DailyTech - British Hacker Loses Extradition Appeal

Submit News

Internet British Hacker Loses Extradition Appeal
Michael Hoffman (Blog) - April 4, 2007 5:42 PM

E-mail

del.icio.us

42 comment(s) - last by James6.. on Apr 6 at 12:16 PM

Gary McKinnon will likely be sent to the United States to stand trial for various computer crimes

A British hacker accused of breaking into secured government computers and causing more than $700,000 in computer damages lost an extradition appeal in the U.K. Last May, McKinnon was indicted in northern Virginia and New Jersey, at the same time a British judge decided that the hacker should be extradited to face charges. This time, two leading British judges rejected the challenge -- McKinnon now wants his case to be heard in the House of Lords, England's highest appeals court.

McKinnon compromised around 100 computer systems, some of which were operated by the Pentagon and NASA. The alleged intrusions took place from February 2001 to March 2002, leading to McKinnon's arrest in 2002. He was caught because some of the software he used in the attacks was later traced back to an e-mail address his girlfriend used.

McKinnon admitted that he made the intrusions, along with saying the damage was unintentional and he was looking for evidence of UFOs. The U.S. government has spent a considerable amount of time reassuring U.K. prosecutors that McKinnon would be given a fair trial once in U.S. jurisdiction.

If convicted, the man who carried out "the biggest military hack of all time" could face up to 70 years in prison along with fines up to $1.7 million.

Comments

Threshold

Username
Password
remember me

This article is over a month old, voting and posting comments is disabled

Playing Devil's Advocate

By Lord 666 on 4/4/2007 6:00:40 PM , Rating: 5

How does the time fit the crime? While $700,000 of loss is considerable, it is on a much smaller scale than 70 years in prison. Killers and rapists are served much less time than that.

More than likely he will be hired into a government agency.

Around that era, there was a much larger and dangerous vulnerability with SNMP that was never fully exploited.

RE: Playing Devil's Advocate

By codeThug on 4/4/2007 6:04:30 PM , Rating: 3

he'll never do 70, but 2-3 years would be a good deterrent. After that he and Mitnick can have all the margarita's they want while working for Citi-Bank

Parent

RE: Playing Devil's Advocate

By Christopher1 on 4/6/2007 6:47:03 AM , Rating: 2

In my opinion, even 2-3 years is too much for this. Really, if he could hack into a military system, the military should be THANKING him for pointing out holes in their security, but then again, the military NEVER likes people to point out their shortcomings at all!

We need to be ENCOURAGING people to try to hack into systems that are made to DOD specs that are NOT actually DOD computers, or not connected to the DOD computers that have secret information on them.

That way, the military will have the best of the best hackers trying to get into the system, and when someone does it, they can get the information on how they did it from them and pay them!

Parent

RE: Playing Devil's Advocate

By Puddleglum1 on 4/4/2007 6:54:14 PM , Rating: 2

It's more than just $700,000 worth of damage.

quote:
If convicted, the man who carried out "the biggest military hack of all time" could face up to 70 years in prison along with fines up to $1.7 million.

Also, it's "face up to" that many years. Rapists and murderers face quite a few years as well, although the sentences usually are much less.

I agree with your point, though. Lengthening the sentence simply to prove a point is pretty unfair justice.

Parent

RE: Playing Devil's Advocate

By Puddleglum1 on 4/4/2007 6:56:00 PM , Rating: 2

Err, I meant "it's more than just the $700,000" that affords such a great punishment.

Parent

RE: Playing Devil's Advocate

By Reflex on 4/4/2007 8:41:49 PM , Rating: 4

"More than likely he will be hired into a government agency."

This is a very popular myth, but its very very rarely true. The problem here is that no agency can trust such an individual since they have already proven they are willing to break laws. How do you ever give a person like that the keys to a secure network without putting that same network at risk? Having worked for security companies before I can say with certainty that 'black hats' are basically never hired by any security company that is reputable, and governments typically would rather just imprison them than hire them.

Its not like there is a shortage of security experts who choose not to abuse thier skills.

