The Tools Behind Early UFO Hacking

Introduction

Remote administration tools were central to the Gary McKinnon story because they turned weakly protected machines into systems that could be revisited, searched and controlled from afar. The important point is not that McKinnon used highly exotic malware. Court records, US Department of Justice statements and contemporary reporting describe a more ordinary early-2000s pattern: exposed Windows systems, weak or blank administrator passwords, copied password files, and a commercial remote-access package called RemotelyAnywhere. In the UFO-hacker narrative, those tools were the bridge between McKinnon’s search for hidden NASA or defence files and the US government’s much harsher allegation that he compromised military and space-agency computers at scale. [Department of Justice+2UK Parliament]justice.govDepartment of JusticeLondon, England Hacker Indicted Under Computer Fraud…One count charges McKinnon with accessing and damaging witho…

That distinction matters because it makes the case less like a Hollywood break-in and more like a period piece about poor configuration. Early-2000s networks often exposed administrative services that were convenient for legitimate support staff but dangerous when reachable from the internet. In McKinnon’s case, the alleged mechanism was not simply “hacking into NASA”; it was remote access layered on top of password weakness, file sharing, and network trust.

Remote administration software made ordinary access persistent

The tool most closely associated with the McKinnon allegations is RemotelyAnywhere, a legitimate commercial remote administration package. The US indictment described it as software that provided remote access and administration for internet-connected computers, allowing a user to control a host computer remotely and access many administrative functions. The House of Lords later summarised the US allegation that, after gaining access to administrative accounts, McKinnon installed unauthorised remote access and administrative software called “remotely anywhere”. [Wikisource]en.wikisource.orgUS v Gary Mc Kinnon IndictmentUS v Gary McKinnon IndictmentAugust 5, 2009 — 27 Feb 2021 — RemotelyAnywhere provides the user with the ability to transfer…Published: August 5, 2009

That detail is important because legitimate remote administration software sat in an ambiguous security category. It was not necessarily malware in itself. System administrators used remote-control packages to manage machines without being physically present. But once installed without authorisation, the same capability became a back door: a way to return to a machine, browse files, transfer data, alter settings, and keep using the system after the first break-in. Wired reported in 2002 that McKinnon allegedly used RemotelyAnywhere rather than underground backdoor tools such as NetBus or Back Orifice, and that this helped him avoid the sort of antivirus alarms associated with more obviously malicious programs. [WIRED]wired.commilitary computers. He managed to avoid detection for almost a year by employing the legitimate remote-access software RemotelyAnywhere…

The alleged operational logic was simple. A weakly protected Windows machine was found, administrative access was obtained, and remote-control software was installed so the system could be used again later. US charging material said that once McKinnon accessed computers and gained administrative privileges, he installed a remote administration tool, installed other tools, copied password files, deleted user accounts, deleted critical system files, and then used compromised machines to find further US military and NASA victims. [U.S. Department of War]media.defense.govU.S. Department of War U.S. Department of Justice United States Attorney EasternU.S. Department of War U.S. Department of Justice United States Attorney Eastern(https://media.defense.gov/2002/Nov/12/2001711901/-1/-1/1/McKinnon_comphacker.pdf)

This is why the McKinnon case belongs in the history of remote administration tools as much as in UFO folklore. His stated motive was the search for UFO and “free energy” information, but the alleged mechanism was a recognisable administrative failure: remote access software and exposed Windows administration features gave an unauthorised user the sort of reach that should have required trusted credentials, monitoring and approval. [WIRED]wired.comUFO Hacker' Tells What He FoundUFO Hacker' Tells What He Found

Password file copying turned one machine into a stepping stone

The second mechanism was credential harvesting. The US allegations did not stop at remote viewing or curiosity-driven browsing. Official and court sources said McKinnon copied operating-system files containing account names and encrypted passwords from multiple machines. The House of Lords judgment summarised the allegation as 189 files from US Army computers, 35 files from US Navy computers, including roughly 950 passwords from server computers at Naval Weapons Station Earle, and six files from NASA computers. [UK Parliament]publications.parliament.ukmckinn 1Navy computers (including some 950 passwords from server computers at Naval Weapons Station Earle); and six files from NASA computers. 15…

The Department of Justice’s New Jersey announcement was more specific about Naval Weapons Station Earle. It alleged that between 18 and 21 June 2001, McKinnon repeatedly accessed a Port Services computer through an internet connection and, using previously installed RemotelyAnywhere software, stole approximately 950 passwords stored on server computers connected to the Earle network. [Department of Justice]justice.govOpen source on justice.gov.

