Slashdot Mirror
UK Hacker loses Extradition Case
SnakeOil Steve writes to tell us that Gary McKinnon, the alleged hacker who broke into Army, Air Force, Navy, and NASA systems, has just lost his extradition case. From the article: "'My intention was never to disrupt security. The fact that I logged on and there were no passwords means that there was no security,' McKinnon said, outside the hearing at London's Bow Street Magistrates Court. 'I was looking for UFOs.'"
You want to guess how well that flies? I agree it is stupid that there were no passwords on the system, but just like a yard without a fence, the fact the fence is there does not imply permission to run around there and dig up the flowers.
And it's the military. You really think you can poke around in the military's systems without them coming after you?
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
The judgement opens up the option for his extradition.
The decision is now with our Home Secretary.
Open Source Drum Kit, LPLC deve board - mjhdesigns.com
Well, that is a good point. What if I reply by saying, I went in your house BECAUSE the door was opened and wanted to make sure you were okay? Now as a defense I suppose I would be leaving a note saying, "hey wanted to make sure you were not hurt and you left your door open."
I dunno. What exactly did he break into? Did he take anything with him? Is there a loss - monetary, security - directly attributed to this action?
Seems kind of far-fetched to me.
The Kai's Semi-Updated Website Thingy
I'm sure as soon as he attempted the connection or got logged on that there was a welcome message that said "unauthorized activity prohibited" or something to that effect. How he didn't see this coming I will probably never understand.
From the article "McKinnon faces a maximum sentence of five years in federal prison and a $250,000 fine." That has gotta hurt. The article also claims that his activities shut down the systems for a week. If that is true he might deserve this punishment, but I find it somewhat hard to believe that the military's computers were actually down for that long. Couldn't they just have done a clean boot?
Philosophy.
"My intention was never to disrupt security. The fact that I logged on and there were no passwords means that there was no security" "My intention was never to pound him in the ass. The fact that he shared my cell and he was not resisting my attacks means that he wanted to get pounded in the ass" said Gary McKinnon's cell/life mate, Tiny
that the Home Secretary does not let this one go forward... as someone mentioned previously in a discussion a few days ago; we all break laws in countries which we're not in, that's ok, we shouldn't be able to be prosectued for it (I know he also broke UK law - but he should only be prosecuted under that). How would Bush feel if someone tried to prosectue an American for saying that Iran's leadership was being foolish and that they are wrong - that's illegal in Iran - where's the extradition to Iran - you can't have it both ways
*''I can't believe it's not a hyperlink.''
What does this mean for people in *this* country that do such things? Let's assume they're treated the same with a adjudication system...what kind of trial could they expect from a jury 'of their peers'? I think this precident would serve as a big deterent showing the long arm of US justice.
fak3r.com
No country in the world should extract their citizens to U.S.A. because U.S. goverment says so. If goverments are "forced" to extract their citizens to U.S., then U.S. should extract their citizens to abroad, if citizens are accused of violating the law of other country.
"I was looking for UFOs."
Judging by the look on his facecould he be one of them?
Of course he lost the Extradition case, we can't even transport to Mars let alone Alpha Centauri.
This whole mess could have been avoided if he had only tuned in regularly to the History Channel.
He who knows best knows how little he knows. - Thomas Jefferson
Given the US track record on treatment of detainees, torture, imprisonment without trial and so on I am very suprised and disappointed that any government would willingly allow their citizens to be taken into custody in the US. Here in the UK we have an issue with "illegal imigrants" who remain in this country because on arrival they plead persecution and their lawyers find it easy to block their deportation back to a repressive regime. By the same standards the USA is clearly a repressive regime.
.mil sites looking for UFO information and is now being persecuted by overzealous 'security' gimps keen to make an example of someone (presumably because they never catch any real intruders who are far too smart)" all the way to "He's a publicity seeking prick who set this whole thing up to get busted as some kind of bid for fame"
Also, I've heard this story from all sorts of sides and opinions ranging from "He's a harmless wannabe cracker who just walked into unsecured
Whatever the outcome I'd like to see the same standards applied to SONY as to this kid. If he goes down then I want to see SONY programmers arrested and deported to the UK to face multiple criminal charges because installing rootkits is an offence under the Computer Misuse Act in this country.