Parent

RE: Playing Devil's Advocate

By lumbergeek on 4/4/2007 10:38:35 PM , Rating: 1

Plenty of opportunity to work at a Government Agency - the White House, The CIA, the NSA...

... The willingness to break laws is a must for some government agencies.

Parent

RE: Playing Devil's Advocate

By Reflex on 4/4/2007 10:59:00 PM , Rating: 2

1) Your not breaking the law when your doing security work for the NSA. You have executive authority to do what you are doing.

2) You are the least likely to get into those agencies with any sort of criminal record(even if you were never caught or convicted). Whats more important than supposed skill is the ability of the agent themselves to be trusted by the agency. Black Hats are not trustworthy ever.

Black Hats do not know any 'secret techniques' that other security researchers are unaware of, they simply do not have the morals that White Hats and legitimate researchers have to disclose thier findings without exploiting them. Since there is a fairly large pool of legitimate security researchers and practictioners, there is really no reason to hire criminals. Why hire potential security risks when there are plenty of non-security risks who will do the same job?

Parent

RE: Playing Devil's Advocate

By edge929 on 4/5/2007 11:46:15 AM , Rating: 2

Because talents like this guy has are VERY few and far between. For the past 9 years I've worked as a computer programmer (like many others on here) and I've been working with/around/on computers since I could comprehend language but I'm no where near the knowledge level of hacking NASA or much less any reputable company for that matter. Sure, if I devoted my life to it, I'd pick some of it up pretty fast but I don't have the time nor the desire to learn those techniques.

There are good programmers and then there are OMGWTF!!11 this-is-ingenious, programmers.

Parent

RE: Playing Devil's Advocate

By Reflex on 4/5/2007 2:03:27 PM , Rating: 2

This guy did nothing special. Like most so-called 'hackers' he simply exploited known problems in commercial operating systems. NASA is not inherantly more secure than any Fortune 500 corporation, they use the same OS's with the same security programs. Like every other network connected system, the security is only as good as the administrator.

I guarantee you that ANY reputable security outfit could have exposed the same flaws he did. The holes are typically already documented, the real flaw is that such agencies have so many internet facing machines, as a result some are bound to have an unpatched flaw.

Parent

RE: Playing Devil's Advocate

By rnnh on 4/5/2007 12:59:30 PM , Rating: 2

quote:
1) Your not breaking the law when your doing security work for the NSA. You have executive authority to do what you are doing.

Why bother having laws at all then?

Parent

RE: Playing Devil's Advocate

By Reflex on 4/5/2007 1:57:29 PM , Rating: 2

Good point, and one the President has to answer considering how executive authority has been abused. But thats not really relevant to whether or not an authorized NSA agent is breaking the law, if the President and his deputies tell him to do something, breaking the law would be refusing. If Congress dosen't like it, they will change the policy that allowed whatever it was and the president will have to abide by it. But the NSA employees themselves are NOT breaking the law even when they seem to be ignoring it.

Parent

RE: Playing Devil's Advocate

By BladeVenom on 4/4/2007 8:59:45 PM , Rating: 2

It's not even as bad as Sony's rootkit. How many military and government computers were affected by that, and how many people from Sony went to prison?

Parent

RE: Playing Devil's Advocate

By theapparition on 4/5/2007 8:18:23 AM , Rating: 2

While I do believe that 70 years is excessive for a non-violent crime (and I'm not going to speculate on what I think is a good time), it is worth noting that his time would most likely be served at a federal minimum security prison, aka "Camp Cupcake".
If maximum penalties were 1-3years, how many more individuals would be willing to take the risk. The whole point of long potential sentences is that judges can make a determination to the accused's remorse, past history, and potential future wrongdoings. By far, not a perfect system, but it has evolved this way for 220 years.

Parent

Politics

By medavid16 on 4/4/2007 6:28:26 PM , Rating: 2

It's all politics. They're using him as an example to discourage other hackers to target government computers.

I think their tactics are at best, minimal deterrents. Hackers target sites because it's difficult.

