Kuji Media Corporation Ltd.

The verdict in the Gary Mckinnon extradition trial was really no shock to me considering the political climate. Lets face it, this is not about hacking or security this is about politics and money. Cynical? You bet I am, having been through an almost identical situation, very similar computer intrusions and similar motives – the only difference was I was pre-terrorism mania where everything and everyone is a suspect.

Think about this, almost a decade ago machines belonging to the military, navy, army etc were broken into and this was the proof Congress needed to show that cyber terrorism existed. An unknown spy running rings of computer hackers to steal secrets for foreign governments. The fact that I was not a spy, and certainly not “possibly the single biggest threat to world peace since Adolf Hitler” didn’t really make much of a difference to the fear machine that was put in place selling the idea that cyber terrorism was a real threat.

Millions of dollars in budget increases, that is where the difference occurred. If you take the threat to be real (which it certainly wasn’t back then and highly unlikely to exist today) then this raises questions, namely;

1. Where have the mega budgetary increases actually been spent?

Education cannot be one of them, as if machines are left in a state of ‘unpatched since install’, with unpassworded points of entry – I cannot see that the money has gone to the improvement of sysadmin skills or awareness of the problems of being online.

If you compare the awareness by consumers of security threats, people have seriously woken up to the fact that unprotected they are just sitting ducks to the onslaught of manual and automated attacks.

Phishing, hacking, spam, bots, virii, worms – the majority of home users now have firewalls, anti virus software, spyware checkers etc – all of which have a much lower budget than the military. I suspect that as governments, unlike corporate entities do not have shareholders to answer to. They do not have to explain why their machines were offline and money was lost, that in fact they can just blame budget instead of actually being proactive and moving with the times.

2. If in this case as in mine, there were clearly many other hackers

with access to the same systems at the same time, why have they not been prosecuted or even mentioned?

This seems to me to be more proof of my theory that so-called super hackers are hauled in front of the courts when it is convenient for their cases to be used for ore proof of computer insecurity and the need for greater budgetary increases..

3. Where are the administrators and their bosses in this case?

In this political climate, one of the dark looming threat from the bad men all around us (as we are constantly reminded), to not secure machines properly they have committed federal offences. It is surely not good practice to have machines, sitting on the Internet, unfirewalled, unpassworded containing alleged sensitive information – and most likely a direct violation of their contract and training.

This is a sysadmins first job, to change any default passwords or to set ones where they are not needed – and certainly ensure that those machines are sitting behind a firewall. I am not trying to say that Gary was attempting to test their security, but if this was a corporate environment the sysadmin would have some major explaining to do.

4. Is the fact that the USA are fighting so hard for extradition a dig at our legal system?

Gary has admitted his guilt and wants his trial to be in the UK, so why can’t he be tried here? Could this be to do with the fact that most computer crime here (financial gain notwithstanding) is dealt with by means of fines. Do the USA see us as a soft touch? This brings the idea of two scenarios;

– Gary being tried by a jury of his peers. They hear the evidence and consider the fact that the machines were badly administrated and this is taken into consideration when sentencing.

– Gary being tried in a foreign country by a jury that hears he has ‘attacked their country’ this is bound to have a bearing on the sentencing.

A possible 70 years in prison, for what exactly? showing that in a decade the USA military have not learned, or at worst, blatantly ignored the security threats around them when it is they who tell us every day that we should be afraid.

In my case I was never debriefed by any of the authorities that I hacked, never asking how I did what I did – never asking me to comment on my peers or related community. Gary says he is guilty, why are we going to punish this man further by sending him to a foreign jail which are known for brutality against inmates: [http://www.hrw.org/reports/2001/prison/report.html]

– where is the leniency for admission of guilt? Let this guy talk to kids about how this trial has affected his life. Let this guy talk to governments.. Let this guy talk and discuss and explain.. don’t send him to a punishment likely to be worse than he would receive in this country for murder.

The extradition bill is being tested right in front of your eyes, it is a blatant decline in our civil liberties and a worrying step forward for our so-called democratic society.

Mathew Bevan
www.kujimedia.com

A British man who allegedly hacked into US military and Nasa computer networks has been arrested, say Scotland Yard.

Gary McKinnon, 39, of Wood Green, north London, faces extradition proceedings over claims he hacked into 53 military and Nasa computers in 2001 and 2002.

The US government believe tracking and correcting the alleged problems has cost around $1m (?570,000).

Mr McKinnon is being held at a central London police station and will appear at Bow Street Magistrates Court.

Mr McKinnon was arrested by officers from the Metropolitan Police Service Extradition Unit on Tuesday night around 1830BST.

Mr McKinnon is charged with the biggest military computer hack of all time

The unemployed computer systems administrator, who is known on the internet as `Solo’, is due to appear in court on Wednesday.

He is accused of hacking into computer networks operated by Nasa, the US Army, US Navy, Department of Defence and the US Air Force.

One of the networks belonged to the Pentagon.

If he is extradited and found guilty, Mr McKinnon faces a maximum penalty of five years in prison and a ?157,000 fine.

The Briton was indicted in 2002 by a Federal Grand Jury on eight counts of computer-related crimes in 14 different states.

It claimed that he hacked into an army computer at Fort Myer, Virginia, obtained administrator privileges and transmitted codes, information and commands.

Unauthorised access

He is accused of then deleting around 1,300 user accounts.

The indictment alleged Mr McKinnon also “deleted critical system files” on the computer, copied a file containing usernames and encrypted passwords for the computer, in addition to installing tools to gain unauthorised access to other computers.

A loss of over $5,000 (£2,725) to the Army stemmed from the alleged damage, according to the indictment.

At the time of the indictment, Paul McNulty, the US Attorney for the Eastern District of Virginia, said: “Mr McKinnon is charged with the biggest military computer hack of all time.”

http://news.bbc.co.uk/1/hi/uk/4071708.stm

By Ted Bridis, The Associated Press Apr 29 2003 2:08PM
British authorities arrested a man Tuesday believed to head a group of hackers known as “Fluffi Bunni,” which used a stuffed pink rabbit to mark attacks that humiliated some of the world’s premier computer security organizations.

Fluffi Bunni captured the attention of the FBI just days after the Sept. 11 terror attacks, when thousands of commercial Web sites were vandalized with a single break-in that included the message, “Fluffi Bunni Goes Jihad.”

The FBI characterized the act in a November 2001 report as an anti-American cyberprotest against the war on terrorism.