With all these double standards I can't see people retaining any repect for justice or the law. Once governments undermine the law with such blatent corruption of principles it's a one way ticket down to social disintegration.
Do that "remove the mouth" trick on this hacker. PLEASE.
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
if there is a field in the middle of no where, with no locked gate, or no signs saying "dont go here" is it wrong to walk there?
Wow, that's gotta suck, hope he finds it soon! Anyone know what he had in that case?
fak3r.com
They will proceed with the highest punishment possible just to scare us all in advance.
Wait and see.
Despite being batshit insane, he might have a point with this:
"The fact that I logged on and there were no passwords means that there was no security"
There needs to probably be some middle ground legally regarding what is and is not secure. It makes no sense that, say, accessing a windows share drive (or AFS cell if you like real network filesystems) out there on the internet with no passwords, no encryption, no attempt at all at security should be legally considered breaking and entering or whatever non-applicable metaphor the courts have wedged into computer case law. Nor should accessing an unprotected wireless connection be considered this, since many OSes will do that without asking.
One the flip side, we cannot go so far as to say that just because someone can break security, it was not really there... "You honor, if he didn't want me using his wireless connection, he shouldn't have only used WEP and MAC restrictions. I mean seriously, it was trivial to get his WEP key and change my MAC address to one of the allowed ones".
As much as I hate to say this, there needs to be SOME standard of security to apply to something before breaking it can be considered a crime. We run into this with the DMCA where ROT13 is a perfectly legit encryption algorithm in the eyes of the law. Maybe NIST approved cyphers or something like that should be the standard. It is just silly to leave something wide open then act all surprised and litigious when someone checks it out.
And before anyone makes a brain dead "leaving my house open does not give you the right to come in and snoop around" analogy, let's be clear that by virtue of having something published on the internet, you are inviting people to take a look. There is no accurate and meaningful real world analogy for computer network security so keep your unlocked cars, unattended briefcases, and snail mail stories to yourself. There are many services you can log into without a password (think anon FTP, demo systems, or even some telnet/ssh BBSes), so if you don't want people thinking they can log in and look around, try setting a password. Sheesh
Finkployd
I've said this on digg and i'll say it here again, he didn't hack anything. In his interviews it was said that the systems were already compromised and were being used by people from eastern european countries. I commend him for seeking the truth but not for going about it idiotically. In any case he doesn't deserve anything more than a few months in jail (if that even, better in a halfway house if there are such things in the UK), probation, and community service.
This has gotten way out of proportion. He didn't even do anything to damage US operations nor was this even his intent, he's not a terrorist and had no malicious intent. I would rather make sure those idiotic sysadmins never worked in IT for the rest of their lives since they left administrator passwords open! Freakin morons.
sure there's a loss! Well, now there will be anyway - they actually have to secure their stuff.
* There was no security.
d octrine
* I was looking for UFOs.
Could this fall under the "attractive nuisance doctrine"?
http://en.wikipedia.org/wiki/Attractive_nuisance_
(IANAL)
It may sound silly, but there really isn't a lot of difference between a public unpassworded service and a private service that's been left unpassworded on a public network. It's certainly impossible to tell if it's legitimately public before connecting to it and there's no guarantee you can tell that it's not supposed to be public once you have connected.
You can't poke a sleeping lion in the ass with a sharp stick, then complain when it attacks you.
Anybody who thinks that it's OK to go poking around obviously non-public military sites (if you're finding passwords and deployment details, you can be pretty sure it's not supposed to be public) can't be too surprised about being prosecuted.
In fact, if he wanted to do the right thing, he should have emailed a security contact for the site and notified him/her about the problem.
They Greys wanted to extradite him to Zeta Reticuli.
