The negligence in this case is stunning. His 'hack' was to write a Perl script which scanned a range of IPs, looking for remote access accounts that did not have a password. So, the compromised machines were:
- connected to the public internet, with a publicly routable address
- not firewalled
- running remote access software without a password
I strongly believe the strength of feeling shown by the US authorities here is primarily one of embarrassment. It is more comforting to believe you are facing a genius superhacker than it is to believe the people responsible for your network security are literally incompetent.
Also, while he was logged in to these machines he had notepad.exe-based conversations with other hackers - he was definitely not the only person who accessed these systems.
- connected to the public internet, with a publicly routable address
- not firewalled
- running remote access software without a password
I strongly believe the strength of feeling shown by the US authorities here is primarily one of embarrassment. It is more comforting to believe you are facing a genius superhacker than it is to believe the people responsible for your network security are literally incompetent.
Also, while he was logged in to these machines he had notepad.exe-based conversations with other hackers - he was definitely not the only person who accessed these systems.