[ad]
For some of the long time readers, you might remember we’ve been covering the case of the UK Hacker Gary McKinnon for quite some time. The last post was about a year ago though in August 2007 when he Won Right to Lords Appeal Extradition Hearing.
The first post on the case was over 2 years ago in April 2006 when it was found out that British Hacker Gary McKinnon Fears Guantanamo.
Mr McKinnon, 42, first lost his case at the High Court in 2006 before taking it to the highest court in the UK, the House of Lords. He was arrested in 2002 but never charged in the UK.
The US government claims he committed a malicious crime – the biggest military computer hack ever. The authorities have warned that without his co-operation and a guilty plea the case could be treated as terrorism and he could face a long jail sentence.
Mr McKinnon, now living in north London, told BBC Radio 5 Live he was “pretty broken up” by the Law Lords’ ruling, although he had expected the outcome.
He lost the case in Lords’ by the looks of it so now he’s in pretty hot soup. It looks like if he pleads guilty he might get a lot lighter sentence and more lenient treatment.
But that’s what they always say isn’t it? Until you actually say you are guilty then they lock you up for life and throw away the key. He better be careful with whatever he’s planning, very careful indeed.
The Law Lords were told by Mr McKinnon’s lawyers that extraditing him would be an abuse of proceedings.
US authorities had threatened him with a long jail sentence if he did not plead guilty, they said.
If the case was treated as terrorism it could result in a sentence of up to 60 years in a maximum security prison, should he be found guilty on all six indictments.
With co-operation, he would receive a lesser sentence of 37 to 46 months and be repatriated to the UK, where he could be released on parole and charges of “significantly damaging national security” would be dropped.
A Home Office spokesman said Mr McKinnon would have 14 days in which to seek appeal at the European Court of Human Rights.
I don’t think it’s really a human rights case, but then it’s debatable. I think saying it’s terrorism is way out of line though, it’s a guy who did a bit of hacking on the wrong systems…he should pay for it yes, but now with 60 years in a maximum security facility in the US.
Maybe a few months in a UK prison then parole.
Source: BBC News (Thanks razta)
gul says
I found that definition of terrorism: “Terrorism is “the systematic use of terror especially as a means of coercion.” here : http://www.merriam-webster.com/dictionary/terrorism
I agree with this definition, at least, for the terror part. So, how McKinnon can be charge for terrorism.Hacking, illegal acces to protected datas, violation of US property, or comparable charges, but terrorism… Seems that American people are a lot on, every criminal is a terrorist since 9-11. It’s sad to see that US are reacting like that against this guy. Not saying he haven’t done bad things, but, shouldn’t he be judge for what he did instead of some trendy accusation ?
Navin says
@ gul
tht’s the dictionary definition, not the judicial definition…in the judicial system, a terrorist is anyone who disrupts the public/military’s affairs either offline/online and wht Gary can be made to fit the JUDICIAL DEFINITION of Terrorism….and also as you’ve pointed out, post 9-11 everything is terrorism….you blast a building, tht’s terrorism… you kill a dude, its terrorism…. You rape a chick…Its terrorism…You pee on the road… its terrorism…You hack the military….do i have to say i again??
I just wonder what’d have happened if Gary were a Muslim…I can bet they’d havefound some ridiculous relation between him N Al Qaeda ( for eg…. He works at abc place, and his co-worker has a banker who worked at the bank which was used as a proxy to transfer $$$ which funded Al Qaeda’s war)
And 60 years….tht’s really dumb…Try reading the six indictments against him….atleast 2 of them, in my opinion can’t be proven, atleast not completely…so maybe 40 yrs max,if convicted on all counts.
gul says
I should have studied more seriously laws ;)
So, shame on me for my mistake.
If he were Muslim… You resumed it quite well… I can understand, why our american fellows are so angry about terrorism, 9-11 was traumatizing, but that should excuse every abuses they do.
zupakomputer says
I think they want him tried in the US so nobody hears how he actually got into the systems and what he did.
True, leaving your door unlocked so anyone can get in doesn’t mean you are inviting them in –
but legally, if you had indeed left your door unlocked and were robbed for example, the insurance wouldn’t pay out would they.
He’s saying he scanned their systems and found admin accounts with blank passwords, which he used to go in their network and look at things like UFO files and pictures.