...But considering our (The USA's) government is trying to allow torture for "illegal combatants", who's to say he won't be considered one and shipped off to a torture camp? Here in the USA, he'd probably be tried for some asinine terrorism chagre and sentenced to life in a torture camp or to death.
Could he potentially argue that he hadn't had a fair trial because his 'peers' do not understand what he was doing?
If that were true, we'd never be able to get convictions of people who orchestrated highly complex derivitives fraud or other securities shenanigans. Or convict a murderer who, though having chain-sawed a bus full of nuns in the US, is left-handed with one eye, and speaks only an obscure dialect of Swahili (or is in illiterate Romanian farmer's daughter who won a trip to New York and decided to burn down a nightclub that wouldn't serve her Balenka, etc).
"Of your peers" doesn't mean "exactly like you, with all of your experiences, biases, broken world views," but means "not all the same people from law enforcement who were also investigating and arrested you" and like that. And, of course, we're talking about things that happen to peopel here in the states, or under the coverage of a treaty that makes that equivalency. Hence this is not the same as handling someone who, egged on by his local A-Q franchise office, traveled from Jordan into Afghanistan to shoot up people driving US Army food trucks.
do the juries really understand what happened
That's what expert witnesses are for. Otherwise we'd also never see people convicted (or acquitted) when DNA evidence is the central issue in a trial. How many average jurors really understand DNA markers? Or, for that matter, can personally relate to having deliberately run down their ex-husband in a parking lot to kill him? It's a good thing that most of the people convicted of crimes don't have a lot of true "peers" in the sense that some might think to use that word.
BTW, the word is "precedent," (not "precident") from the word "precede," as in "having gone before."
Don't disappoint your bird dog. Go to the range.
Is UFO technology something to laugh about?
Yes, the subject of UFOs seems funny, but when military whistleblowers claim there is some truth behind the technology...that is a different matter.
www.disclosureproject.org
If the witnesses on the Disclosure Project site (as referenced by the hacker) are really from the government, we all must reconsider our position. According to their claims, our government has free energy technology capable of powering the world without dirty fuels.
Think about the implications and the technology. I know many here are smart enough to look beyond the "little green men".
Anybody who thinks that it's OK to go poking around obviously non-public military sites
I'm afraid I don't know the specific details of the case - was he accessing web sites? Were they obviously non-public? How could he have found out that they were obviously non-public before accessing them (and thus being branded a cracker)?
if you're finding passwords and deployment details, you can be pretty sure it's not supposed to be public
If you've found passwords and deployment details then you have already accessed the server and thus liable to be prosecuted as a cracker. Please explain how one would find out _before_ potentially breaking the law that they shouldn't proceed any further.
In fact, if he wanted to do the right thing, he should have emailed a security contact for the site and notified him/her about the problem.
Emailing them saying "hey, I just accessed all your confidential data" doesn't seem like a good way of avoiding prosecution does it?
It _could_ also be argued that since these were military secrets, knowing them turns him into a target and so the best way of remaining safe is to keep very quiet and hope noone notices.
http://blog.nexusuk.org
'I was looking for UFOs.'
Well quite clearly he's going for the insanity plea.
Music is everybody's possession.
It's only publishers who think that people own it.
Fuck Beta
~John Lenno
This is ridiculus!
Not as ridiculous as spelling ridiculous that way, though.
No country in the world should extract their citizens to U.S.A. because U.S. goverment says so.
Are you that uneducated, or are you just hoping that someone else will ratchet up their Amerika Is Teh Evil rating another notch based on your rant? There is no force involved in an extradition. That's the whole point of a treaty. The treaty governs the circumstances under which criminals in both countries may be extradited to the other country. It's a two-way street, and that's what the treaty covers. The whole point is that some US criminal that was (say) looting banks in the UK could just as easily be shipped to the UK for prosecution as the other way around. It's an agreement, subject to judicial review on both sides.
For as many people as spout about how hated the US is for things, I wonder how many of them have formed at least part of their opinion on completely uninformed, BS notions like this one. Incredible.
