Slashdot Mirror
UK Hacker loses Extradition Case
SnakeOil Steve writes to tell us that Gary McKinnon, the alleged hacker who broke into Army, Air Force, Navy, and NASA systems, has just lost his extradition case. From the article: "'My intention was never to disrupt security. The fact that I logged on and there were no passwords means that there was no security,' McKinnon said, outside the hearing at London's Bow Street Magistrates Court. 'I was looking for UFOs.'"
You want to guess how well that flies? I agree it is stupid that there were no passwords on the system, but just like a yard without a fence, the fact the fence is there does not imply permission to run around there and dig up the flowers.
And it's the military. You really think you can poke around in the military's systems without them coming after you?
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
So it's okay that you come in - uninvited - and rifle through my shit. No really.
The judgement opens up the option for his extradition.
The decision is now with our Home Secretary.
Open Source Drum Kit, LPLC deve board - mjhdesigns.com
I'm sure as soon as he attempted the connection or got logged on that there was a welcome message that said "unauthorized activity prohibited" or something to that effect. How he didn't see this coming I will probably never understand.
From the article "McKinnon faces a maximum sentence of five years in federal prison and a $250,000 fine." That has gotta hurt. The article also claims that his activities shut down the systems for a week. If that is true he might deserve this punishment, but I find it somewhat hard to believe that the military's computers were actually down for that long. Couldn't they just have done a clean boot?
Philosophy.
"My intention was never to disrupt security. The fact that I logged on and there were no passwords means that there was no security" "My intention was never to pound him in the ass. The fact that he shared my cell and he was not resisting my attacks means that he wanted to get pounded in the ass" said Gary McKinnon's cell/life mate, Tiny
that the Home Secretary does not let this one go forward... as someone mentioned previously in a discussion a few days ago; we all break laws in countries which we're not in, that's ok, we shouldn't be able to be prosectued for it (I know he also broke UK law - but he should only be prosecuted under that). How would Bush feel if someone tried to prosectue an American for saying that Iran's leadership was being foolish and that they are wrong - that's illegal in Iran - where's the extradition to Iran - you can't have it both ways
*''I can't believe it's not a hyperlink.''
What does this mean for people in *this* country that do such things? Let's assume they're treated the same with a adjudication system...what kind of trial could they expect from a jury 'of their peers'? I think this precident would serve as a big deterent showing the long arm of US justice.
fak3r.com
No country in the world should extract their citizens to U.S.A. because U.S. goverment says so. If goverments are "forced" to extract their citizens to U.S., then U.S. should extract their citizens to abroad, if citizens are accused of violating the law of other country.
This feels like an Onion article.
'I was looking for UFOs,' he added.
"I was looking for UFOs."
Judging by the look on his facecould he be one of them?
Of course he lost the Extradition case, we can't even transport to Mars let alone Alpha Centauri.
This whole mess could have been avoided if he had only tuned in regularly to the History Channel.
He who knows best knows how little he knows. - Thomas Jefferson
Given the US track record on treatment of detainees, torture, imprisonment without trial and so on I am very suprised and disappointed that any government would willingly allow their citizens to be taken into custody in the US. Here in the UK we have an issue with "illegal imigrants" who remain in this country because on arrival they plead persecution and their lawyers find it easy to block their deportation back to a repressive regime. By the same standards the USA is clearly a repressive regime.
.mil sites looking for UFO information and is now being persecuted by overzealous 'security' gimps keen to make an example of someone (presumably because they never catch any real intruders who are far too smart)" all the way to "He's a publicity seeking prick who set this whole thing up to get busted as some kind of bid for fame"
Also, I've heard this story from all sorts of sides and opinions ranging from "He's a harmless wannabe cracker who just walked into unsecured
Whatever the outcome I'd like to see the same standards applied to SONY as to this kid. If he goes down then I want to see SONY programmers arrested and deported to the UK to face multiple criminal charges because installing rootkits is an offence under the Computer Misuse Act in this country.
With all these double standards I can't see people retaining any repect for justice or the law. Once governments undermine the law with such blatent corruption of principles it's a one way ticket down to social disintegration.
Do that "remove the mouth" trick on this hacker. PLEASE.
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
if there is a field in the middle of no where, with no locked gate, or no signs saying "dont go here" is it wrong to walk there?
Wow, that's gotta suck, hope he finds it soon! Anyone know what he had in that case?
fak3r.com
They will proceed with the highest punishment possible just to scare us all in advance.
Wait and see.
Despite being batshit insane, he might have a point with this:
"The fact that I logged on and there were no passwords means that there was no security"
There needs to probably be some middle ground legally regarding what is and is not secure. It makes no sense that, say, accessing a windows share drive (or AFS cell if you like real network filesystems) out there on the internet with no passwords, no encryption, no attempt at all at security should be legally considered breaking and entering or whatever non-applicable metaphor the courts have wedged into computer case law. Nor should accessing an unprotected wireless connection be considered this, since many OSes will do that without asking.