If I was representing this, I’d go for the angle that any system/network that is said to be that important that hacking it could cause terrorist type of damage – well how can anyone say that when they have open admin accounts.
That’s not a ‘oh it’s a new thing that no-one in security knew about until a hacker exploited it’ – it’s a ‘so you didn’t actually secure one of the most basic of all things that is always secured by anyone, on any network that they don’t want others to access’.
razta says
If you leave your door wide open long enough, one day some ones going to have a peak in.
All tho what he did was wrong, he did help the US government in securing their networks against more serious threats, What he should have done is informed them of the blank admin accounts as soon as he found them. He shouldn’t have kept access and he also shouldn’t have snooped around for months on end. He must have known that one day they would catch up with him.
He shouldn’t be extradited, especially not on the grounds of terrorism. He is a British citizen, he committed the crimes in the UK even though the crimes were committed against US networks, he broke the law while he was on British soil.
He must have known that his luck would run out some day, it was inevitable. I bet the jury, lawyers and judge know nothing about computers or the InfoSec world.
splink says
This is ridiculous. I can understand the US gov. for being pissed but such a long sentence for exposing they’re (dumbass) security holes. If you leave the administrator account enabled with no password you deserve to be hacked.
winman says
I feel and agree w/ most of the comments. The American shift on “terrorism,” everyone knows, is just a Trojan for the powers that be, to make us and the world, spend our a$$ on cigs and gas.
Your boy McKinnon, unfortunately got caught up in the middle. He fell into the blanket legal definition, and has to pay the price of a “terrorist.” Come on, seriously, knowing our gov’s sys’s can be compromised, really not that .terrifying since forever. I love my Country; just don’t trust the gov very far. Gas has went up and down just a smidge for awhile now. Its like they let them drop, then 9-11 they gave us a break. I mean their not animals they say. Then wam, I’m refinancing my house so i can afford to drive to work.
smashie says
I get a bit annoyed when the US goes on about terrorism, I was in a bar in Boston in the late 80’s and a guy came round with a collecting tin and said “buy a bullet for the boys”. I told him to f*** of and I walked out. It pisses me off that NORAID was allow to function for so long but all of a sudden everyone else in the world is a terrorist.
I really hope the EU kick this case into touch and show it for what it really is, the US throwing it’s weight around and trying to make an example of Gary McKinnon
gul says
@razta : I didn’t agree with you, when you said McKinnon helped them secure their network. The only thing he did is making them realize it was really important. A good pentester should have done the same to help them secure their network. And for less troubles ;)
If anyone have more information on what was the situation at the NASA, I’m interested to understand was is the sys admin point of view. Was he incompetent ? Was the security policy inadapted ? Was the guys in white coat just not following the security rules ? Always good to look what was the root problem which allow the breach :)
Brill says
Here you have some clarification about the legal reasons used to reject Gary’s appeal
http://www.theregister.co.uk/2008/07/30/mckinnon_lords_ruling_analysis/
Very interesting the brief comments related with the differences between US Law system and UK Law system
Navin says
Totally agree with wht Smashie said….the government is simply tring to make an example outta McKinnon. Guess they feel tht with the sorta media coverage the story has got over the last few months, bringing the hammer down on him really hard will ensure tht such things will not happen again….. hehe, wht big losers!! I’ve read about this on so many forums and there’s not a single guy who’se said, I’m gonna think twice before I pentest a server without informing its owners!! Guess the government has to work harder to get THE MESSAGE out
gul says
Hey Navin, informing owners of a server you’d like to pentest, is mandatory, or it’s evil-hacking-of-doom-from-terrorist-like-guys ;)
the only thing you can do if you want to pentest a server without informing the owner is just basic stuff, that won’t require computer knowledge. Hey, even a dig can be problematic. Their was an article, some month ago on a guy who just used basics commands and was charge for “hacking” cause he used deep computer knowledge… something like dig, if my memory is not all cloudy ;)
Brill says
Thats right Gul, even more, with the legal definitions used to catalog “computer crimes” (which try to cover any possible scenario) even basic stuff can give you some headache as can fall under something like “Unlawful use of computer” which could be considered a felony in third grade.
In adition to that if the system is related at any level to any goverment office or department that would be a good excuse to call it “terrorism” :(
Better to have allways the “out-of-jail” card from the owner of the server.
http://ot.bloomu.edu/Documents/PA%20Computer%20Laws.pdf
Morgan Storey says
@gul: how did they even know he did a dig, that doesn’t even nessesairly touch their servers, unless they host their own DNS, but then it would just be a logged lookup.