Don't disappoint your bird dog. Go to the range.
Let's face it, who just shares one sone (or one CD's worth of song's)? Most of the offenders are sharing hundreds or thousands of songs. So, if you were caught stealing 1000 or 5000 CD's is it better? What if we say that for every 15 songs downloaded from you, that is equivalent to stealing a CD.. now how many is it worth?
Did he really find something in there? Is that why the govt. is after him? ;)
It is a hazy issue when the crime commited is somewhat abstract. But this only means that prosecuters can paint any kind of picture they want. Which of course means he is screwed. However having seen his interview, he didn't talk like he had a clue. especially when descibing his methods; in fact it sounded like he was using VNC or something similar on a dial up connection (and by his own admission in 4bit colour depth). As for the whole alien thing, that sounds like a desperate attempt to publicise his plight outside the IT community to get public sympathy, which is prob a smart move. And if he was smart enough and was on their systems for that number of years, he would undoubtedly have collected and stored documents and images of interest. I'm not so sure he saw anything. As for the US government, they would have been better saying "we were hacked because of insecurities in a commercial piece of software we were using as an OS. This software is being phased out and replace with a more secure environment. Gary who??"
I think that it's reasonable to assume that if the military (who one would expect takes security very seriously, and understands the concept of an 'adversarial environment') makes something available on a public network, that it's supposed to be there.
http://outcampaign.org/
As you've said, the open door analogy isn't the best here, but it can be improved a little bit. A publicly accessible computer system on the internet is similar to a unlocked door in a business district. If it doesn't say 'Employees Only' or isn't locked (compare to requiring a password or announcing that permission to access is restricted), then you won't be charged with tresspassing for opening the door and checking out what's inside. Of course you can't take (or break) anything, but you can't do that in any 'open to the public' place either.
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
if he gets extradited to the usa i am worried he might be torchered physicaly and mentaly and whats all this 60 years in prison bullshit? He will be kevin mitnik and Mordechai Vanunu all rolled in to one.
I Predict A Riot
What constitutes "permission" to access unpassworded network services? Do you need written permission? If so I guess everyone who accesses public web servers is guilty of cracking them since they didn't get written permission from the server owners.
It may sound silly, but there really isn't a lot of difference between a public unpassworded service and a private service that's been left unpassworded on a public network. It's certainly impossible to tell if it's legitimately public before connecting to it and there's no guarantee you can tell that it's not supposed to be public once you have connected.
There is a huge difference. If you know you were not supposed to be doing it, it's trespassing. Find me a judge that believes a guy "looking for evidence of UFOs" didn't know accessing military networks was getting into places he didn't belong, and I'll show you a pig that flies.
New Hampshire has a very simple definition of trespassing: you're trespassing if you are anywhere you know you shouldn't be. If it is 10PM and a mall is closed and the cops find you wandering around inside- bam, trespassing. Wandering around your neighbors' yard when they aren't home and you don't know them well? Trespassing (as long as "PRIVATE" was posted at some legally defined interval on or near the property line, or it was otherwise obvious.)
The most creative use of this law? A NH sherriff who got tired of the INS telling him to just let illegal aliens go (he'd catch them during traffic stops) because they were too busy. So he charged them with trespassing, successfully- because they knew they didn't belong in New Hampshire. It allowed his department to recoup some of the lost man-hours handling them, and discouraged the illegals from, well, driving everywhere without a license or insurance.
The nice side effect of the definition is that if you are mentally incompetent and like to go on harmless walkabouts, you're not going to get slammed with 50 counts of trespassing (though a judge would probably make sure you had some kind of future supervision.)
Please help metamoderate.
"Lets say you connect to a web server - how are you to know if that's a public web site or a private company's intranet site that they didn't bother to password protect?"