Lynn Htun, 24, was arrested by Scotland Yard detectives on outstanding forgery charges while attending a prominent trade show in London for computer security professionals, InfoSecurity Europe 2003, authorities said.

British authorities did not mention of Htun’s alleged hacking. A U.S. official, speaking on condition of anonymity, said Htun is wanted in America in connection with a series of high-profile hacking cases blamed on Fluffi Bunni. Investigators believe Htun was the group’s leader and referred to himself as Fluffi Bunni, the official said.

Authorities in London indicated they would release more information Wednesday about Htun’s arrest, although the continuing investigation into Fluffi Bunni hackers was sensitive and other arrests could be possible.

Fluffi Bunni embarrassed leading Internet security organizations by breaking into their own computers and replacing Web pages with a message that “Fluffi Bunni ownz you” and a digital photograph of a pink rabbit at a keyboard. The attacks, which began in June 2000, lasted about 18 months, then stopped mysteriously and created one of the Internet’s most significant hacker whodunits in years.

“I thought he’d never be caught,” said Jay Dyson, a consultant who formerly helped run one of the victim Web sites. “He was clever and had the patience of a saint. The targets he chose were ones that were really high profile, and ones you’d think would be above reproach when it comes to issues of security.”

Victims have included the Washington-based SANS Institute, which offers security training for technology professionals; Security Focus, now owned by Symantec Corp.; and Attrition.org, a site run by experts who formerly tracked computer break-ins. Other victims included McDonald’s Corp. and the online security department for Exodus Communications Inc., now part of London-based Cable & Wireless plc.

“The guy was playing a game of `gotcha.’ He wanted to prove that even firms that specialize in security can be hacked,” said Mark Rasch, chief security counsel for Solutionary Inc. and a former Justice Department cybercrime prosecutor. “It’s like someone who robs banks to prove that banks can be robbed.”

Brian Martin, who ran the Attrition site with Dyson and others, said Fluffi Bunni quickly generated a fearsome reputation across the underground because of the group’s choice of targets. Martin determined that a hacker broke into another user’s computer, allowing him to assume that person’s digital identity and briefly take over the Attrition site with a Fluffi Bunni message.

“He would break into companies that are there to secure you,” said Martin, who never reported the crime to the FBI. “It’s a challenge, and there’s some irony behind it.”

Targets frequently were attacked indirectly. Instead of trying to break into the heavily protected Security Focus Web site, someone hacked an outside computer that displayed advertisements on the site. The ads were replaced with taunting messages and images of the pink rabbit at the keyboard.

Copyright 2003 Associated Press. All rights reserved.
This material may not be published, broadcast, rewritten, or redistributed.

http://www.securityfocus.com/news/4320

By John Bynorth and Hugh Muir, Evening Standard
13 November 2002

A London computer expert conducted a spectacular operation to hack into systems at the Pentagon and throughout the American military, it is claimed today.

Jobless programmer Gary McKinnon, 36, is facing extradition for prosecution and could be sentenced to five years in the US over what is being described as the “biggest hack of military computers ever”.

His activities are said to have cost the US government $1million. He faces eight charges of computer-related crimes after being accused in federal courts in Virginia and New Jersey. These include break-ins over 12 months at 92 US military and Nasa networks across 14 states.

McKinnon, known on
the internet as “Solo,” is also accused of hacking into the networks of six private companies and organisations. Prosecutors say he gained access to sensitive files causing the shutdown of the entire network that serves 2,000 people in Washington’s military district.

McKinnon, who until recently lived in a flat in Hornsey, north London, is also alleged to have broken into two army computers at the Pentagon, other military intelligence computers, and is suspected of crashing systems at a navy base after the 11 September terror attacks last year. He could also be fined ?157,000 if found guilty.

A specialist British police squad helped with the operation to charge McKinnon, who investigators believe acted alone and does not have terrorist links.

It is rare for extradition proceedings to be sought in hacking cases but US prosecutors say these crimes are so serious that they have little option.

Neighbours today claimed McKinnon has fled to a secret address in London.

US attorney Paul McNulty, who outlined the charges at a press conference in Washington yesterday, alleged McKinnon searched for US military and Nasa computers that were “open for attack”.

But some civilian experts expressed astonishment that so many US military systems were so vulnerable to techniques derided by many hackers as simplistic.

By TED BRIDIS
Associated Press Writer

WASHINGTON – Federal authorities have cracked the case of an international hacker who broke into roughly 100 unclassified U.S. military networks over the past year, officials said Monday.

Officials declined to identify the hacker, a British citizen, but said he could be indicted as early as Tuesday in federal courts in northern Virginia and New Jersey. Those U.S. court jurisdictions include the Pentagon in Virginia and Picatiny Arsenal in New Jersey, one of the Army’s premier research facilities.

The officials declined Monday to say whether this person was already in custody, but one familiar with the investigation, who spoke only on condition of anonymity, said investigators consider the break-ins the work of a professional rather than a recreational hacker.

Authorities planned to announce details of the investigation Tuesday afternoon.

Officials said U.S. authorities were weighing whether to seek the hacker’s extradition from England, a move that would be exceedingly rare among international computer crime investigations.

Officials said this hacker case has been a priority among Army and Navy investigators for at least one year. One person familiar with the investigation said the hacker broke into roughly 100 U.S. military networks, none of them classified. Another person said the indictments were being drafted to reflect break-ins to a “large number” of military networks.

In England, officials from the Crown Prosecution Service, Scotland Yard and the Home Office declined comment Monday.

A civilian Internet security expert, Chris Wysopal, said that a less-skilled, recreational hacker might be able to break into a single military network, but it would be unlikely that same person could mount attacks against dozens of separate networks.

“Whenever it’s a multistage attack, it’s definitely a more sophisticated attacker,” said Chris Wysopal, a founding member of AtStake Inc., a security firm in Cambridge, Mass. “That’s a huge investigation.”

The cyber-security of U.S. military networks is considered fair, compared to other parts of government and many private companies and organizations. But until heightened security concerns after the Sept. 11 attacks, the Defense Department operated thousands of publicly accessible Web sites. Each represented possible entry-points from the Internet into military systems unless they were kept secured and monitored regularly.

It would be very unusual for U.S. officials to seek extradition. In previous major cyber-crimes, such as the release of the “Love Bug” virus in May 2000 by a Filipino computer student and attacks in February 2000 by a Canadian youth against major American e-commerce Web sites, U.S. authorities have waived interest in extraditing hacker suspects to stand trial here.