One the flip side, we cannot go so far as to say that just because someone can break security, it was not really there... "You honor, if he didn't want me using his wireless connection, he shouldn't have only used WEP and MAC restrictions. I mean seriously, it was trivial to get his WEP key and change my MAC address to one of the allowed ones".
As much as I hate to say this, there needs to be SOME standard of security to apply to something before breaking it can be considered a crime. We run into this with the DMCA where ROT13 is a perfectly legit encryption algorithm in the eyes of the law. Maybe NIST approved cyphers or something like that should be the standard. It is just silly to leave something wide open then act all surprised and litigious when someone checks it out.
And before anyone makes a brain dead "leaving my house open does not give you the right to come in and snoop around" analogy, let's be clear that by virtue of having something published on the internet, you are inviting people to take a look. There is no accurate and meaningful real world analogy for computer network security so keep your unlocked cars, unattended briefcases, and snail mail stories to yourself. There are many services you can log into without a password (think anon FTP, demo systems, or even some telnet/ssh BBSes), so if you don't want people thinking they can log in and look around, try setting a password. Sheesh
Finkployd
I've said this on digg and i'll say it here again, he didn't hack anything. In his interviews it was said that the systems were already compromised and were being used by people from eastern european countries. I commend him for seeking the truth but not for going about it idiotically. In any case he doesn't deserve anything more than a few months in jail (if that even, better in a halfway house if there are such things in the UK), probation, and community service.
This has gotten way out of proportion. He didn't even do anything to damage US operations nor was this even his intent, he's not a terrorist and had no malicious intent. I would rather make sure those idiotic sysadmins never worked in IT for the rest of their lives since they left administrator passwords open! Freakin morons.
look for UFOs in pictures and on tv. Try to do that next time... look on the bright side tho.. you might actually receive some messages from outerspace while you're in the hole for the next 10 years. I bet Kevin could agree with that...
You're nothing; like me.
His extradition isnt unexpected.
What I am irritated about is that if he had been Osama Bin Laden's number one hacker and was looking for military weapons information would he have encountered this same security?
We can extradite him easily, but could we extradite the other?
* There was no security.
d octrine
* I was looking for UFOs.
Could this fall under the "attractive nuisance doctrine"?
http://en.wikipedia.org/wiki/Attractive_nuisance_
(IANAL)
I think this mckinnon story is just more of the "war on terror" bullshit. ... ssup' with the wacko'face boy .. cmon. almost lame ^_^
it's an artificial story created by the gov to wage war on the CYBERRRRterror.
American propaganda crap.
besides i saw the guy on tv
It may sound silly, but there really isn't a lot of difference between a public unpassworded service and a private service that's been left unpassworded on a public network. It's certainly impossible to tell if it's legitimately public before connecting to it and there's no guarantee you can tell that it's not supposed to be public once you have connected.
You can't poke a sleeping lion in the ass with a sharp stick, then complain when it attacks you.
Anybody who thinks that it's OK to go poking around obviously non-public military sites (if you're finding passwords and deployment details, you can be pretty sure it's not supposed to be public) can't be too surprised about being prosecuted.
In fact, if he wanted to do the right thing, he should have emailed a security contact for the site and notified him/her about the problem.
They Greys wanted to extradite him to Zeta Reticuli.
...But considering our (The USA's) government is trying to allow torture for "illegal combatants", who's to say he won't be considered one and shipped off to a torture camp? Here in the USA, he'd probably be tried for some asinine terrorism chagre and sentenced to life in a torture camp or to death.
So I have multiple unsecured wireless networks overlapping my appartment. One of them is even using the same router setup I have, only on default settings. The other day, I was looking in 'My Computer' (Windows XP) and noticed I had a computer mapped on my network. It was one of my neighbors' PCs, and since it was so wide open, Windows had felt the need to automatically list it in my network places. I know the proportions here are way different, but should it be illegal for me to click that link, and look around at all the nifty things on his computer? The intent would be the same.
Just food for thought.
Back when the IRA were blowing up innocent children as part of their terror campaign, know IRA terrorists were hiding here in the US, and despite many attempts, our govt would not extradite them to face trial in the UK. So are we basically saying that gaining access to an unprotected machine is a far more serious crime than multiple accounts of murder?
The internet is not like your yard or your house or your car--it is a public space, like a shopping mall or a public park. If it ain't protected at all, it is public (just like slashdot.org is a public forum). If you wander into a public website, you aren't trespassing--unless you do something like vandalizing or going around checking doors to see if they are locked. If you go through a door that says authorized personnel only, you are trespassing, and you ought to know it, but if the site was as naked as he claims it was probably a public site. The fact that the site went down for a week says nothing--the fact that some incompetent left things naked and they had to clean up after him (check if anything had been messed with) i smeaningless. In fact, this may have been a honeypot, and there are legal entrapment issues too. Severe humor failure on the Air Force's part.
We'll find out at the trial!
Could he potentially argue that he hadn't had a fair trial because his 'peers' do not understand what he was doing?
If that were true, we'd never be able to get convictions of people who orchestrated highly complex derivitives fraud or other securities shenanigans. Or convict a murderer who, though having chain-sawed a bus full of nuns in the US, is left-handed with one eye, and speaks only an obscure dialect of Swahili (or is in illiterate Romanian farmer's daughter who won a trip to New York and decided to burn down a nightclub that wouldn't serve her Balenka, etc).