Because the website's terms of use would say that you may use their service
Do you think any site where they didn't bother to password protect, that wasn't intended to be public, would have their terms of service listed anywhere? This is an issue not really related to this case as this person was activly looking to access propriority information (regarding UFOs), but average joe using goggle who's looking for "macrame coat hangers" happens upon a page of a private company who's business is "macrame coat hangers". Or even worse, let's say this site wasn't in a language the person could understand, but had some spiffy paterns, and no obvious or working way to contact the staff and ask what is ok and what isn't ok.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
And I think it's reasonable to assume that if someone says they were looking for top secret information about UFOs that they believe the US military is trying to keep secret from the rest of the world for nefarious purposes, that they probably don't really think the sites they're accessing are supposed to be public.
Don't blame me; I'm never given mod points.
You're not allowed in another person's home without explicit permission, in Vermont. You walk into my house without permission, you are guilty of trespass (and a much harsher fine / jail time).
Is there a loss - monetary, security - directly attributed to this action?
Yes. If you are a US taxpayer, you foot the bill for a very expensive investigation. This was treated as a hostile attack, even if in the end it proves not to be.
I suppose the "I was just looking for aliens" defense will be used by everyone found breaking into government computers now. Obviously you're innocent if you say you're just looking for aliens...
If you know you were not supposed to be doing it, it's trespassing.
Please explain how you can show _beyond all reasonable doubt_ that someone who connects to a private service knew (before connecting) that it wasn't supposed to be a public service. Proving someone's intentions is always very difficult.
you're trespassing if you are anywhere you know you shouldn't be. If it is 10PM and a mall is closed and the cops find you wandering around inside- bam, trespassing.
This is a bad analogy - you can _see_ that the mall is closed. On the internet there is no ability to see the state of something until you try and use it:
- Until I connect to port 80 on a machine I don't know if it's open.
- Until I send a GET request and get a response I don't know if it's going to ask me for a password
- Assuming it doesn't need a password, until I get the whole response page from the GET request, I have no way to know that it's a private page (and even then it may not be obvious - it's all very subjective, many corporate intranets look very similar to a public website so is the "cracker" supposed to be able to tell the difference?).
As bad as analogies are, a better analogy would be a blind person who doesn't know the time wandering around the mall - as far as anyone knows they may well have thought it was mid day and the place was open.
as long as "PRIVATE" was posted at some legally defined interval on or near the property line, or it was otherwise obvious.
Again, not a good analogy, but I'll bite - isn't the PRIVATE sign similar to putting a password on your server? So by that definition, an unpassworded server is clearly a public space and you can't be trespassing, right?
http://blog.nexusuk.org
A "reasonable man" standard can be applied. What would a reasonable person think? If something is on a webserver running on port 80, unless there's a message to the contrary a reasonable person would assume that it's intended for public consumption. However a reasonable person would assume that using something to map the entire file system via an automatic administrative share is nothing intended to be public, even if they forgot to put a password on it.
Logic and common sense can (and should) apply online as well as in the real world. When something is running on a protocol designed for sharing with he world, and something that requires setup to do, it's probably intended for the world. Not often you accidentally setup an apache server with files you didn't want on it. However if it's a protocol that's designed for more internal/management use, and if it's something that comes up automatically, it's probably just someone who didn't know, and thus not something for the public.
I would liken it to homes and businesses. If something is in a business district, has a sign on the storefront, and what liiks like a shop inside, pretty safe assumption they are open to the public, even if there's no "Please Come In" sign. However if something is in a residential neighbourhood, looks like a house, probably safe to assume it's not public, even if the door is open, unless there's a sign.
So if you found a file on an unsecured part of a website, I'll side with you when they claim it was secret. Sorry, should have protected it, the web is meant for public access, if you don't want your website public, put a password on it. However if you mapped an unprotected Samaba share that's just somebody's C drive (Windows 2000 shares it adminsitratively by default, and if there's no admin password the share is open) I'm saying you should know better. Clearly the user just didn't understand what they were doing. They still should have a password, but that doesn't mean you should have gone poking around.
If you reasonably should have known that you were accessing private systems that are improperly secured, you should be legally accountable.