And whoever said $700,000 >< 70 years is right. That's saying, 1 year of his life is worth $10,000. It's politics.

And probational efforts are usually more or less half of the sentence, so that would actually mean he'll do 30 years, and probation afterwards.

RE: Politics

By codeThug on 4/4/2007 6:43:42 PM , Rating: 3

He'll never even do 30. Mitnick did 5 years. 4 1/2 in pretrial custody, and then 8 months solitary.

3-4 years behind bars is probably more than enough deterrent.

When these hackers see that they can go from "Data Cowboy" to "Julio's bitch" in 2.3 seconds, they will think twice.

Parent

RE: Politics

By Lord 666 on 4/4/2007 8:04:20 PM , Rating: 4

More like "Script Kiddie" to "Julio's Bitch"

Parent

RE: Politics

By Christopher1 on 4/6/2007 6:50:12 AM , Rating: 2

They already know that, and they do not care. Why? Because the chance of getting caught hacking into an NSA system or other governmental system is little to none at best.

Parent

feel sorry for the guy

By bubbacub616 on 4/4/2007 7:51:13 PM , Rating: 3

I mean he's obviously mad (looking for UFOs) and its not like he was selling stuff to China/Russia, just poking around looking for references to little grey men!

RE: feel sorry for the guy

By Oregonian2 on 4/4/2007 8:51:13 PM , Rating: 2

Looking for UFOs. Sure. Wonder if that works for people breaking into banks using explosives: "thought they were hiding UFO's here, I wanted to find them and show the world they were being hid in here ...uh.. yes, behind the piles of money!".

Uh huh...

Parent

RE: feel sorry for the guy

By trex1000 on 4/4/2007 9:07:20 PM , Rating: 2

Well if he did find something on little green men he hasn't said much. Maybe he did and is going to use keeping his mouth shut as bargaining power in keeping his sentence time down. Seriously though, the government should be glad that this guy, considerably harmless, hacked in and didn't cause any serious damage. It may have been much worse had a suspected terrorist with good skills hacked in. Besides that, this incodent will also help in finding and closing security holes.

Parent

RE: feel sorry for the guy

By inthell on 4/5/2007 6:44:20 PM , Rating: 2

you believe that wow seriously wow.

Parent

Here's a link to the law and the indictement

By mikepers on 4/4/2007 8:04:57 PM , Rating: 4

http://www.usdoj.gov/criminal/cybercrime/1030NEW.h...

http://www.usdoj.gov/criminal/cybercrime/mckinnonI...

He's being charged with 7 counts with a possible 10 years for each. Besides hacking into the systems he's accused of also causing approximately $900,000 in damages once he was in.

Assuming it can be proven, and it sounds like he's already admitted to the hacking and the damage, then I think he's in serious trouble. And if you ask me, he should be!

Not as bad as you think

By rdeegvainl on 4/5/2007 10:23:28 AM , Rating: 3

I believe the punishment fits the crime. There is no way to accidentally break into the computers in the fashion that he did. Also it's a military network. You should know if they catch you your screwed.

Also, stop imagining that some kid got access to more than machines used to send e-mails to other military network users.
Before assuming that some hack job had access to all of our secrets, learn how the military actually uses it's networks. To do that your gonna need to get a security clearance. That is all I can say about that.

slam time...

By codeThug on 4/4/2007 5:50:06 PM , Rating: 2

general pop, pelican bay

Not so Smug Anymore

By osalcido on 4/4/2007 6:00:02 PM , Rating: 2

Heh. A few years of hard-time will do this overaged punk some good.

If he can do it...

By feelingshorter on 4/4/2007 8:41:34 PM , Rating: 2

If he can hack into Pentagon/Nasa computers, then I'm sure the Russians and Chinese are doing it too.

Deterrent

By skarbd on 4/5/2007 9:55:04 AM , Rating: 2

Its mainly a pointless deterrent.

The people who would really gain from hacking into the US (any) Government/military networks are probably sitting in countries who the US doesn't have extradition treaties and may or maynot be working for their goverment/criminal organisations.

