises when organisations focus on whether software is approved but fail to verify who installed it, why it was installed, and whether its activity matches authorised operations.

A legitimate remote-management application can create the same practical result as a custom backdoor if:

  • It is installed without approval.
  • Its network communications are not monitored.
  • Its administrative accounts are uncontrolled.
  • Asset inventories do not record its presence.
  • Security teams cannot distinguish authorised from unauthorised operators.

The McKinnon allegations demonstrated how quickly this distinction can disappear. Prosecutors argued that once the software had been deployed, affected systems could be controlled remotely without the visibility normally expected from authorised administration. [The Guardian]theguardian.comThe GuardianHacker 'left note on US army computer' | Hacking27 Jul 2005 — Mr McKinnon, having gained access to administrative accounts, i…

Gary McKinnon Case (Interview from 2009)

Channel: Bill Buchanan OBE · Views: 15.3K · Uploaded: February 2017 · Length: 1 minute 37 seconds

Open on YouTube

What Controls Military Networks Needed Around Remote Access

The security lesson was not that remote-administration software should be banned. The lesson was that remote access itself required governance equal to its power.

Several controls have since become standard practice precisely because incidents involving legitimate administration tools revealed their importance.

Strict Application Control

Remote-management products should be explicitly authorised, inventoried, and monitored. Any installation outside approved channels should generate alerts. Unknown remote-access software should be treated as a potential security incident until proven otherwise.

Administrative Separation

Remote-access capabilities should be restricted to designated administrators using dedicated accounts. Shared credentials and broad administrative privileges make it difficult to determine who performed an action and whether it was authorised.

Remote Tools illustration 3

Continuous Monitoring

Remote sessions should generate detailed logs recording who connected, when they connected, what systems they accessed, and what actions they performed. Visibility is essential because legitimate software can otherwise mask unauthorised behaviour.

Network Segmentation

A single compromised machine should not automatically provide access to broader military or operational networks. Segmentation limits the value of any remote-access tool that is installed without permission.

Software Inventory and Auditing

Organisations must know which remote-management products exist within their environment. Periodic audits can identify unauthorised installations before they become long-term persistence mechanisms.

These controls reflect a broader shift in cybersecurity thinking. Modern guidance increasingly recognises that trusted software cannot automatically be trusted simply because it was created for legitimate purposes. The security question is no longer just “What software is running?” but also “Who is controlling it, and should they be?” [CISA+2Malwarebytes]cisa.govProtecting Against Malicious Use of Remote Monitoring…26 Jan 2023 — In October 2022, CISA identified a widespread cyber campaign i…Published: October 2022

Goodbye loaders, hello RMM: the rise of legit software in ecrime campaigns

Channel: Virus Bulletin

Open on YouTube

When a Backdoor Is Not Technically a Backdoor

The most enduring lesson from this aspect of the McKinnon case is that a backdoor does not always look like one.

Traditional discussions of backdoors often focus on hidden code, secret access mechanisms, or specially designed malicious software. The alleged use of RemotelyAnywhere showed a different model. A commercially available administrative product could provide many of the same practical capabilities when installed by an unauthorised user. [Department of Justice]justice.govDepartment of Justice British National Charged with Hacking Into N.JMcKinnon, RemotelyAnywhere is a commercially available software program that allows an individual to remotely control a com…

That distinction helps explain why the case remains relevant in discussions of military network security. The weakness was not simply that remote-control software existed. The weakness was that legitimate administrative capability could allegedly be introduced into sensitive systems without effective oversight. Once that occurred, the software’s legitimacy became part of the problem rather than part of the defence. [The Guardian+2IEEE Spectrum]theguardian.comThe GuardianHacker 'left note on US army computer' | Hacking27 Jul 2005 — Mr McKinnon, having gained access to administrative accounts, i…

Amazon book picks

Further Reading

Books and field guides related to When Admin Tools Become Backdoors. Use these as the next step if you want deeper reading beyond the article.

Browse more on Amazon: Hacking Exposed The Cuckoo's Egg Practical Malware Analysis

As an Amazon Associate I earn from qualifying purchases.

eBay marketplace picks

Marketplace Samples

Example marketplace items related to this page. Use the search link to explore similar finds on eBay.

Using USA
Browse more on eBay.co.uk

Example items shown for inspiration; availability and pricing can change. Branchoria may earn a commission if you purchase through outbound eBay links.

Endnotes

  1. Source: justice.gov
    Title: Department of Justice British National Charged with Hacking Into N.J
    Link: https://www.justice.gov/archive/criminal/cybercrime/press-releases/2002/mckinnonIndict2.htm
    Source snippet

    McKinnon, RemotelyAnywhere is a commercially available software program that allows an individual to remotely control a com...

  2. Source: spectrum.ieee.org
    Link: https://spectrum.ieee.org/the-autistic-hacker
    Source snippet

    IEEE SpectrumGary McKinnon: The Autistic HackerMcKinnon installed a software program called RemotelyAnywhere, which allows remote access...

  3. Source: c1323042.ssl.cf0.rackcdn.com
    Title: Remotely Anywhere User Guide
    Link: https://c1323042.ssl.cf0.rackcdn.com/RemotelyAnywhere10_UserGuide.pdf
    Source snippet

    RemotelyAnywhere User GuideJanuary 26, 2011 — RemotelyAnywhere is a remote administration tool that lets you control and administer Micro...

    Published: January 26, 2011

  4. Source: cisa.gov
    Link: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-025a
    Source snippet

    Protecting Against Malicious Use of Remote Monitoring...26 Jan 2023 — In October 2022, CISA identified a widespread cyber campaign i...

