[funsec] UK: Six-Year-Old Successfully Hacks MP's Computer

David Harley david.a.harley at gmail.com
Wed Mar 28 03:18:06 CDT 2007

> are you sure? it sounds more to me like a usb key and a badly 
> non-configured autorun were used in this instance. From the article:

Ah. I take your point. I picked up the word device in Brian's post, but not
the location of the device. The trailer I saw from the BBC program clearly
indicated a device, but I don't know exactly what sort of device was used,
only that it was apparently a USB device. But I was so busy fuming at yet
more crap scaremongering journalism that I might have missed some detail,
and I didn't watch the actual programme. 

(Sorry. I was so stunned at finding myself agreeing with Brian ;-) that I
didn't check exactly what he said. He might or might not be right in the
detail - I haven't seen confirmation either way - but he's certainly correct
in being sceptical, IMHO.)

What I actually meant by "correct" was that the child's role seems to have
been to slip a preconfigured device onto/into the machine, and that it was
far from obvious that she had any technical grasp of what she'd been asked
to do, let alone demonstrated any hacking skill. In fact, the BBC article
specifically states that she knows very little about computers. That's at
ogger.shtml: it still doesn't make the detail entirely clear.

So, clearly there are risks here. The device did get past various security
checks and devices into the building. And programming a young child,
preferably one as "acceptable" and "unsuspicious" as possible in terms of
class, gender, ethnicity and so on, to carry out a subversive, covert or
destructive device/action could certainly be very effective. Is there anyone
here to whom that thought has never occurred? I very much doubt it.

David Harley 
Security Author/Editor/Consultant, Antivirus Researcher
Small Blue-Green World
dharley at smallblue-greenworld.co.uk
New botnet book: http://www.syngress.com/catalog/?pid=4270
Security Bibliography:
Articles: http://watersidesyndication.com/inbusiness/

More information about the funsec mailing list