For a reader trying to understand the mechanics, the key point is that password files were not merely trophies. In Windows networks of that era, account names, password hashes and reused credentials could help an intruder move from one host to another. Even when passwords were encrypted or hashed rather than visible as plain text, copies of those files could support further cracking attempts or credential reuse. The allegations therefore describe a chain: initial access, remote administration, password-file copying, and then expansion to other machines.

That chain also explains why US authorities treated the case as serious even though McKinnon and his supporters often emphasised weak security. A blank administrator password might make the first access look almost absurdly easy, but copying password stores from defence networks raised the stakes. It turned a search for UFO-related material into alleged access to account data from military systems, including a naval weapons station. [Department of Justice]justice.govOpen source on justice.gov.

Why old Windows networks were so exposed

The McKinnon allegations sit in a broader early-2000s Windows security environment. Many organisations still relied on Windows NT, Windows 2000 and related file-sharing services. Remote administration, file sharing and domain management depended on protocols such as Server Message Block, commonly known as SMB, and older NetBIOS-related services. These were useful inside a managed network, but dangerous when exposed too widely or configured with weak authentication.

One recurring weakness was the “null session”, an unauthenticated connection to Windows networking resources that could reveal usernames, groups, shares or policy information. Modern security explainers still describe SMB null sessions as a legacy problem that enabled reconnaissance against Windows environments, and the US National Vulnerability Database records CVE-2000-1200 as a Windows NT issue that allowed remote attackers to list domain users through a null session. [Palo Alto Networks]paloaltonetworks.comOpen source on paloaltonetworks.com.

Another weakness was the simple reality of blank or default local administrator passwords. McKinnon has publicly described scanning for local Windows administrator accounts with passwords such as the username, “password”, or blank; while that self-description is not the same as a court finding for every machine, it fits the wider period’s known configuration problems. A 2004 academic vulnerability assessment, looking at a university environment rather than McKinnon’s targets, found that port 139, used by SMB over NetBIOS, was the most vulnerable port in its scans, with thousands of critical vulnerabilities observed in fall 2001. [Reddit]reddit.comHi, i'm Gary Mckinnon. I was in the news for a decade afterHi, i'm Gary Mckinnon. I was in the news for a decade after

The exposure was not just technical but organisational. Large networks often had many machines built from standard images, administered by different teams, and connected for convenience. If a copied image left a local administrator password blank, that mistake could repeat across many computers. If perimeter firewalls allowed Windows file-sharing or administrative ports to be reached, a mistake that should have been local could become internet-facing.

The “legitimate tool” problem made detection harder

Remote administration packages created a detection problem that still matters today. Security tools are good at spotting known malware, but legitimate software used in the wrong context is harder to classify. Wired’s contemporary reporting on McKinnon captured this point clearly: RemotelyAnywhere did not look like a typical underground backdoor, and that allegedly helped his access continue for a long period before investigators tied him to download and registration traces. [WIRED]wired.commilitary computers. He managed to avoid detection for almost a year by employing the legitimate remote-access software RemotelyAnywhere…

The same fact also undercuts a common myth about the case. McKinnon was not alleged to have relied on a single magic exploit that opened all of NASA and the Pentagon. The evidence points instead to an accumulation of mundane weaknesses: reachable machines, poor passwords, copied credential files, remote-control software, and insufficient monitoring. In that sense, the case is a lesson in “living off the land” before the phrase became common in security writing: using tools and functions that look administrative rather than overtly hostile.

The undoing of that approach was also mundane. Wired reported that investigators traced evidence through RemotelyAnywhere download logs from Binary Research, a Wisconsin distributor, including an IP address and email evidence connected to the trial software. That is an important counterpoint to the idea of a perfectly invisible UFO hunter moving through secret systems: the same commercial software that helped avoid some antivirus flags also created records outside the compromised networks. [WIRED]wired.commilitary computers. He managed to avoid detection for almost a year by employing the legitimate remote-access software RemotelyAnywhere…

Why the tools shaped the UFO-hacker myth

For UFO communities, the technical details often disappear behind McKinnon’s claims about NASA images, “Non-Terrestrial Officers” and hidden space programmes. But the tool story changes how those claims should be read. Remote administration software could let someone view files and screens on ordinary networked machines; it did not, by itself, prove that the most sensitive compartmented secrets were reachable, or that any alleged UFO material was authentic.

