Gary McKinnon, the Briton indicted this week for hacking into scores of U.S. military computers, left behind few clues on the compromised systems of his victims. But download log files from a Wisconsin software firm may have led investigators straight to his London door.
In an apparent effort to avoid detection, McKinnon, 36, installed copies of a commercial remote-access utility called RemotelyAnywhere on Navy and other military systems he allegedly hacked last year.
The unusual strategy almost worked. Unlike underground "backdoor" utilities like NetBus or Back Orifice, the popular RemotelyAnywhere program doesn't trigger antivirus software. For nearly a year, McKinnon was able to control a vast network of defense computers without detection, authorities said.
But McKinnon's choice of RemotelyAnywhere ultimately may have been his undoing.
Using a personal computer connected to an ISP in England, McKinnon downloaded a trial copy of RemotelyAnywhere in March 2001 from a server maintained by Binary Research, the Milwaukee-based distributor of RemotelyAnywhere. To obtain a special code to unlock the demonstration software, McKinnon also provided his girlfriend's e-mail address, Binary officials said.
The Internet protocol address left in Binary's server log files from McKinnon's download, along with the e-mail address, gave investigators two "very critical" pieces of evidence, said Binary vice president Jim Szopinski.