This does feel other-worldly to me. You would think that the US would be too embarassed to admit that 'the British loon looking for UFOs' was able to break into a 'valuable' system that lacked passwords. The real prosecution should be of the people in charge of security here in the US. After all, there are people that are actually trying to do harm to the US, its military and its information systems. If the loon looking for aliens can break in, why do we think that a real enemy of the state could not. This has the air of a Monty Python sketch - something where a Scotish seperatist in a kilt keeps showing up in a top secret facility as the security officer assures the Prime Minister that he needn't worry about Nazi spies. The crime isn't that a loon is looking for aliens, it is that supposidly serious people cannot even keep the loon out.
Think global, act loco
Lord knows I usually violate this criticism as much as the next, but really the 'ch' in tortured? Additionally, I will gripe about the 'ly' addition to physically and mentally, and the apostrophe in 'what is'.
If he gets extradited to the USA I am worried he might be tortured physically and mentally, and what's all this 60 years in prison bullshit? He will be Kevin Mitnik and Mordechai Vanunu all rolled in to one.
karem
When all is said and done, nothing changes...
Just because he lost the extradition case doesn't mean he's guilty. It's just to extradite him over and get a nice non-visa application stay in a hotel called prison for few months (with free food; may also include sex). Have a court trial.
*IF* he's proven guilty; then, he *is* guilty. So far, he's still not guilty of charge nor that proving that breaking the non-password system is an offence.
All I could think of is: using a resource which does not belong to him. Like using an Open AP (Access Point). It's an offence. Because of the use of bandwidth.
I think it's the same here.
I suppose you obtained permission from every contributor (read: copyright holder) on slashdot.org before you broke into port 80 and pirated all of this text and graphics to your computer, correct?
Give me a break. This guy spent at least a year (2/01 to 3/02) hacking into U.S. Government computer systems, he's 40 years old, and he's more than competent with computers. He knew exactly what he's doing, and he knows what he's doing when he obfuscates the issue by saying that he logged into systems that didn't have a password. It's ridiculous to assume from his flippant answer that all of the thousands of systems he hacked into had no passwords. Keep in mind by his own admission he was scouring file systems for evidence of UFOs. How many file systems do you know don't require any authentication whatsoever?
before you broke into port 80 and pirated all of this text and graphics to your computer
Talk about horrible, totally irrelevant, and not remotely applicable analogies. Anyone with half a brain and even moderate computer skills knows that using a web browser to access unprotected content is one thing. Telnetting into a machine, password or no, is a completely different matter.
Finally, I have no idea why it's popular to defend people with no life that are amused by causing damage to systems they don't own and know they shouldn't be accessing.
I'm a big tall mofo.
No, they have an almost unprecedented asymmetric extradition treaty.
(Wikipedia)
This is the reason for the opposition to Gary's extradition, and that of the NatWest Three, and so on. The UK basically handed a huge chunk of sovereignty right over to the Americans, basically saying "If you want a British citizen, you can have him bound hand and foot."
my password really is 'stinkypants'
First who cares about the spelling? Content is all that should be judged.
His content was far more worthy of ridicule than his spelling.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
A) Why should he be tried in a country where the crime did not take place?
England?
B) Why do you think he won't get a fair trial in the US?
OJ Simpson
C) From the article "McKinnon faces a maximum sentence of five years in federal prison and a $250,000 fine." How is that a disproportionate sentence?
Buttsecks
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
I mean, it really feels like someone's pride was wounded and now they're going to play bully. Admittedly, leaving my back door wide open isn't implicit permission to remove items from my home. Still, if someone does, do I really have any right to get angry? I brought it upon myself by leaving the door wiiiiiide open. Yeah. He shoulda known better. It's not like he tripped and his fingers just happened to type "telnet some.government.server[enter]". I'm kinda torn on this one.
... should consider itself a vassal.
From the MPC. Consult your local listings.