This matters because McKinnon’s most famous UFO claims remain personal accounts rather than publicly verified files. Wired’s 2006 interview records his claims about seeing processed and unprocessed NASA imagery and a spreadsheet with striking terminology, but it also makes clear that he did not produce a captured image or authenticated document for public examination. The remote-access mechanism explains how he may have browsed systems he was not authorised to use; it does not validate the contents he says he saw. [WIRED]wired.comUFO Hacker' Tells What He FoundUFO Hacker' Tells What He Found

The better historical reading is therefore narrower and stronger. The McKinnon case shows how early-2000s remote administration and Windows misconfiguration could give an obsessive outsider access to machines inside important organisations. It does not show that remote administration tools uncovered confirmed UFO evidence. The tool evidence is comparatively solid because it appears in indictments, court judgments and contemporary reporting; the UFO evidence remains anecdotal.

The practical lesson from the McKinnon-era tool chain

The lasting lesson is not that remote administration software is inherently bad. It is that remote administration must be treated as privileged infrastructure. In the McKinnon allegations, the dangerous combination was administrative access plus persistence plus credential copying. Each part amplified the next: weak passwords opened the door, RemotelyAnywhere kept it open, password files widened the search, and poor monitoring delayed detection. U.S. Department of War+2UK Parliament [media.defense.gov]media.defense.govU.S. Department of War U.S. Department of Justice United States Attorney EasternU.S. Department of War U.S. Department of Justice United States Attorney Eastern

For readers interested in UFO hackers such as Gary McKinnon, this mechanism is the sober centre of the story. The case became famous because of UFO claims, extradition politics and McKinnon’s unusual public profile. But the machinery behind it was familiar to security professionals: exposed services, weak credentials, commercial remote-access tools used without authorisation, and network designs that allowed one compromised computer to become a platform for reaching others.

That is why the early-2000s setting matters. Before today’s routine multi-factor authentication, endpoint detection, hardened default settings and tighter perimeter controls, large organisations often carried internet-facing administrative weaknesses that seem startling in hindsight. McKinnon’s alleged intrusions became culturally memorable because of what he said he was looking for; they became legally and technically significant because remote administration tools and poor configuration allegedly let him keep looking.

Amazon book picks

Further Reading

Books and field guides related to The Tools Behind Early UFO Hacking. Use these as the next step if you want deeper reading beyond the article.

Book

Ghost in the Wires

By Kevin Mitnick

Explains real-world intrusion techniques and security weaknesses.

See on Amazon

Book

The Cuckoo's Egg

By Clifford Stoll

Shows how attackers leveraged weak network security.

See on Amazon

Book

Hacking Exposed

By Stuart McClure, Joel Scambray et al.

Covers remote access, misconfiguration and attack paths.

See on Amazon

Book

The Art of Deception

By Kevin D. Mitnick, William L. Simon

Explains how ordinary weaknesses become security incidents.

See on Amazon

Browse more on Amazon: Ghost in the Wires The Cuckoo's Egg Hacking Exposed

As an Amazon Associate I earn from qualifying purchases.

eBay marketplace picks

Marketplace Samples

Example marketplace items related to this page. Use the search link to explore similar finds on eBay.

Shop location

Using USA USA USAUKCanadaAustraliaIreland

Example eBay listing

UFO SHADO Interceptor + Alien Craft Metal & Enamel Lapel Tie Tac Pin Badge Logo

Search eBay.co.uk: UFO collectible pin

Browse similar on eBay.co.uk

Example eBay listing

Small UFO Flying Saucer Metal & Enamel Pin Badge with Secure Locking Back

Search eBay.co.uk: UFO collectible pin

Browse similar on eBay.co.uk

Example eBay listing

UFO Flying Saucer Pewter Pin Badge

Search eBay.co.uk: UFO collectible pin

Browse similar on eBay.co.uk

Example eBay listing

UNA UFO OLD RARE Football Badge Badge Badge Odznaka Pins

Search eBay.co.uk: UFO collectible pin

Browse similar on eBay.co.uk

Browse more on eBay.co.uk

Example items shown for inspiration; availability and pricing can change. Branchoria may earn a commission if you purchase through outbound eBay links.

Endnotes

1. Source: justice.gov
   Link: https://www.justice.gov/archive/criminal/cybercrime/press-releases/2002/mckinnonIndict.htm
   Source snippet

   Department of JusticeLondon, England Hacker Indicted Under Computer Fraud...One count charges McKinnon with accessing and damaging witho...

2. Source: publications.parliament.uk
   Title: mckinn 1
   Link: https://publications.parliament.uk/pa/ld200708/ldjudgmt/jd080730/mckinn-1.htm
   Source snippet

   Navy computers (including some 950 passwords from server computers at Naval Weapons Station Earle); and six files from NASA computers. 15...

3. Source: wired.com
   Link: https://www.wired.com/2002/11/dot-mil-hackers-download-mistake
   Source snippet

   military computers. He managed to avoid detection for almost a year by employing the legitimate remote-access software RemotelyAnywhere...