They certainally would not be using sortware that had incriminating evidence. Its merely an exercise in weeding out the stupid.

Queen's Subject?

By porkster on 4/5/2007 6:31:06 PM , Rating: 2

So much for being a Queen's Subject. I guess Scotland wants it's independence.

injustice

By tachyonX on 4/5/2007 10:52:32 PM , Rating: 2

It hardly seems any justice to simply extract the accused (from their country) without the benefit of any criminal hearing, for the charges simply labeled as "damages". Accessing a few documents (read-only access) through exploitation of security holes (software), doesn't really qualify as "damage", does it?

Catch the bit on "non-terrestrial officers" transfers, McKinnon's video interview: http://video.google.com/videoplay?docid=3035368354...

Why the govt is furious

By James6 on 4/6/2007 12:16:21 PM , Rating: 2

The govt is furious as Gary was so kind to point out references to Hangar 18 he discovered, so nicely and furiously denied by the Govt, at WPAB Dayton, OH.
Area 51 was denied, then admitted, to blur the lines betweeen truth, dis-information and misinformation.
MJ12 was denied.....
Men in Black were denied......
Hangar 18........Time will tell.

Why have references to a non-existent Hangar ??????????
What else did Gary read and is withholding ??????
One lie to cover up another, to coverup another, to cover up another, and another.

If just one of those tens of 1000's of UFO sightings / encounters is true...Just one, just one...!!!

Like Stanton Friedman said -
100 years ago - give the US Navy a Nuclear destroyer, couple of billions and an order to make two more....
Today - Give them a few UFO's, couple more billions and an order to make two more...........

Throw his butt in the slammer and throw away the key

By Beenthere on 4/4/07, Rating: -1

RE: Throw his butt in the slammer and throw away the key

By gradoman on 4/4/2007 7:28:17 PM , Rating: 2

Actually they'd be better off working at a security firm.

Parent

RE: Throw his butt in the slammer and throw away the key

By Spartan Niner on 4/5/2007 2:15:26 AM , Rating: 3

quote:
hacker-noun

1. someone who plays golf poorly
2. a programmer who breaks into computer systems in order to steal or change or destroy information as a form of cyber-terrorism
3. a programmer for whom computing is its own reward; may enjoy the challenge of breaking into other computers but does no harm; "true hackers subscribe to a code of ethics and look down upon crackers"
4. one who works hard at boring tasks [syn: hack]

Now I don't know what ignorant definition of hacking you've been taught by the media, but #3 is probably closest to the original meaning of "hacker", not the bastardized meaning portrayed by the news media of including anything from script-kiddies to cyber-thugs and malware-writers. I don't consider script-kiddies to be hackers, and I certainly wouldn't group cyber-thugs and malware-writers with them. "Hackers" have been around since Steve Russell et al. wrote code and tweaked oscilloscopes to make Spacewar

Parent

RE: Throw his butt in the slammer and throw away the key

By bldckstark on 4/5/2007 12:25:36 PM , Rating: 2

The word "Cracker" was derived from combining two words. Those being "Criminal" and "Hacker". That should tell you the difference between the use of the words. Cracker is also a slang word used dergatorially to describe caucasians. This is why you rarely see it used in the media. Using the term cracker to describe criminal hacking would cause some uptight white Democrat to call Greenpeace on the newspaper, thinking they used a derogatory term. Aren't we all better off with this politically correct world!!

Parent

RE: Throw his butt in the slammer and throw away the key

By Motley on 4/5/2007 1:28:50 PM , Rating: 2

No, cracker didn't derive from combining two words. Cracker came from being able to break into something. As in "To crack a safe", or "crack a walnut".

Parent

RE: Throw his butt in the slammer and throw away the key

By rcc on 4/5/2007 6:51:09 PM , Rating: 2

The evolution/spread of the term is pretty humorous considering it was originally coined as a derogatory name by programmers to describe someone that "hacked" code from other peoples programs rather than write their own.