Once, the FBI tricked two Russian computer experts, Vasily Gorshkov and Alexey Ivanov, into traveling to the United States so they could be arrested rather than extradited. The Russians were indicted in April 2001 on charges they hacked into dozens of U.S. banks and e-commerce sites, and then demanding money for not publicizing the break-ins.

FBI agents, posing as potential customers from a mock company called Invita Computer Security, lured the Russians to Seattle and asked the pair for a hacking demonstration, then arrested them. Gorshkov was sentenced to three years in prison; Ivanov has pleaded guilty but hasn’t been sentenced.

But the Bush administration has toughened anti-hacking laws since Sept. 11 and increasingly lobbied foreign governments to cooperate in international computer-crime investigations. The United States and England were among 26 nations that last year signed the Council of Europe Convention on Cybercrime, an international treaty that provides for hacker extraditions even among countries without other formal extradition agreements.

There have been other, high-profile hacker intrusions into U.S. military systems.

In one long-running operation, the subject of a U.S. spy investigations dubbed “Storm Cloud” and “Moonlight Maze,” hackers traced back to Russia were found to have been quietly downloading millions of pages of sensitive data, including one colonel’s e-mail inbox. During three years, most recently in April 2001, government computer operators watched as reams of electronic documents flowed from Defense Department computers, among others.

In 1994, two young hackers known as “Kuji” and “Datastream Cowboy” were arrested in England on charges they broke into the U.S. Air Force’s Rome Laboratory. They planted eavesdropping software that allowed them to monitor e-mails and other sensitive information.

(Copyright 2002 by The Associated Press. All Rights Reserved.)

(By Jay Lyman, www.NewsFactor.com) – After drawing the ire of the online file-swapping community and Internet users at large, the Recording Industry Association of America (RIAA) Web site was defaced and taken offline Wednesday. The defacement, described as “the funniest hack ever” on a forum site, resembled the normal RIAA site but featured such links as “Piracy can be beneficial to the music industry” and “Where can I find information on giant monkeys?”

After drawing the ire of the online file-swapping community and Internet users at large, the Recording Industry Association of America (RIAA) Web site was defaced and taken offline Wednesday.

The defacement, described as “the funniest hack ever” on a forum site, resembled the normal RIAA site but featured such links as “Piracy can be beneficial to the music industry” and “Where can I find information on giant monkeys?”

Fix in the Works

While the RIAA would not acknowledge that its site had been hacked or defaced, the group, which has tried to prevent Napster ( news – web sites)-like online file sharing, admitted that its site was offline.

“There’s a problem with our site that we’re fixing,” an RIAA spokesperson told NewsFactor. “It should be back up shortly.”

The spokesperson would not comment on whether the association is a favorite target of hackers or is disliked by an array of Internet users.

Defacement Cheered

However, distaste for the RIAA and its legal offensive on Internet music file-sharing services was apparent in posts to forum site Fark.com, which generally cheered the defacement and jeered at the recording industry.

Among posts at the online forum were: “Yeah! Stick it to the man!” and “That hack is like six levels deep. Someone put their time into this. Sweet.”

“There is a growing sentiment of ill will toward the RIAA, the Motion Picture Association of America and content owners in general,” Yankee Group senior analyst Mike Goodman told NewsFactor.

Goodman said that despite the RIAA’s legal contentions that free online music trading violates copyright law and constitutes piracy, the majority of consumers resent content owners’ efforts to clamp down on file sharing.

“It’s a bit more of a radical reaction,” Goodman said of the defacement. “But it underlies a much more mainstream feeling that we’re going to share our music online and you guys are infringing on that.” Goodman pointed out that the general feeling among consumers is that file sharing is an inalienable right.

Industry Cries Foul

While studies, including a recent Yankee Group report, have indicated that free online music trading will flourish until legitimate, licensed sites offer the content, ownership and portability that consumers want, the RIAA continues to blame free online music trading for declining CD sales.

Music CD sales declined 7 percent in the first half of this year, costing the industry more than US$280 million, the RIAA said this week.

In addition, an RIAA-commissioned study indicated that increased music downloading from the Internet corresponds to reduced CD purchases. The RIAA, which has leveraged copyright law against peer-to-peer site Napster, among others, has warned that it might pursue individual users of free online file trading services.

Technology Revolution

Goodman said the RIAA must take the defacement seriously but can do little about it other than increase the site’s security. He alluded to the explosion of free online music trading by saying, “Technology is causing a revolution in the way consumers consume content.”

He pointed out that content owners are trying to impede this revolution, but “it’s not a particularly consumer-friendly approach.”

15:27 Thursday 30th November 2000
Will Knight

Says security break-in at two international servers not its fault

Computer security firm Network Associates was left embarrassed after two of its corporate Web site were defaced Wednesday although it claims it is not its fault.

A group calling itself Insanity Zine defaced the Brazilian homepages of two Network Associates sites: www.nai.com.br and www.mcafee.com.br. The defacement represents as a major embarrassment for a company that produces software designed to protect computer systems from security threats.

A spokesman for Network Associates in London, however, defends the situation saying that, unlike the company’s other International Web sites, these Brazilian sites are held at a separate ISP in Brazil. The spokesman says Network Associates chose to host the sites in Brazil because it makes their performance more efficient for Brazilian users.

“It is embarrassing,” he says. “Our Brazilian sites are hosted by an ISP over which we don’t have as much control as we’d like. We’re obviously now going to have to look at hosting it ourselves.”

Matt Bevan, a computer security expert with his own consultancy, Kuji Media, says the incident should be a warning for other large companies. “Maybe it is a wake-up call for companies with other parts around the world. It looks bad for them.”

The page featured outbursts in English and Spanish claiming to have taken control of the company’s software. The Network Associates spokesman says that the company’s internal network was not infiltrated and none of its software could have been altered. “They just changed a page, that’s all,” he says.

06:01 Friday 7th July 2000
Will Knight

First published: Wed, 07 Jul 1999 16:35:17 GMT

A Welsh ex-hacker, famed for cracking the Pentagon’s
computers from his Cardiff bedroom, claims inadequacies in UK law and erratic media coverage guarantee leniency for British hackers — even for serious offences.