"Of your peers" doesn't mean "exactly like you, with all of your experiences, biases, broken world views," but means "not all the same people from law enforcement who were also investigating and arrested you" and like that. And, of course, we're talking about things that happen to peopel here in the states, or under the coverage of a treaty that makes that equivalency. Hence this is not the same as handling someone who, egged on by his local A-Q franchise office, traveled from Jordan into Afghanistan to shoot up people driving US Army food trucks.
do the juries really understand what happened
That's what expert witnesses are for. Otherwise we'd also never see people convicted (or acquitted) when DNA evidence is the central issue in a trial. How many average jurors really understand DNA markers? Or, for that matter, can personally relate to having deliberately run down their ex-husband in a parking lot to kill him? It's a good thing that most of the people convicted of crimes don't have a lot of true "peers" in the sense that some might think to use that word.
BTW, the word is "precedent," (not "precident") from the word "precede," as in "having gone before."
Don't disappoint your bird dog. Go to the range.
The fact that I logged on and there were no passwords means that there was no security,
---This is exactly the same as a big "Welcome " sign by the door
and the door itself left ajar, inviting any of the neighbors to just
walk on in and say "howdy".
He should not be charged in those specifc cases.
signed: BuggerMe
I mean what did he actually do to *cause* all these supposed damages and shut down the networks? How did he "steal" all those passwords? If he logged into a system that was not password protected, then he did not in fact "hack" the system. If he installed trogens, viri, and modified system files then he did in fact hack the sytem. If the answer is that some unauthorized access happened and various sys admins ran around like headless chickens (so the cost is the salaries, etc.) then no, he did not cause this damage -- the militaries QA/QC security *caused* the problem and they should be draged before a military tribunal!
As for the judge stating that he will not be tried under anti-terorism laws, well now *he* is being nieve. The Bush administration will use him as a posterchild for international terror and probably send him to G.W.'s favorate Cuban resort. No, the judge should get that in writing before extraditing him to the US.
I am not defending the sap for poking his nose where it did not belong, but I would really like to know what he in fact did and did not do to the systems...
Is UFO technology something to laugh about?
Yes, the subject of UFOs seems funny, but when military whistleblowers claim there is some truth behind the technology...that is a different matter.
www.disclosureproject.org
If the witnesses on the Disclosure Project site (as referenced by the hacker) are really from the government, we all must reconsider our position. According to their claims, our government has free energy technology capable of powering the world without dirty fuels.
Think about the implications and the technology. I know many here are smart enough to look beyond the "little green men".
Anybody who thinks that it's OK to go poking around obviously non-public military sites
I'm afraid I don't know the specific details of the case - was he accessing web sites? Were they obviously non-public? How could he have found out that they were obviously non-public before accessing them (and thus being branded a cracker)?
if you're finding passwords and deployment details, you can be pretty sure it's not supposed to be public
If you've found passwords and deployment details then you have already accessed the server and thus liable to be prosecuted as a cracker. Please explain how one would find out _before_ potentially breaking the law that they shouldn't proceed any further.
In fact, if he wanted to do the right thing, he should have emailed a security contact for the site and notified him/her about the problem.
Emailing them saying "hey, I just accessed all your confidential data" doesn't seem like a good way of avoiding prosecution does it?
It _could_ also be argued that since these were military secrets, knowing them turns him into a target and so the best way of remaining safe is to keep very quiet and hope noone notices.
http://blog.nexusuk.org
"Lets say you connect to a web server - how are you to know if that's a public web site or a private company's intranet site that they didn't bother to password protect?"
Because the website's terms of use would say that you may use their services.
'I was looking for UFOs.'
Well quite clearly he's going for the insanity plea.
Music is everybody's possession.
It's only publishers who think that people own it.
Fuck Beta
~John Lenno
This is ridiculus!
Not as ridiculous as spelling ridiculous that way, though.
No country in the world should extract their citizens to U.S.A. because U.S. goverment says so.
Are you that uneducated, or are you just hoping that someone else will ratchet up their Amerika Is Teh Evil rating another notch based on your rant? There is no force involved in an extradition. That's the whole point of a treaty. The treaty governs the circumstances under which criminals in both countries may be extradited to the other country. It's a two-way street, and that's what the treaty covers. The whole point is that some US criminal that was (say) looting banks in the UK could just as easily be shipped to the UK for prosecution as the other way around. It's an agreement, subject to judicial review on both sides.
For as many people as spout about how hated the US is for things, I wonder how many of them have formed at least part of their opinion on completely uninformed, BS notions like this one. Incredible.
Don't disappoint your bird dog. Go to the range.
Let's face it, who just shares one sone (or one CD's worth of song's)? Most of the offenders are sharing hundreds or thousands of songs. So, if you were caught stealing 1000 or 5000 CD's is it better? What if we say that for every 15 songs downloaded from you, that is equivalent to stealing a CD.. now how many is it worth?