Parent

RE: Throw his butt in the slammer and throw away the key

By Proteusza on 4/5/2007 5:03:50 AM , Rating: 2

The whole case is rather tragic. He should be tried here in the UK like any other hacker. But the real reason the US wants him over there, is because they are embarrassed and want to make an example of him. I read an article about him, and his crime, and he says it was easy to get into their network. No doubt it was not as secure as they hoped, and they were unpleasantly surprised to see a stranger snooping around. I dont doubt this incident made the US improve their security 100 fold, so that another incident like this will no longer possible.

he was only one man, he was only curious, and he get anywhere he wanted. Anyone else think that NASA and the Army should be better protected than that?

Oh how did he incur $700 000 worth of damage? Is that what they spent improving their security after they realized they had been owned?

if one of the machines gets compromised on your network, blame the hacker. If all machines on many metropolitan networks across different departments get compromised, you can only blame yourself for being so stupid. thats also why he won't be employed - he didn't get in because he was a genius, he got in because security was lax.

He deserves a jail sentence, but he deserves on here in the UK, and for no more than 10 years in total.

Parent

RE: Throw his butt in the slammer and throw away the key

By bohhad on 4/5/2007 10:17:31 AM , Rating: 2

nope, he's going to the US to do 70 years in a federal, pound-me-in-the-ass prison.

your justification sucks. so if one house burns down, blame the arsonist, if the whole town burns down, blame public safety for being asleep at the wheel?

Parent

RE: Throw his butt in the slammer and throw away the key

By Christopher1 on 4/6/2007 6:54:18 AM , Rating: 2

Actually, that's a pretty good reasoning there. If an arsonist sets one house on fire with the intent to only burn that house, and the whole town burns down, you have to blame public safety and the firefighters today, because with all the equipment that firefighters have now, they should be able to put out that one fire before it burns down more than that one house.

Parent

USE HIM

By crystal clear on 4/5/07, Rating: -1

RE: USE HIM

By crystal clear on 4/6/2007 3:34:57 AM , Rating: 1

This is for all those Daily Tech commentators-

WHO LACK THE ABILITY ! ! !
TO GIVE AN INTELLIGENT & EDUCATED RESPONSE-SO THEY PREFER TO
VOTE ME DOWN.(honestly I really dont care ! ! !)

Quote-(BBC-a very reliable source)

But Gary McKinnon, or Solo as he was known online, paints a very different picture of himself, and his motivation. In a BBC interview in 2005, Mr McKinnon said that he was not a malicious hacker bent on bringing down US military systems, but rather more of a "bumbling computer nerd".

He said he's no web vandal, or virus writer, and that he never acted with malicious intent.

But he did admit that he hacked into dozens of US government computer systems. In fact, he calmly detailed just how easy it was to access extremely sensitive information in those systems.

"I found out that the US military use Windows," said Mr McKinnon in that BBC interview. "And having realised this, I assumed it would probably be an easy hack if they hadn't secured it properly."

Using commercially available software, Mr McKinnon probed dozens of US military and government networks. He found many machines without adequate password or firewall protection. So, he simply hacked into them..........................

Mr McKinnon remains contrite about what he did, although he has admitted that he thinks US officials are making him a scapegoat. He has said that in the course of his hacking, he found evidence that hundreds of others from around the world were also trying to hack the same networks

His supporters say that instead of prosecuting him, the US government should thank him for pointing out massive computer security lapses in critical systems.

As for his quest to find evidence of a UFO cover-up, Mr McKinnon has said that he found some circumstantial evidence online to back his claims, including what he said are photos with what he speculated were alien spacecraft airbrushed out of the picture.

He said the photos in question were too large to download to his own computer.

http://news.bbc.co.uk/2/hi/technology/4715612.stm

Also-

Points to note-

* "in the course of his hacking, he found evidence that hundreds of others from around the world were also trying to hack the same networks"

* he calmly "detailed just how easy it was to access extremely sensitive information in those systems".

Quote of the day-

I'm facing 40 years because the US military systems have blank passwords and no firewalls

Gary McKinnon

Parent

"A lot of people pay zero for the cellphone ... That's what it's worth." -- Apple Chief Operating Officer Timothy Cook