Mathew “Kuji” Bevan, who was acquitted of endangering the national security of the United States by the High Court in November 1997 says, “The American media has quite an anti hacker view. Over here they have a much more positive attitude. They believe in the ‘cool hacker’, the anarchist kind of thing. In my case the press was saying ‘Cardiff boy done good’ and that sort of thing. I had a very positive response from the press… it makes are real difference to the number of successful prosecutions there are over here.”

This follows claims by U.S. hackers that the media can actually provoke hacking, and comes just days before this year’s biggest and most hyped computer security spectacle, Def Con 7.0 in Las Vegas.

“I can’t remember the last time I read about a British hacker being prosecuted,” says Kevin Street, anti-virus guru at Symantec. “However, you must remember that there is a lot of shame that goes with being hacked and companies are not exactly keen to promote it,” adds Street.

Bevan believes that another UK hacker, Paul Bedworth, got off lightly during his trial in 1992 despite overwhelming evidence against him, largely because of the sympathetic attitude of the British press towards hackers. “Although there was a great deal of evidence against him, the jury really fell for his defence — that he was addicted to computers,” says Bevan.

Bevan concedes however, that the British press are a fickle bunch who either love you or hate you, sometimes with devastating results.

Another British hacker, Nicholas Whitely, nicknamed “mad hacker” by the tabloids, was given a prison sentence in 1988 largely because his particularly destructive hacking of ICL and various universities — wiping files and bringing down hundreds of computers — prompted outrage in British papers.

Bevan believes there are other fundamental differences between hackers in the UK and the US: “Hacking probably seems less prevalent over here because British hackers know better than to hack at home. British law is also less geared towards convicting hackers. The 1990 Computer Misuse Act is very vague. It’s designed so that it won’t have to be regularly updated. Most hackers who are convicted are charged with other offences such as fraud, criminal damage or even software piracy.”

Peter Sommer, research fellow at LSE, and author of the Hacker’s Handbook says: “The term ‘hacker’ has become a very convenient trigger word for the press. They are always trying to get a sexy angle. Often they have gone for the idea of the little kid taking on the huge corporation.”

Sommer believes it is not the law that restricts the number of successful cases against hackers in the UK. “The law is fairly effective. The cost for the police and the judicial system prevent prosecutions. If someone is just accessing a computer without authority and not doing anything else illegal, there’s little point in prosecuting them.”

Pia Landergren, IDG News Service\London Bureau
June 18, 2001, 06:09

With the rapid increase in security breaches leaving law enforcement struggling to keep up, some organizations are taking the law into their own hands and punishing hackers themselves.

Striking back at hackers with, for example, denial of service attacks is a sensitive subject, since doing so is illegal in most countries. However, security experts say the U.S. Department of Defense has used these methods. In addition, private companies use special firewalls and other counteroffensive software that can be set to automatically strike back at hackers, according to U.K. Internet security consultant and ex- hacker Mathew Bevan, among others.

Conxion Corp., an ISP (Internet service provider) based in Santa Clara, California, is one private company that acknowledges having reversed a denial of service attack on a group of hackers. When asked if giving hackers a dose of their own medicine is company policy, spokeswoman Megan O’Reilly-Lewis said, “We deal with it on a case-by-case basis.”

The World Trade Organization’s (WTO) Web site, which was being hosted by Conxion, was hacked into in late 1999. An organization called Electrohippies, or E-Hippies, bombarded the WTO Web page with download requests, which caused the Web service to slow down but not to crash completely.

“What our security staff did was to quickly write a script to reverse the traffic. Then they followed up with some more sophisticated methods,” said O’Reilly-Lewis. “It seemed to work fine,” she added.

“If they had been sophisticated hackers they would have easily avoided” the reverse attack, she said.

Hack attacks are clearly on the increase, and so are companies that specialize in tracking down the hackers.

“There’s a spectrum of things that we do,” said Bob Ayers, U.K. vice president of Para-Protect Ltd., headquartered in the U.S. The company uses an intrusion detection device with which it keeps tabs on a customer’s IT system. Ayers, a former U.S. military intelligence officer, described some of the actions companies can take when they discover an intrusion: “Disabling an account. Terminating the network link. We can go to the ISP and ask them to step in and take action.”

A company can also go beyond the e-mail address and find the person behind the crime. “You go pay him a visit,” said Ayers. “You talk to him and let him know that you’re not happy with what he is doing.” It might work, depending on your powers of persuasion, he added.

When asked if his company launches denial of service attacks on hackers on behalf of its customers, Ayers said, “I really don’t want to answer that question one way or another. All I can say is that the technology is there and how it is used is something I cannot predict.”

Both Ayers and another security expert, Winn Schwartau, president of IT security company Interpact Inc. in Seminole, Florida, and founder of security Web service Infowar.com, said that the U.S. Department of Defense has at least on one occasion launched a denial of service attack on hackers.

“Absolutely they have,” Schwartau said. “There was a group of pro-Mexicans (the Electronic Disturbance Theater) and they announced they were going to attack the Pentagon,” he said. “The Pentagon (the building that houses the department) knew about it. The Pentagon started shooting back, which was the right thing to do. However, it was illegal,” Schwartau said.

Not surprisingly, the Pentagon denies ever having used these methods.

“I am not aware that we have struck back at anyone with a denial of service attack,” said Susan Hansen, a spokeswoman at the Department of Defense. “We don’t discuss our specific security” measures, she added.

The number of malicious break-ins into companies’ computer systems is becoming alarming. The U.S. Federal Bureau of Investigation (FBI) found in a recent study that 85 percent of respondents had detected computer security breaches during the past year. The survey was based on responses from 538 security experts in various U.S. corporations and government agencies. Sixty-four percent suffered financial losses due to security breaches, and 186 respondents reported a total loss of almost $378 million. Thirty-eight percent of respondents detected denial of service attacks, compared to 27 percent last year.

According to a survey done by Schwartau, about one third of surveyed companies in the U.S. have already, or plan to, develop strike-back capabilities for possible hack attacks.

“Follow-up surveys in England found corresponding responses while an Australian survey found an even higher percentage of that country’s companies to be willing to strike back,” Schwartau said.

Hackers often make use of several computers along the way to their target, which makes it difficult for companies to launch a direct attack on the computer system the attack originated from. If someone has hacked into several computers, a vigilante may even end up striking back at an innocent bystander, whose computer has simply been used by the hacker. A sophisticated hacker can also make it look like an attack is coming from, for example, a company’s competitor.