Did he really find something in there? Is that why the govt. is after him? ;)
It is a hazy issue when the crime commited is somewhat abstract. But this only means that prosecuters can paint any kind of picture they want. Which of course means he is screwed. However having seen his interview, he didn't talk like he had a clue. especially when descibing his methods; in fact it sounded like he was using VNC or something similar on a dial up connection (and by his own admission in 4bit colour depth). As for the whole alien thing, that sounds like a desperate attempt to publicise his plight outside the IT community to get public sympathy, which is prob a smart move. And if he was smart enough and was on their systems for that number of years, he would undoubtedly have collected and stored documents and images of interest. I'm not so sure he saw anything. As for the US government, they would have been better saying "we were hacked because of insecurities in a commercial piece of software we were using as an OS. This software is being phased out and replace with a more secure environment. Gary who??"
I think that it's reasonable to assume that if the military (who one would expect takes security very seriously, and understands the concept of an 'adversarial environment') makes something available on a public network, that it's supposed to be there.
http://outcampaign.org/
As you've said, the open door analogy isn't the best here, but it can be improved a little bit. A publicly accessible computer system on the internet is similar to a unlocked door in a business district. If it doesn't say 'Employees Only' or isn't locked (compare to requiring a password or announcing that permission to access is restricted), then you won't be charged with tresspassing for opening the door and checking out what's inside. Of course you can't take (or break) anything, but you can't do that in any 'open to the public' place either.
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
if he gets extradited to the usa i am worried he might be torchered physicaly and mentaly and whats all this 60 years in prison bullshit? He will be kevin mitnik and Mordechai Vanunu all rolled in to one.
I Predict A Riot
What constitutes "permission" to access unpassworded network services? Do you need written permission? If so I guess everyone who accesses public web servers is guilty of cracking them since they didn't get written permission from the server owners.
It may sound silly, but there really isn't a lot of difference between a public unpassworded service and a private service that's been left unpassworded on a public network. It's certainly impossible to tell if it's legitimately public before connecting to it and there's no guarantee you can tell that it's not supposed to be public once you have connected.
There is a huge difference. If you know you were not supposed to be doing it, it's trespassing. Find me a judge that believes a guy "looking for evidence of UFOs" didn't know accessing military networks was getting into places he didn't belong, and I'll show you a pig that flies.
New Hampshire has a very simple definition of trespassing: you're trespassing if you are anywhere you know you shouldn't be. If it is 10PM and a mall is closed and the cops find you wandering around inside- bam, trespassing. Wandering around your neighbors' yard when they aren't home and you don't know them well? Trespassing (as long as "PRIVATE" was posted at some legally defined interval on or near the property line, or it was otherwise obvious.)
The most creative use of this law? A NH sherriff who got tired of the INS telling him to just let illegal aliens go (he'd catch them during traffic stops) because they were too busy. So he charged them with trespassing, successfully- because they knew they didn't belong in New Hampshire. It allowed his department to recoup some of the lost man-hours handling them, and discouraged the illegals from, well, driving everywhere without a license or insurance.
The nice side effect of the definition is that if you are mentally incompetent and like to go on harmless walkabouts, you're not going to get slammed with 50 counts of trespassing (though a judge would probably make sure you had some kind of future supervision.)
Please help metamoderate.
And I think it's reasonable to assume that if someone says they were looking for top secret information about UFOs that they believe the US military is trying to keep secret from the rest of the world for nefarious purposes, that they probably don't really think the sites they're accessing are supposed to be public.
Don't blame me; I'm never given mod points.
1. Courts are not limitted to an unthinking determination of the law and are charged to maintain an awareness of the intent of the law.
:D
2. Damage extends beyond taking a baseball bat to a server. If an intrusion means you must hire an investigator, force employees to use alternate data sources, develop/disseminate new passwords, or purchase replacement equipment for use while forensics is collecting data then these things are included in damages.
3. Extradition exists as a method for sovern nations to co-operate in order to reduce the amount of criminal behavior in the world. Each treaty is different and has different guidlines as to what constitutes an offence that warrents extradition. If an offence falls under the rules for extradition then that is what your government agreed to.
4. Now that there is a high level of scruitiny in this case it is doubtfull that the defendant will be mistreated. Before the case was highlighted in the media there was probably a good chance that he would have ended up in Guantanimo.
5. There is a belief in the internet culture that information should be freely available and that, even if it isn't, no one will really care if you access something you know you shouldn't. Usually this feeling is justified, but it includes responsability on the part of the user to be aware of the ramifications of what they are doing. That certain actions raise unwanted awareness into your activities. Breaking into John Publics system and checking out his files will not normally bring you to that level of attention. Breaking into Apples system and checking out their files might bring you to that level of attention. Breaking into classified government documents will almost certainly bring you to that level of attention, as it did here.
6. The government should have had better protections on the data and hopefully that will now be remedied.
7. This guy should have recognized he'd accessed data that could endanger people and acted responsably to help limit the damage.
Just some idea's on the topic.
Boojum
If you know you were not supposed to be doing it, it's trespassing.