What he did was wrong there is no arguing that, but it was like if you are walking along and see a car unlocked, if you are ethical you notify the owners (I would, and have) if you aren’t you might take it for a spin. If you were caught the Jury would take into account that the car was unlocked, it would be a crime of convenice and you probably would get a reduced/suspended sentance.
I don’t see any difference in this case, maybe get him to do some community service then let him go. But sending him to Gaol (jail for you americans), wtf?
Oh and if he were an Arab they would have already shot him or carpet bombed his house.
Morgan Storey says
@zukakomputer: nothing wrong with windows, a server is only as good as its admin. The fact that this admin had no administrator password, and then opened up wordpad askin who was taking control of the local session points to some majorly inept admins. I mean come on, I have seen my mouse pointer move by itself, I unplugged my network cable so fast that I was just a blur, turns out it was just another tech accidentally connecting to the wrong machine.
My point is these people shouldn’t be in IT, let alone in IT for NASA.
Yeah whay McKinnon did was wrong and a little bit stupid as well, but in no way does he deserve even a year in prison for “stealing a car that the keys have been left in”.
Navin says
But Morgan….. if you see a car parked on the side of a road, you won’t steal it…(atleast i hope not ;) ) coz laws are strictly enforced over the last soooooo many yrs. The thing with net hacking is that even today the laws are not well defined (I can bet someone’ll post a link to a pdf file which goes into intricate details of online laws :) ) mainly because the people who define these laws don’t really know what you can and cannot do using a PC with a net connection!! And they use these blurred “laws” to prosecute the so called hackers. the fact of the matter is tht Gary McKinnon was more or less a skiddie who was able to get into servers due to blank passwords….(Now who works at NASA and leaves blank passwords :? ). U decide who’s to blame!!
@ zupa
Read this article in darknet from April end 06
https://www.darknet.org.uk/2006/04/gary-mckinnon-busted-because-he-forgot-the-time-difference/
gul says
Not sure it was dig, but almost the same kind of not-armfull-tool… And they said, it’s like going to some house, and try the door to see if the locker’s on, then, watching through windows to see what’s inside, looking for some unclosed entrance… It’s not like entering, but, looking into a car and saw that the dorr is close, is not the same as testing the door, the trunk, and the windows to see if someone might enter.
But, yeah, the NASA guys seem to be really cool. Asking in notepad… I won’t have imagine such a funny solution :)
zupakomputer says
Well, Windows isn’t the most secure of OSs, there’s a right load of default settings that could be enabled or disabled that lead to compromises and exploits; it didn’t say in where I read if he could tell what Windows it was – but just for example if the clients were XP then remote desktop and other remote services are on by default.
Which of course doesn’t mean much anyway when admin accounts are freely available – I just meant that even a secured Windows does have a lot of potential exploits (and it’s just funny because big science places tend to use *nix’s or write their own OSs or run obscure ones. I mean even just the image processing areas he may have been searching – usually those would be linked with big visualisation workstations; remember only XP 64 lets you use more than 3.5GB ram, and it’s the same story with Vista, you need 64 ultimate…….so I don’t know if they were using Server or XP64 on client machines cause that little ram wouldn’t even be much use for doing touch ups at NASA level, esp. on bloatware OS that use it all for their desktops, lol). So do other OSs but they don’t tend to be as exploitable by skiddie methods.
btw to be fair, there’s a right load of freeware astronomy apps for Windows, that are damn good! But obviously for the beginner to amateur & hobbyist, like for garden telescopes and portables.
Brill says
A good and very recent example of what have been discussed here about the exagerated use of the term “terrorism”.
Bin Laden driver (held at Guantanamo since 2002) is facing a posibly life in prison sentence for “supporting terrorism”, Does that sound reasonable for being a profesional driver?, it seems that it depends on who is your employer.
Brill says
Some news on this…. THE EUROPEAN Court of Human Rights has temporarily stayed the extradition of accused UK hacker Gary McKinnon until a final revision and decision on 28th august
Navin says
Ya saw this on some news channel…some temporary relief atleast!! :)
Navin says
Update:
Gary McKinnon HAS LOST HIS APPEAL with the European Court of Human Rights.
Read this: http://www.techradar.com/news/internet/gdh-461186