One type of intrusion-detection equipment is a so-called honeypot, a machine that is set up to look like a network. It has false information, such as databases, installed to lure hackers to spend as much time as possible “inside” the machine. The way in, for a hacker, can be to figure out someone’s password, and to get in through the Internet. The longer a hacker is inside, the easier it is for the system administrator to find out the hackers identity, or IP (Internet protocol) address. Once that is known, the system administrator can launch a counterattack.

A denial of service attack is usually caused by someone sending more traffic to a network address than the server can handle, which causes it to crash. This can result in a Web site going down or a particular service, such as e-mail, becoming unavailable.

One industry insider does not believe in giving hackers a dose of their own medicine.

“I don’t believe in striking back, it would only invite further attacks,” said Mike Graves, European marketing manager at Hewlett-Packard Co.’s Internet Security Solutions Division, and based in Bristol, U.K.

“You may find yourself getting some publicity you don’t want. You may become a beacon for new attacks.” Hackers know each other and look out for each other, he added.

Graves’ suspicions are confirmed by ex-hacker Bevan.

“If my machine crashed and I’ve been hacking, say I was hacking into Barclays Bank, I would not give up then. If hackers gave up so easily there wouldn’t be any hackers. It’s the challenge” that keeps hackers motivated to keep going, Bevan said.

Some years ago, Bevan hacked into the U.S. Department of Defense?s computer system, a British Airforce base as well as many major corporations’ systems. He was charged with conspiracy to cause unauthorized modification to computers operated by the U.S. military and the Lockheed Martin Corp. missile and space company in 1996. Eventually, all charges against him were dropped.

“They were pushing a conspiracy angle,” but couldn’t prove it, Bevan said.

Being a hacker who was never punished, Bevan can understand why companies would want to take the law into their own hands and strike back. However, he insists the method would not work as it would only make him more determined to break the system.

Despite this, finding your own hacker tracker is not difficult. Some victims of hack attacks prefer to take a less drastic action than striking back directly. They hire companies such as Swedish Defcom AB, who specialize in finding hackers and then doing the police’s work for them; collecting enough evidence against the hackers to present the police with a clear case.

Thomas Olofsson is chief operating officer and recently found a gang of professional hackers for a customer. “This was the largest operation we’ve done,” said Olofsson. “We tracked down a gang of hackers who had used computers in different countries to hide along the way.”

“They had used a computer in South Africa and another one in the U.S. At last we found the source, a gang of hackers in one of the Baltic countries,” Olofsson said.

But catching hackers is just one of the first steps in a long process of bringing them to justice.

“What happens if a hacker in the U.K. breaks into a system in South Africa, or in the U.S.?,” said Ayers. “Where did the crime happen? And who has jurisdiction? The police must cooperate across borders, and frankly the police are not very good at that.”

As Ayers says, the police just don’t have enough resources to catch all criminals and laws still haven’t caught up with Internet crime. Despite the efforts of hacker trackers, then, hacker vigilante methods are not likely to go away any time soon.

“If you’re a skilled computer (person) you ain’t gonna go work for the U.K. police force for 20K (20,000 pounds (US$27,800) a year).” You’re going into the private sector, he said, adding, “It’s riskier to walk across Clapham Common (in London) at night than it is to enter into cyber crime.”

Para-Protect, headquartered in Centreville, Virginia, can be contacted online at http://www.para-protect.com/. Conxion, in Santa Clara, California, can be contacted at http://www.conxion.com/. HP, in Palo Alto, California, can be reached at http://www.hp.com/. Interpact is at http://www.interpactinc.com/.

UK Hacker Says He Found Anti-Gravity Engine File
At W/P AFB

By Matthew Williams

2-7-99

Mathew Bevan is a 23 old computer hacker with an interest in UFOs. Recently he made front page world headlines when he was charged with hacking offences which included access to the most secret military computers of the United States Military. Mathew was able to access computers, which had the ability to launch nuclear missiles or other missiles. Described by one pentagon spokesman as being “The biggest threat to world peace since Adolf Hitler”, Mathew Bevan talks to Matthew Williams about how he did it and the fact that whilst in Wright Patterson Air Force Base computers he saw plans to a secret Anti Gravity propulsion engine….

Matthew Williams: How many years have you been into the Internet.

Mathew Bevan: Since about 16. It was a case that over here there were very few Internet providers. The only one was Demon Internet and the closest phone number to dial was in Bristol, so it was just easier to do a free (hacked) phonecall to the States and use a free provider and not worry about paying any bills.

MW: How does one “hack” the phones – what is the procedure involved.

MB: You use a little program on the old computer… The Amiga was the first computer to be used for “Blueboxing” (hacking phones) and the reason was that it has four channels of sound whereas the PC could only go “BEEP”. To get the blueboxing to work you had to play dual tones into your phone. There was a set of frequencies of tone not dissimilar to DTMF which is on most modern phones (DTMF – the tones played when you press a number on your phone keypad). When the special tones were played it would cause the network to do a number of special things.

What you then needed to do is to call a 0800 number for a foreign countries operator service – such as Columbia or Hawaii. You would play a few tones down the line and it would cut the operator off and BT would think that you had hung up the call but in fact you were still in the trunking system and you play a few more tones and you could re-route your call anywhere.

MW: Is it complicated to do these things because playing sets of musical tones down the phone line sounds quite complicated and what if you make a mistake.

MB: Well it is complicated but is a case of playing around to see what you could do. If you make a mistake you just hang up and try again. There were some other interesting things you could do like dialling a number and when you get the engaged signal then play a couple of tones and break into the call and listen without the two parties knowing you were there.

MW: You are saying that there are ways to listen to calls without being detected and this can be done from any home phone with such codes! Are you saying that you could listen to another call anywhere in the world?

MB: Yes but most of the time I was calling into the States anyway so that’s where I did it the most. I think that secretly listening in is what it was designed for.

MW: So when did you go from hacking innocent university computers into hacking the military computers?

MB: It was a case of getting onto a system and getting the password file and then running the encrypted passwords through a code cracking program so that you get the passwords. Once you have the passwords then you can get a higher level of access and get into peoples files and folders and you can monitor the system to see what it is happening. You can see that there are people that are themselves who are going from computer to computer with legitimate reasons. Now it would just happen that some of these people would be working on projects with the military. You could find that a professor would be contacting a military site (computer).