Please explain how you can show _beyond all reasonable doubt_ that someone who connects to a private service knew (before connecting) that it wasn't supposed to be a public service. Proving someone's intentions is always very difficult.
you're trespassing if you are anywhere you know you shouldn't be. If it is 10PM and a mall is closed and the cops find you wandering around inside- bam, trespassing.
This is a bad analogy - you can _see_ that the mall is closed. On the internet there is no ability to see the state of something until you try and use it:
- Until I connect to port 80 on a machine I don't know if it's open.
- Until I send a GET request and get a response I don't know if it's going to ask me for a password
- Assuming it doesn't need a password, until I get the whole response page from the GET request, I have no way to know that it's a private page (and even then it may not be obvious - it's all very subjective, many corporate intranets look very similar to a public website so is the "cracker" supposed to be able to tell the difference?).
As bad as analogies are, a better analogy would be a blind person who doesn't know the time wandering around the mall - as far as anyone knows they may well have thought it was mid day and the place was open.
as long as "PRIVATE" was posted at some legally defined interval on or near the property line, or it was otherwise obvious.
Again, not a good analogy, but I'll bite - isn't the PRIVATE sign similar to putting a password on your server? So by that definition, an unpassworded server is clearly a public space and you can't be trespassing, right?
http://blog.nexusuk.org
A "reasonable man" standard can be applied. What would a reasonable person think? If something is on a webserver running on port 80, unless there's a message to the contrary a reasonable person would assume that it's intended for public consumption. However a reasonable person would assume that using something to map the entire file system via an automatic administrative share is nothing intended to be public, even if they forgot to put a password on it.
Logic and common sense can (and should) apply online as well as in the real world. When something is running on a protocol designed for sharing with he world, and something that requires setup to do, it's probably intended for the world. Not often you accidentally setup an apache server with files you didn't want on it. However if it's a protocol that's designed for more internal/management use, and if it's something that comes up automatically, it's probably just someone who didn't know, and thus not something for the public.
I would liken it to homes and businesses. If something is in a business district, has a sign on the storefront, and what liiks like a shop inside, pretty safe assumption they are open to the public, even if there's no "Please Come In" sign. However if something is in a residential neighbourhood, looks like a house, probably safe to assume it's not public, even if the door is open, unless there's a sign.
So if you found a file on an unsecured part of a website, I'll side with you when they claim it was secret. Sorry, should have protected it, the web is meant for public access, if you don't want your website public, put a password on it. However if you mapped an unprotected Samaba share that's just somebody's C drive (Windows 2000 shares it adminsitratively by default, and if there's no admin password the share is open) I'm saying you should know better. Clearly the user just didn't understand what they were doing. They still should have a password, but that doesn't mean you should have gone poking around.
If you reasonably should have known that you were accessing private systems that are improperly secured, you should be legally accountable.
Lord knows I usually violate this criticism as much as the next, but really the 'ch' in tortured? Additionally, I will gripe about the 'ly' addition to physically and mentally, and the apostrophe in 'what is'.
If he gets extradited to the USA I am worried he might be tortured physically and mentally, and what's all this 60 years in prison bullshit? He will be Kevin Mitnik and Mordechai Vanunu all rolled in to one.
It is very hard to tell if he was innocently poking around, or if he just found it open and decided to wreck the sytem on purpose.
No laws can determine a person's intent accuratly. That is why good justice systems use human judgment.
It should be clear to any resonable human whether on not he was doing wrong, as long as the army will give adaquate details of his activites.
karem
When all is said and done, nothing changes...
to talk such bollocks!
They should have thanked him for bringing it to their attention that there are such things as (passwords), and vpn's, pgp,
Just because he lost the extradition case doesn't mean he's guilty. It's just to extradite him over and get a nice non-visa application stay in a hotel called prison for few months (with free food; may also include sex). Have a court trial.
*IF* he's proven guilty; then, he *is* guilty. So far, he's still not guilty of charge nor that proving that breaking the non-password system is an offence.
All I could think of is: using a resource which does not belong to him. Like using an Open AP (Access Point). It's an offence. Because of the use of bandwidth.
I think it's the same here.
I suppose you obtained permission from every contributor (read: copyright holder) on slashdot.org before you broke into port 80 and pirated all of this text and graphics to your computer, correct?
Give me a break. This guy spent at least a year (2/01 to 3/02) hacking into U.S. Government computer systems, he's 40 years old, and he's more than competent with computers. He knew exactly what he's doing, and he knows what he's doing when he obfuscates the issue by saying that he logged into systems that didn't have a password. It's ridiculous to assume from his flippant answer that all of the thousands of systems he hacked into had no passwords. Keep in mind by his own admission he was scouring file systems for evidence of UFOs. How many file systems do you know don't require any authentication whatsoever?
before you broke into port 80 and pirated all of this text and graphics to your computer
Talk about horrible, totally irrelevant, and not remotely applicable analogies. Anyone with half a brain and even moderate computer skills knows that using a web browser to access unprotected content is one thing. Telnetting into a machine, password or no, is a completely different matter.
Finally, I have no idea why it's popular to defend people with no life that are amused by causing damage to systems they don't own and know they shouldn't be accessing.