4. Source: en.wikisource.org
   Title: US v Gary [Mc Kinnon]({{ ‘mc-kinnon/’ | relative_url }}) Indictment
   Link: https://en.wikisource.org/wiki/US_v_Gary_McKinnon_Indictment
   Source snippet

   US v Gary McKinnon IndictmentAugust 5, 2009 — 27 Feb 2021 — RemotelyAnywhere provides the user with the ability to transfer...

   Published: August 5, 2009

5. Source: wired.com
   Title: ‘UFO Hacker’ Tells What He Found
   Link: https://www.wired.com/2006/06/ufo-hacker-tells-what-he-found/

6. Source: justice.gov
   Link: https://www.justice.gov/archive/criminal/cybercrime/press-releases/2002/mckinnonIndict2.htm

7. Source: reddit.com
   Title: Hi, i’m Gary Mckinnon. I was in the news for a decade after
   Link: https://www.reddit.com/r/UFOs/comments/t0imdw/hi_im_gary_mckinnon_i_was_in_the_news_for_a/

8. Source: reddit.com
   Link: https://www.reddit.com/r/hacking/comments/1etqs6b/how_gary_mckinnon_did_what_he_did/

9. Source: reddit.com
   Link: https://www.reddit.com/r/techsupport/comments/15haoms/hacker_gained_remote_access_to_my_laptop_tried_to/

10. Source: reddit.com
    Title: ama with gary mckinnon this thursday 7pm gmt
    Link: https://www.reddit.com/r/UFOs/comments/sxt4ho/ama_with_gary_mckinnon_this_thursday_7pm_gmt/

11. Source: justice.gov
    Link: https://www.justice.gov/archive/usao/nj/Press/files/pdffiles/Older/edva_mckinnon_indictment.pdf

12. Source: cnrma.cnic.navy.mil
    Link: https://cnrma.cnic.navy.mil/Installations/NWS-Earle/

13. Source: malicious.life
    Link: https://malicious.life/episode/us_vs_gary_mckinnon/

14. Source: media.defense.gov
    Title: U.S. Department of War U.S. Department of Justice United States Attorney Eastern
    Link: https://media.defense.gov/2002/Nov/12/2001711901/-1/-1/1/McKinnon_comphacker.pdf

15. Source: paloaltonetworks.com
    Link: https://www.paloaltonetworks.com/cyberpedia/what-are-smb-null-sessions

16. Source: nvd.nist.gov
    Title: CVE 2000 1200
    Link: https://nvd.nist.gov/vuln/detail/CVE-2000-1200

17. Source: Wikipedia
    Title: Gary Mc Kinnon
    Link: https://en.wikipedia.org/wiki/Gary_McKinnon

18. Source: Wikipedia
    Title: Gary Mc Kinnon
    Link: https://de.wikipedia.org/wiki/Gary_McKinnon

19. Source: isc.sans.edu
    Link: https://isc.sans.edu/data/port/445

20. Source: archive.org
    Link: https://archive.org/stream/processor-newspaper-v28i18/P___2818_djvu.txt

21. Source: archive.org
    Link: https://archive.org/stream/SecretSpaceProgrammeAndrewJohnson/Secret%20Space%20Programme-Andrew%20Johnson_djvu.txt

22. Source: media.techtarget.com
    Link: https://media.techtarget.com/rms/computerweekly/DowntimePDF/pdf/mckinnon.pdf

23. Source: forums.theregister.com
    Link: https://forums.theregister.com/forum/containing/1065143

24. Source: fortra.com
    Link: https://www.fortra.com/resources/vulnerabilities/null-session-availablesmb

Additional References

1. Source: medium.com
   Link: https://medium.com/%40offsecdeer/finding-weak-ad-computer-passwords-e3dc1ed220df

2. Source: cybereason.com
   Link: https://www.cybereason.com/blog/malicious-life-podcast-the-u.s-vs.-gary-mckinnon

3. Source: vlex.co.uk
   Link: https://vlex.co.uk/vid/mckinnon-v-united-states-793612009

4. Source: x.com
   Link: https://x.com/NWSEarleNJ

5. Source: earlehousing.com
   Link: https://www.earlehousing.com/gates

6. Source: facebook.com
   Link: https://www.facebook.com/100064270166392/photos/1182224477263213/

7. Source: blumira.com
   Link: https://www.blumira.com/glossary/null-session

8. Source: pentestpad.com
   Link: https://www.pentestpad.com/port-exploit/port-139-netbios-session-service

9. Source: ijcsmc.com
   Link: https://ijcsmc.com/docs/papers/March2014/V3I3201499a33.pdf

10. Source: giac.org
    Link: https://www.giac.org/paper/gcwn/54/securing-windows-nt-server/100692