One would get fed up with doing small computer systems and would want to try to hack something bigger. The thing with people is that they tend to like the same password for multiple systems and so if you have hacked their account on a relatively unprotected system then the password will probably work on another more well protected system. The professor probably has some silly password like “professor” on the university computer and more often than not would use the same on a military system.

It is not a case of sitting there typing in millions of passwords and hoping that you get the right one. There are much more intelligent programs to do that for you and get you in to a system.

We now use things called SNIFFERS, which are covert and do not harm the system in any way. These sit in the background and watch for people’s passwords and they send them back to you. This is something that I was charged with and the offence read “modification to a system with intent to impair the operation of the computer”. Well the whole point of a sniffer is that it sits there and nobody knows it is there – if it did any harm we wouldn’t use them.

Well once inside you would use various hacker techniques to bump up your access level to that of systems administrator, so that you would have the entire system under your control. You could connect to other systems on the network with the same authority. You could monitor people’s emails and you could get into their project folders and look at their research and development work or papers that they have written. Occasionally you would get into somewhere that was quite interesting but it wasn’t always that way. Most of it was quite boring. Back in the old days before Internet Browsers that give you nice pictures and buttons to click on, it was all text based and you had to use the keyboard to type commands. There were pictures, but you had to manually download them and view them “offline”.

MW: So what were the most exciting computer systems you hacked?

MW: Firstly there was the FLEX system. This stands for Force Level Execution, and this is the thing which the News of the World newspaper picked up on. The reason this system was of interest because it had control of nuclear missiles. To explain what this program does; the official line is to plan an air war and to find out what things are incoming and what air strikes are pending. The system would then advise you of where to strike next with the best killing ratio and where to launch you missiles etc. From looking on the computer and through the “source code” I got the impression that the system had direct access to real missiles. What type of missiles I do not know and the News of the World printed that these were in fact Peacekeeper Missiles, but that didn’t come from me – I don’t know where they got those details from…?

The easiest comparison I could make is that it was a very similar system to the Skynet System in the Terminator movies. This means that the computer has access to all available information and can make intelligent decisions about how to operate a war and even control the weapons.

Of course the FLEX system is secret and something that they do not want the public to know about and the fact that weapons are controlled solely by computer. You would think that there would be other failsafe system but, as far as I could tell, that was not the case.

There were other systems such as Wright Patterson Air Force base and White Sands Missile Testing Ground, some now I forget – I went to a lot. I had been to so many I had to tell the police that I could not remember all the systems I had been in.

The lawyers couldn’t get their stories straight even for a trial of this type, which you would have expected. They would not present evidence to show how I was able to hack into their systems. So with the details of the computer systems real purpose having been removed from the case then I am now pretty sure that I did have a good idea about the real function of the programs – they didn’t want this information out in any form. This was probably the reason that they were so pissed off about it because I came forward and told everyone. You see after I was arrested then I started to get some very strange phone calls from people claiming to be in the military, Koreans and other people. I had weird semi-threatening things said to me and this is why I moved away to get away from these treats and this is another reason that I spilled the beans, in order to keep myself and my wife safe, after all what is the point of silencing me after I had talked.

MW: Where were you living and did the police give you any assistance in your moving because of these threats.

MB: Firstly I was living in Grangetown and then I was moved by the benefits agency to another location. They were aware of the court case and the sensitivity and people from Scotland Yard were helping in this respect also. I was given a new name under the benefits agency computers and was living under name of Mr Smith for a while.

MW: Why do you think they were prepared to go to this trouble to help you?

MB: What you have to understand is the fact that there was a big Senate hearing on the fact that two hackers had got into secret computer systems. One of these was a 16-year-old who they had arrested and the other person was supposedly thought to be a foreign spy who was paying the 16-year-old for information. I was made out to be the foreign spy and I was prepared to believe from the threats I was getting that these people were serious. So I had to move home.

To give you an idea of the level of the ominous phone calls I was getting, at the time I was just about to change my phone over to British Telecom. Just days before I was arrested I was due to sign the BT phone forms and send them off, but had not done do at that point. Then I had another threatening phone call and I told them to **** off and said that I was now having my number changed. The voice on the other end of the line said “yeah we know that your new number is going to be 01222 233blah blah blah” and so they knew my new number already! My wife asked often who was speaking and one name we got was Chung Lee Makasuki and he gave some phone number in China, I think.

MW: When you were arrested what happened?

MB: I was working at Admiral Insurance at the time in their computer department for around a year and a half. One of the managers came in and asked me to come and have a look at one of their computer systems and I got up and went with him. I went with him to the MDs office and there were seven people in the office, your typical men in black so to speak but as this was the MDs office I didn’t at first see this as abnormal. When I got inside one of then said to me “Mathew Bevan” and I replied “yes” and then he put up his hand and said “I am placing you under arrest for hacking of NASA and various Air Force bases.” I was standing there stunned and I was going “Oh, gosh… ummm.” They then told me that they were going to search my desk, which they did, then they took me back to my house and searched there too.

When they got to the house they took all my X Files videos and X Files posters and the reason was because the “KUJI” hacker that they were after had a computer user description which read “The Truth Is Out There”. So they wanted to use the X Files material to prove that they had the correct “KUJI”. They just wanted to pin me on anything they could. They took all of my computer kit as well as my passport.

During the interview I agreed that I used the handle ‘Kuji’ and afterwards the police gave me my property back such as the X Files videos, posters,monitor and the keyboard back but they kept everything else.

I was taken to the Central Police station in Cardiff. The officers were from the computer crime unit of the Met Police. I believe that the C.C.U. also uses the code S.O.6 which leads me to believe that they are intelligence (MI6) related but I don’t think they would admit that.

MW: What was the atmosphere like in the interviews?

MB: It was a good cop bad cop scenario. The one person was very nice and the other guy was quite nasty and was giving snide remarks and shouting at me. There were bits in the interviews that were really stupid too where I was asked by the nice cop if I had any political leanings and I said no – then the other cop stepped in and said “Yeah, but your a vegetarian” and he then said “So you do have a leaning then.”. To this I then replied “Well if being vegetarian is a political leaning then I plead guilty!”. The other copper then steps in and make a lighthearted comment and then the other one steps in again and says “ah so you indicate a leaning then” and so on.