I'm a big tall mofo.
No, they have an almost unprecedented asymmetric extradition treaty.
(Wikipedia)
This is the reason for the opposition to Gary's extradition, and that of the NatWest Three, and so on. The UK basically handed a huge chunk of sovereignty right over to the Americans, basically saying "If you want a British citizen, you can have him bound hand and foot."
my password really is 'stinkypants'
First who cares about the spelling? Content is all that should be judged.
His content was far more worthy of ridicule than his spelling.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
A) Why should he be tried in a country where the crime did not take place?
England?
B) Why do you think he won't get a fair trial in the US?
OJ Simpson
C) From the article "McKinnon faces a maximum sentence of five years in federal prison and a $250,000 fine." How is that a disproportionate sentence?
Buttsecks
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
I mean, it really feels like someone's pride was wounded and now they're going to play bully. Admittedly, leaving my back door wide open isn't implicit permission to remove items from my home. Still, if someone does, do I really have any right to get angry? I brought it upon myself by leaving the door wiiiiiide open. Yeah. He shoulda known better. It's not like he tripped and his fingers just happened to type "telnet some.government.server[enter]". I'm kinda torn on this one.
... should consider itself a vassal.
From the MPC. Consult your local listings.
221.2. Criminal Trespass.
(1) Buildings and Occupied Structures. A person commits an offense if, knowing that he is not licensed or privileged to do so, he enters or surreptitiously remains in any building or occupied structure, or separately secured or occupied portion thereof. An offense under this Subsection is a misdemeanor if it is committed in a dwelling at night. Otherwise it is a petty misdemeanor.
Rape isn't really very funny.
If you happened to keep a few F15's fully fueled up and armed in your garage then happen to leave the garage door open (because the door company did not patch the last hole made in the door) don't be surprised when you come home from your shopping trip and find the kids next door sitting in the pilots seat talking to each other saying things like - WHAT DOES THIS LOLLYPOP DO?
Because it's still true, and you twats are still making juvenile rape jokes. Grow the fuck up.
Since he seems to have caused no harm and had no particular menace in mind, prosecuting him with the disproportionate power that the US has seems a bit much. Would it not be more sensible to ask his advice on how to secure the systems?
It is important to note he did not try to cover his tracks (berk!) but the real danger is the organised squads (some foreign military even) who will find the weaknesses and quietly slip away noting the vulnerable point. Then if they ever need to cause real damage they can. Much better that we concentrate on those.
So, it seems we have a problem with a good metaphor.
People have used a house with its door unlocked--not really.
A mall with an unlocked door marked "No admittance"--not quite.
A better analogy would be a hall (in a mall), with an unlocked, unmarked door.
Now, there are public places on the sites he "hacked", I'm sure. This would be equivalent to the store-containing areas of the mall. There are also places that require passwords. Now, the private places are equivalent to a hall full of locked, unmarked doors. Now say one of the doors is unlocked. Gary has been going down this hall, trying all the doors (he knows the mall is hiding all the "good stuff"--interpret at will), and finds one unlocked. He goes in, of course.
Now, the question is, when did this become illegal? In my opinion, when he went through the door. It was unmarked, so it could be assumed that it was public. But he had tried nearby identical doors, and found them locked. This adds to the assumption that he knew he was trespassing.
DISCLAIMER: I am not a lawyer.
I've not read all the replies, but I have read the top ones about breaking into things, and public access, and how to know when you've crossed the line, etc etc. I'd like to point out this one simple fact:
;p)
It doesn't matter how easy it was to get into the systems, he KNEW they were US mil/gov/etc computers he was breaking into, and he KNEW he wasn't supposed to be there.
Again, I've not read all the replies, and it's probably been said, but it's also probably worth saying again. The dude broke the law, and should be punished accordingly (I.E. Yea, he broke the law, he did no harm. Stfu and let him off
-Sirak
Maybe the server this man gained access to was set up as a sort of "sting" operation; Offer "unauthorized access" material on an open server to both misinform potential "terrorist hackers" and nail them publicly all at the same time as a sort of deterrent from future deeper hacking attempts. Sounds like the perfect defense to me.
Of course, that doesn't sound like a very interesting thing to talk about, and it requires a lot more faith in the administration of a government body than is, at current time, due.
Screw the rules, I have green hair!
I want a free Gary McKinnon T-Shirt!
"I guess I'm gonna fade into Bolivian."
no... he should just have posted the access code to the nuclear world war 3
:) absolutely the right thing to do. stupidness and inability must be punished.
actually i dont see where the hacking attempt was.... accessing any non protected site is not hacking. you all do that every day with your webbrowser... just like copying a non protected cd is not cracking...
telnet towel.blinkenlights.nl - type that... and you conncted to a non password protected site streaming star wars in ascii... you hacker!
now he has to pay for the inability of the military... great. why not prosecute the responsible for bringing secret data to the public?
id just have gone and slashdotted the links
-----
Jesus Would Slap You.
Knowing Google's lust for data collection, the Soviet Union is still alive and well inside the psyche of Sergey Brin....