    Published: October 2022

  5. Source: malwarebytes.com
    Title: how attackers use real it tools to take over your computer
    Link: https://www.malwarebytes.com/blog/news/2025/12/how-attackers-use-real-it-tools-to-take-over-your-computer
    Source snippet

    3 Dec 2025 — We've seen a new wave of attacks exploiting legitimate Remote Monitoring and Management (RMM) tools to remotely control vict...

  6. Source: theguardian.com
    Link: https://www.theguardian.com/technology/2005/jul/27/hacking.internetcrime
    Source snippet

    The GuardianHacker 'left note on US army computer' | Hacking27 Jul 2005 — Mr McKinnon, having gained access to administrative accounts, i...

  7. Source: theguardian.com
    Link: https://www.theguardian.com/theguardian/2005/jul/09/weekend7.weekend2
    Source snippet

    The GuardianGame over | Gary McKinnon9 Jul 2005 — Gary McKinnon has been accused of committing the 'biggest military computer hack of all...

  8. Source: tarrdaniel.com
    Link: https://www.tarrdaniel.com/documents/Ufology/gary_mckinnon_case.html
    Source snippet

    UFO - Ufology - The Gary McKinnon CaseOn these unsecure machines, McKinnon installed a software program called RemotelyAnywhere, which al...

  9. Source: Wikipedia
    Title: Gary [Mc Kinnon]({{ ‘mc-kinnon/’ | relative_url }})
    Link: https://en.wikipedia.org/wiki/Gary_McKinnon
    Source snippet

    Gary McKinnonGary McKinnon is a Scottish systems administrator and hacker who was accused by a US prosecutor in 2002 of perpetrating t...

Additional References

  1. Source: facebook.com
    Link: https://www.facebook.com/groups/981838061847587/posts/6197245656973442/
    Source snippet

    Legitimate software prevents security issuesGet legitimate software. These hacks are a ticking time bomb. There is no solution to this gu...

  2. Source: cybereason.com
    Link: https://www.cybereason.com/blog/malicious-life-podcast-the-u.s-vs.-gary-mckinnon
    Source snippet

    Malicious Life Podcast: The U.S. vs. Gary McKinnonGary McKinnon, a British hacker with Asperger's, broke into NASA and US Army networks t...

  3. Source: infoworld.com
    Title: threatened by anonymous symantec tells users to pull pcanywhere s plug 3
    Link: https://www.infoworld.com/article/2298991/threatened-by-anonymous-symantec-tells-users-to-pull-pcanywhere-s-plug-3.html
    Source snippet

    Threatened by Anonymous, Symantec tells users to pull...26 Jan 2012 — Symantec this week took the highly unusual step of telling users o...

  4. Source: remoteaccess.itarian.com
    Title: how can hackers gain unwanted access through remote access software
    Link: https://remoteaccess.itarian.com/blog/how-can-hackers-gain-unwanted-access-through-remote-access-software
    Source snippet

    can Hackers Gain Unwanted Access Through Remote...2 May 2019 — Using remote access software outside of a local network can also enable h...

    Published: May 2019

  5. Source: blackhatethicalhacking.com
    Title: gary mckinnon and the biggest military computer hack of all time
    Link: https://www.blackhatethicalhacking.com/articles/gary-mckinnon-and-the-biggest-military-computer-hack-of-all-time/
    Source snippet

    Hacking Stories: Gary McKinnon and the "biggest military...16 Nov 2020 — On these unsecured machines, McKinnon installed a software prog...

  6. Source: hothardware.com
    Title: cisa warns heightened hacking threat legit remote desktop tools
    Link: https://hothardware.com/news/cisa-warns-heightened-hacking-threat-legit-remote-desktop-tools
    Source snippet

    CISA Warns Of Heightened Hacking Threat Using Legit...26 Jan 2023 — RMM software, similar to remote desktop software, provides users wit...

  7. Source: itnews.com.au
    Title: profile gary mckinnon mastermind behind us military hack 82789
    Link: https://www.itnews.com.au/feature/profile-gary-mckinnon-mastermind-behind-us-military-hack-82789
    Source snippet

    Profile: Gary McKinnon mastermind behind US military hack4 Jun 2007 — McKinnon managed to access so many military-grade systems with off...

  8. Source: reddit.com
    Title: ama with gary mckinnon this thursday 7pm gmt
    Link: https://www.reddit.com/r/UFOs/comments/sxt4ho/ama_with_gary_mckinnon_this_thursday_7pm_gmt/
    Source snippet

    AMA with Gary McKinnon this Thursday @ 7pm GMT: r/UFOs2009 article (mentions specifically the remote desktop program he was using was Re...

  9. Source: reddit.com
    Link: https://www.reddit.com/r/UFOs/comments/t0imdw/hi_im_gary_mckinnon_i_was_in_the_news_for_a/
    Source snippet

    Hi, i'm Gary Mckinnon. I was in the news for a decade after...I was arrested in March 2002 for 'hacking' into various.gov/.mil networks...

    Published: March 2002

  10. Source: redhotcyber.com
    Title: famous hackers the story of gary mckinnon
    Link: https://www.redhotcyber.com/en/post/famous-hackers-the-story-of-gary-mckinnon/
    Source snippet

    Famous Hackers: The Story of Gary McKinnon.1 Jul 2025 — On these unsecured machines, McKinnon installed a software program called Remotel...

Topic Tree

Follow this branch

Parent topic

Weak Security How Weak Security Made the Case Bigger

Related pages 5