I was under arrest for the best part of 36 hours but there was about 28 hours spent in the cells. I wasn’t allowed to speak to my wife or anyone else. They threatened that they would arrest my wife and I pointed out that she knew nothing about computers and they said tough because they would arrest her anyway. This was part of their oppression tactics. I said what do I have to do to stop you arresting her and they said that if I co-operated then they would not arrest her. So the only telephone calls I was allowed were to my solicitor because they didn’t want me to tell anyone I had been arrested.

One thing I didn’t realise but found out was the fact that in Cardiff police station they bug the cells with listening devices and recently a few people have had tape recorded evidence used against them when they have admitted to things whilst in custody. This is immoral but they seem to be able to do it.

MW: What sort of specific questions were you asked by the police in the interview.

MB: They asked me about the Rome Labs computer and if I had placed a sniffer program on the computers. I would not admit to this. They also asked me about Goddard Space Flight Centre and Wright Patterson, I admitted to these but was never charged with them! They don’t charge me with the right things. They then charge me with conspiracy with the other hacker, but by the time they realise that they don’t have any evidence to prove this it transpires that they could not charge me with the original intended charges anyway because they are out of time by 6 months; They would have had to charge me with a summary offence within six months of my arrest. They also found out that they were out of time for a 3-year clause

The Americans position in court was that they claimed that they had to spend 1/2 a million dollars to repair their computer systems. A fundamental question that my defence asked was could we see a backup of the system to show before and after these so called repairs to prove what was being claimed. The Americans said that we could not see the records because they were so sensitive and also said that it was not in the jurisdiction of the British courts to order them to show the files. If it were any other trial then you would ask how could we accept this evidence but because we are asked to take the Americans word, this is supposed to be good enough.

The next thing that happened was that my barrister had meetings with the prosecution and he then turns around to me and says that he feels that they will find me guilty on some charges so I should give in and change my plea to guilty. So I ‘relieved’ him of his professional duties and got a new barrister who was then completely on my side and who felt that I did indeed have a worthwhile and quite solid defence.

MW: What was the final stage of the case and how did you get acquitted?

MB: The judge surprised everyone by saying to the prosecution that because my charges were lesser than those of the other hacker and that the other hacker had received a small fine of ?1200 then my sentence at best would be non-custodial so to proceed with such a case would not produce a large penalty whilst the costs for running such a case would run into millions. It was estimated that if I would be found guilty I would get a ?450 fine and considering that the court’s daily costs would be ?10,000 it would not be worth it.

However the prosecution was determined still and said that they would still proceed and then at the last stage they pulled out and said that they wished to offer no evidence and that it wasn’t in the public interest to run the case. Verdicts of not guilty were entered, this being the equivalent of a full acquittal and so ensuring that the police would waive the right to re-arrest me in conjunction with these charges.

This being the case I was then free to admit to the press and everyone else that I had in fact done some of those things and that I did hack those systems. This pissed Scotland Yard off immensely and they are now being very awkward about returning the seized goods that are in evidence storage even though the case has been dropped.

MW: How were you tracked down?

MB: I cannot be sure because this was never disclosed – I have my suspicions that I was grassed on by a hacker. They said they found my number on somebody’s computer system and traced me back like that but I think somebody told them who I was. The point was if it took them 2 years to find my number on the other hackers hard- drive as they claim then that is incompetence, as a search of a 250meg drive takes less than five minutes.

MW: Where does the story take a turn to where you started hacking military sites for UFO information?

MB: In a hacker magazine called PHRACK, it gave a list of sites that people who said they were interested in UFOs would like to see hacked and that hackers should check these out. Allegedly there were forty people who were trying to penetrate these sites and they got into some of them but they all went missing?

MW: A group of forty people went missing?

MB: Apparently so. They said in the magazine that if you were going to do it then do it carefully and printed a list of the sites. I used that list and used it and I also used some of the folklore of UFOs like “Roswell wreckage taken to Wright field”, “Lockheed space missile company have connection to Area 51” etc. It is then just a case then of picking up the addresses and names of these computers. They are quite easy to find as the military provide you with as much information on their computers as you could ever want.

It was a case of “go for it”, “lets have a look”. As far as I was concerned I was not traceable and not causing any harm to anybody. If I couldn’t get in then no big deal, if I could then I was not going to screw the system up.

MW: You did gain access to some interesting UFO type files – what were these?

MB: The information was obtained through the Wright Patterson Air Base computer system. I was looking for information on the Roswell crash. On one of the computers at Wright Patterson the systems administrator was very un-secured. Captain Beth Long was the system administrator she is supposedly working in a pumping station in Alaska now instead of working at Wright Patterson – the reason being, because she had no password so this meant that anyone logging in as her meant they had the highest level of access on the system with no password needed!

Wright Pattersons’ computers were strange because unlike all other computers I had hacked which had clear warnings to hackers and people using the system regarding the classified information, their system had a banner which read in flashing red letters that no classified information is to be stored on the computer system. This throws you a bit. I was unsure if it was a real banner or if it was to put off people who had got that far.

In getting into that there was one machine on the network where I read current files and future project proposals. I read documents which gave me the impression that they had an anti-gravity engine which was capable of at least Mach 12 to Mach 15. I don’t know how exactly how fast that is but I think that is faster than most aircraft we know of today. Supposedly the aircraft which employs this engine uses a reactor to which there were a lot of detailed numbers and figures for, but I have no idea what all this meant. I can remember that the documents referred to a super heavy element, whatever that means. The element is the main fuel for the reactor. The engine worked by making a disturbance of molecules at the front of the craft so that it was able to stop the inertia or G-force inside the craft. I got the impression that this information was the type of material I was looking for because it was far in advance of our current technology and could be something to do with the Roswell UFO. Finding this threw me ecause I didn’t know if this information was a disinformation exercise and that people were meant to get in and find this stuff or if it was real. I can’t be sure and this is the one annoying thing.

In the interviews that were carried out with the police Wright Patterson was mentioned. Officer D S Janes asked me, had I been in there and I said that I had. He then asked me if I had got any information from this computer and I said that I had found details of an anti-gravity propulsion system. He asked if I downloaded any files from this project and I said no and I had only read the files online. As I said earlier I admitted to this but no charges were brought against me on this matter which is a bit odd. Then the interviewing officer asked me if I knew what Hanger 18 meant. I said “well if you are thinking of a building where they store extraterrestrial aircraft then this is what you might mean but perhaps you mean it is a computer or a bulletin board -is this what you mean?”. He replied that this could be the place that he was thinking of. This was the only time that Hanger 18 was mentioned in the interview.