Iran's about the worst example anyone could ever give in any discussion about iternational law: Iran doesn't think international law applies to them at all. Just ask Salmon Rushdie's translators. Well, the ones Iranian-inspired thugs haven't killed yet. Those that have been killed probably wouldn't agree with your statement that Iranian actions have no weight outside Iran, if you could get an answer from them.
The fatwa issued against Salman Rushdie reads:
In the name of God Almighty. There is only one God, to whom we shall all return. I would like to inform all intrepid Muslims in the world that the author of the book entitled The Satanic Verses, which has been compiled, printed, and published in opposition to Islam, the Prophet, and the Qur'an, as well as those publishers who were aware of its contents, have been sentenced to death. I call on all zealous Muslims to execute them quickly, wherever they find them, so that no one will dare insult the Islamic sanctities. Whoever is killed on this path will be regarded as a martyr, God willing. In addition, anyone who has access to the author of the book, but does not possess the power to execute him, should refer him to the people so that he may be punished for his actions. May God's blessing be on you all. Ruhollah Musavi Khomeini.
This arrogation of extraterratorial death sentences is a true example of a "rogue state", for all you reactionary "progressives" that like to bandy that statement around.
PS - Gotta love that "Religion of Peace" (tm):
"In 1991, Rushdie's Japanese translator, Hitoshi Igarashi, was stabbed and killed at the university where he taught in Tsukuba, Ibaraki, north of Tokyo, and his Italian translator was beaten and stabbed in Milan. In 1993, Rushdie's Norwegian publisher William Nygaard was shot and severely injured in an attack outside his house in Oslo. Thirty-seven people died when their hotel in Sivas, Turkey was burnt down by locals protesting against Aziz Nesin, Rushdie's Turkish translator."
You "progressives" better hope that "Bushitler" stops the wacko Islamic fundamentalists from getting nukes, else the mullahs will cow the Euroweenies into even deeper submission and your descendents (and maybe even you) will wind up living under medieval, misogynistic, and homophobic sharia.
So you make your list and someone else can compile a list of foriegners who violated sharia law or cartoonists daring to draw muhammed or Salmon Rushdie daring to write a book. Now let the injustices start in the name of jutsice, eh?
Free Gary McKinnon by tdougan
Or did you mean "free" Gary McKinnon T-shirt
A country that extradites its own citizens unilaterally should consider itself a vassal. British subjects were held in Guantanamo and were not extradited to the UK in spite of its requests. Allies indeed.
>Whether one country has to spin in circles, and the other dance up and down, the extradition treaties are reciprocal.
I support your use of magic mushrooms as part of your 'alternative lifestyle', but you're not actually supposed to smoke them.
my password really is 'stinkypants'
There must be some kind of legal principal that would cover this, no?
What if I stand in Niagara Falls, NY with a high powered rifle, and shoot someone standing in Niagara Falls, Ontario, killing that person? Who gets to prosecute me for murder -- the US or Canada?
Someone here must know the answer.
quiquid id est, timeo puellas et oscula dantes.
So there it is ... no entering the house without permission, your other arguments not withstanding.
Human being (n.): A genetically human, genetically distinct, functioning organism.
I can telnet to port 80 and type GET / and guess what, I'm browsing the web. It's the same damn thing.
You're right - both telnet and http protocols use TCP. The similarities end there and you know it. Why are you even arguing this point? I will never understand why some people think it's perfectly acceptable to do things in the online world which they fundamentally know is wrong but they rationalize with some goofy loophole
By your logic, spammers are innocent of any wrongdoing because SMTP uses TCP as well and sending millions of unsolicited commercial emails is morally equivalent to telnetting to port 25 and typing "HELO spam.com". It's not morally or legally equivalent and I fail to see why anyone would think it is. They both use the same protocol but one is a series of actions purposely designed with a harm-causing end in mind.
By your logic, DDoS the hell out of anyone you want. After all, it's the same as typing PING yourhost.com. If they didn't want quadrillions of ICMP REPLY packets from broadcast addresses throughout the Internet, they shouldn't have connected to the public Internet. Again, just ludicrous.
"causing damage"? This is the first I have heard of that. How did he cause damage?
You actually sound like you know a little bit about networking and operating systems, so let me ask you. Consider you accidentally leave a small hole in your system - it can be anything, a user without a password, a buffer overflow you didn't immediately patch, whatever. Some jackass comes along and exploits the weakness in your security. Let's assume he doesn't actually delete any data, and doesn't install a rootkit, doesn't copy your data to his workstation, doesn't install keyloggers, doesn't install sniffers, etc, etc. He just goes in to your system and pokes around for a little while. The question is... Did he cause any damage? The answer is (to any rationale person) ABSOLUTELY. Because you don't know what he did. He could've installed 15 rootkits for all you know. Which is why any rationale person would rebuild their system from scratch from known good sources after the most innocuous seeming of security violations. It's unfortunate, but that is serious damages that wouldn't have been caused if the jerk wouldn't have taken positive, purposeful steps to poke his nose in where he knew it didn't belong. Not by accidentally typing a web address into a browser (something that any reasonable person would acknowledge is not hacking) but by entering a command or series of commands designed to go where he knows he shouldn't be. He said it himself; he was trying to look for evidence of UFOs that the government was hiding. Or, stated another way, he was breaking into systems for the purpose of gathering data that someone didn't want him to have.