In one of the hearings at magistrates’ court there was a special agent who came over called Jim Hanson. When asked what did he feel I was trying to achieve by my hacking he said that he believed I was not trying to do any harm but was just looking for information on Hanger 18. The prosecution then asked Jim Hanson in a light-hearted manner if he could confirm if Hanger 18 exists and Hanson responded “I can’t tell you that because I am not party to that information”.

What surprised me is the fact that I was asked about the little known Hanger 18 story instead of somewhere well known such as Area 51. Some members of the press alluded that I had hacked into Area 51, but I never said this and I refused to comment on the UFO issue to them. There were things I was not prepared to talk about to the press because I was not sure if I would be able to sell my story or not, so I did not want to give the information away.

The point was that I knew where Wright Patterson airbase was but I didn’t know, until I read a UFO magazine recently, that Hanger 18 was located at Wright Patterson. This was the first I ever learned about this.

When you put it all together it seems weird – the fact that I hacked into Wright Patterson and found details of a secret gravity engine and then the coppers asking me about Hanger 18, even to have a secret service agent in an open court saying about Hanger 18 and then me later on finding out that the two places are the same.

MW: Wasn’t there a ban on press reporting of your case?

MB: The press were there and they heard many interesting things which the failed to print but yes there was a ban on reporting the case, they said because they did not want the press opinion to influence the case in any way. This is the principal of subjudicy.

The prosecution had originally intended to have the case heard in secret (In Camera) but we did not allow this to happen.

MW: Have you ever seen any UFOs yourself?

MB: There was a time when I was going back to Newport from Cardiff and there were two very feint lights which were like passenger plane lights at first. They looked like they were going towards Rhoose airport but in-between them there was a start which was shooting back and forth between these two points. I had to force my friends to look at the lights because they would not look and said was crazy but when eventually they did look they agreed that they had seen something strange.

My Wife and I went on holiday to Fuertaventura in the Canaries and there were unusual lights in the sky above us which we watched for many hours. They changed colour and went on and off. They seemed so far away that they couldn’t be sure if they were satellites or not. I am not saying that this could not have been explainable phenomena.

MW: What interest did you have in UFOs before the trial.

MB: Just before I got into the hacking scene I was making the free phone calls and I found a Bulletin Board in Australia which had loads of UFO files. There were about 500 or 600 text files on offer so I downloaded them all and waded through them slowly. I found it really interesting and I wanted to know more. I go into the MUFON files and Keelynet Bulletin Boards and they had interesting things on them also.

It seems to me that far more people have seen UFOs and have evidence of this than there is evidence of GOD but people go around believing in GOD and are not ridiculed for this in any way!

My opinion is that there is a lot of information UFO information out there and it is hard to separate the liars from the truthful people. The thing is that some of the wilder claims may also be the truth but sometimes you cannot be certain of any claims either way.

The types of thing I mean are cases where people say that they have been onboard spacecraft and seen the classic alien with big black eyes and that they had experiences which are consistent with other witnesses. You then hear from the same person that the aliens took her for a ride and they were walking around on the moon without a spacesuit and the story starts to take a strange turn. It seems that people seem to go overboard but who knows that person may in fact be telling the truth.

MW: Do you know much about Bob Lazar? Tell me what you about his story.

MB: Well yes, Bob Lazar was able to show documents from his previous work to show that he worked with certain companies, but they deny he ever worked for them.

As I remember he is a really nerdy looking guy that claims to have worked at Area 51’s S3 complex I think? He claimed to have been working on crashed UFO technology. He said that he had seen saucers in hangers and had seen one flying one day. Only recently I saw the original interview he gave on video where he talked about his work and was drawing on a blackboard. I think he got prosecuted for running a brothel, I don’t know much more than that.

MW: Do you know anything about the propulsion systems he was talking about in his work on the saucers?

MB: No not really – I can remember the shape of the craft and I can remember that the propulsion system was in the bottom of the craft and that it is like a segmented thing. I remember a little area in the middle where the “guys” would sit. I don’t really remember the details or specifics of that.

MW: I am interested because you used the term “heavy element reactor” earlier on and I wondered if you have heard about something called “element 115”?

MB: No I did chemistry at school but was very bad at it and got kicked out. I don’t know anything about elements full stop really.

MW: Bob Lazars story was that he worked on propulsion systems, which utilised a reactor, fuelled by a super heavy element. Everyday scientists do not know of the element 115 of which he speaks. Does this mean anything to you?

MB: Maybe that is a parallel. The only things I know about him really is that he worked on UFOs and his involvement in the brothel and the fact that he looks a bit “geeky”.

MW: Can you remember any names of people on the project. Were there dates on any of the letters you saw regarding the propulsion system?

MB: Nope, as for dates all the information was current at 1994. Whether this was a totally new engine or if it was a new version I can’t be sure. I do know that it was a working prototype.

MW: Did they say what type of aircraft the propulsion system would be used in?

MB: Not that I remember, although I believe the engine was in use.

MW: Do you fear going to the United States?

MB: I am, not so much worried about being tried in the US for these things because they still have the same flawed evidence – but I fear that over there they would just stick me in prison without a trial and leave me to rot. This is something I have to look at carefully and to study the international law on these matters because there is a question of where was the crime committed on my computer in my house in the UK or in the US on their systems. This is a legal dilemma and is open to question.

A point is that there is a hacker out there now called Kevin Minick who did some minor hacking and has been in prison for 2 years and hasn’t been charged with anything yet! This can happen.

MW: Why did you do all this? Are you an anarchist or is this political or just for pure curiosity?

MB: I just get a thrill out of exploring new computer systems. If you could see my CV I now have knowledge of all these computers systems I have used. If employers wanted to know how I got that experience it may get a bit awkward to have to tell them that these were military systems I was playing with – but it still makes for a good CV! I can now admit to my hacking and not have any fear because it may be a plus point in that I know a lot about systems security.

I did it for the pure adrenaline buzz of hacking a secret system. This can keep you awake on no food for hours and this is one of the other reasons – because of the thrill.

MW: Thank you very much.

MB: Thanks.

In final clarification on some of the interview I asked Mathew if he saw any images on the computer systems at Wright Patterson Airbase. He says he saw one but remembers that the antigravity engine was a working prototype and is fitted in some form of aircraft and is in use although the type of aircraft was not disclosed. The information was dated around 1994, when the system was originally breached. It is now up to researchers and hackers alike to try and find out more.