I say again - why are you rationalizing and justifying what this lowlife did?
I'm a big tall mofo.
I support your use of magic mushrooms as part of your 'alternative lifestyle', but you're not actually supposed to smoke them.
Oh wahhhhh. If you have a problem with treaties that your government signs, maybe you should make your opinion known at the polls. Complaining because someone exercises their granted rights is pretty inane. Similar to how your boreish, pseudo-clever replies are lame.
"Court records in Virginia said McKinnon caused $900,000 in damage to computers, including those of private companies, in 14 states."
;)
Not only has he looked around in the US military's networks, but also some networks in the private sector, so obviously he's been in the business for a while.
Innocent explorer in an unfair trial? How about not.
"In New Jersey, he is accused of hacking into a network of 300 computers at the Earle Naval Weapons Station in Colts Neck, N.J., and stealing 950 passwords."
If those systems were oh-so-insecure, why did he need to steal 950 passwords? This alone should clear the case of his innocence.
"The break-in - which occurred immediately after the Sept. 11, 2001, terrorist attacks - shut down the whole system for a week, Judge Nicholas Evans said."
Good job, McKinnon! You've proven yourself to be a dumbass by hacking into the US military's networks again... Right after September 11th! Yeah, go get yourself in trouble with a military that has $440 billion allotted to it after an event creating so much drama in that military's nation. Again, good job.
"McKinnon said, outside the hearing at London's Bow Street Magistrates Court. 'I was looking for UFOs.'"
Sure you were. Anyone who believes your response for more than a moment should be punched in the face. When you get to the US, I'd watch just to see you saying that under oath.
DISCLAIMER: I may or may not be right, but according to my own thoughts I am.
Nice try, guys, but the real crime is stupidity. All of these theoretical arguments about "the locks weren't up so he didn't break in" make no sense. He tried accounts and passwords on systems owned by the US military. This is, by definition, stupid. If it was an open gate at a US military base would it be stupid to walk through if the gate was unlocked? If you think the answer is no, just try it some time. After the fact saying "I'm dumb" is not going to get you off the hook.
Also, the claim was made that he brought down a network by deleting files. Is this true? I don't know, but this is a very specific charge, and if so it may be provable in court. Somehow the "looking for UFOs" defense seems feeble. I know nothing about this guy, but it seems much more likely that he was out to break into some systems and he got in very deep, and then did even more stupid stuff.
Will he be treated fairly? No. If convicted, will he be punished out of proportion to his crime? Most likely. Are companies like Sony held to a much less strict standard? Yes. He screwed with the wrong people and he is going to be hammered. Like is said, this what you get if you are stupid. Consider him an honorary winner of the Darwin award.
What constitutes "permission" to access unpassworded network services? Do you need written permission? If so I guess everyone who accesses public web servers is guilty of cracking them since they didn't get written permission from the server owners.
If the owner of the web server posts material an a web site that is intended for public viewing, they are giving implicit permission. It doesn't take a lot of intelligence to figure out when that's the case. Is accessing Wikipedia cracking? No, the owners of Wikipedia have implicitly granted you permission to access the material.
Lets say you connect to a web server - how are you to know if that's a public web site or a private company's intranet site that they didn't bother to password protect?
If you're looking at a web site and there is material that looks like it's coming from an intranet server, you're probably looking at a web site that some idiot didn't password protect. Take the hint, click the back button, and don't bother remembering what was there. There's no implicit permission, and it was obviously none of your business anyway. Law or not, that's both common sense and respectful of other people's privacy.
"it's not about aptitude, it's the way you're viewed" - Galinda
Hardly a precedent. The Extraditee was accused of murdering another US citizen. If it were a local that was murdered, I doubt any cooperation from the righteous US of A would be forth coming.
Area51 - We are watching...
What's with the fixation on web servers? Web servers are simple -- if you get to them, it's fair game. Password, stay away. It's perhaps a little blurry if you come to a web server that says "You should not be here, do not click any links" but anyway.
This case DOESN'T involve web servers. It's not like he typed in http://computer1.topsecret.ufos.army.mil/ or whatever, he was using other software.
Yes it's true that it's laughable how bad security was, that doesn't change the right / wrong nature of this case.
I just can't get beyond this--if you're at store, in a mall, etc, and a door that SHOULD be locked isn't, do you have a right to go in? If there's a front desk somewhere where somebody SHOULD be sitting behind it, do you have the right to go behind the desk and look through files? I don't see how an electronic medium is different.
Here's moren formant.html /
http://www.november.org/stayinfo/breaking06/DrugI
http://www.preventgenocide.org/punish/extradition
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
you doubt because you're a fucking idiot. go kill yourself you cunt.
If he gets extradited to the US and imprisoned, it just means he's going to get laughed at and ridiculed by all of the _actual_ hackers imprisoned there!
Usually they just kidnap them don't they? ;)