221.2. Criminal Trespass.
(1) Buildings and Occupied Structures. A person commits an offense if, knowing that he is not licensed or privileged to do so, he enters or surreptitiously remains in any building or occupied structure, or separately secured or occupied portion thereof. An offense under this Subsection is a misdemeanor if it is committed in a dwelling at night. Otherwise it is a petty misdemeanor.
Except this guy wasn't a kid. He was a man in his mid thirties.
Insert witty sig here.
A web site doesn't need a "terms of service" to use them. Use is expected via the very nature of the Internet. Now if the site had a "this is secret/restricted", they might have a case, but even then I'd doubt it if there were no passwords ever asked.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
So, it seems we have a problem with a good metaphor.
People have used a house with its door unlocked--not really.
A mall with an unlocked door marked "No admittance"--not quite.
A better analogy would be a hall (in a mall), with an unlocked, unmarked door.
Now, there are public places on the sites he "hacked", I'm sure. This would be equivalent to the store-containing areas of the mall. There are also places that require passwords. Now, the private places are equivalent to a hall full of locked, unmarked doors. Now say one of the doors is unlocked. Gary has been going down this hall, trying all the doors (he knows the mall is hiding all the "good stuff"--interpret at will), and finds one unlocked. He goes in, of course.
Now, the question is, when did this become illegal? In my opinion, when he went through the door. It was unmarked, so it could be assumed that it was public. But he had tried nearby identical doors, and found them locked. This adds to the assumption that he knew he was trespassing.
DISCLAIMER: I am not a lawyer.
Maybe the server this man gained access to was set up as a sort of "sting" operation; Offer "unauthorized access" material on an open server to both misinform potential "terrorist hackers" and nail them publicly all at the same time as a sort of deterrent from future deeper hacking attempts. Sounds like the perfect defense to me.
Of course, that doesn't sound like a very interesting thing to talk about, and it requires a lot more faith in the administration of a government body than is, at current time, due.
Screw the rules, I have green hair!
I want a free Gary McKinnon T-Shirt!
"I guess I'm gonna fade into Bolivian."
-----
Jesus Would Slap You.
Knowing Google's lust for data collection, the Soviet Union is still alive and well inside the psyche of Sergey Brin....
So you make your list and someone else can compile a list of foriegners who violated sharia law or cartoonists daring to draw muhammed or Salmon Rushdie daring to write a book. Now let the injustices start in the name of jutsice, eh?
Free Gary McKinnon by tdougan
Or did you mean "free" Gary McKinnon T-shirt
>Whether one country has to spin in circles, and the other dance up and down, the extradition treaties are reciprocal.
I support your use of magic mushrooms as part of your 'alternative lifestyle', but you're not actually supposed to smoke them.
my password really is 'stinkypants'
There must be some kind of legal principal that would cover this, no?
What if I stand in Niagara Falls, NY with a high powered rifle, and shoot someone standing in Niagara Falls, Ontario, killing that person? Who gets to prosecute me for murder -- the US or Canada?
Someone here must know the answer.
quiquid id est, timeo puellas et oscula dantes.
So there it is ... no entering the house without permission, your other arguments not withstanding.
Human being (n.): A genetically human, genetically distinct, functioning organism.
I can telnet to port 80 and type GET / and guess what, I'm browsing the web. It's the same damn thing.
You're right - both telnet and http protocols use TCP. The similarities end there and you know it. Why are you even arguing this point? I will never understand why some people think it's perfectly acceptable to do things in the online world which they fundamentally know is wrong but they rationalize with some goofy loophole
By your logic, spammers are innocent of any wrongdoing because SMTP uses TCP as well and sending millions of unsolicited commercial emails is morally equivalent to telnetting to port 25 and typing "HELO spam.com". It's not morally or legally equivalent and I fail to see why anyone would think it is. They both use the same protocol but one is a series of actions purposely designed with a harm-causing end in mind.
By your logic, DDoS the hell out of anyone you want. After all, it's the same as typing PING yourhost.com. If they didn't want quadrillions of ICMP REPLY packets from broadcast addresses throughout the Internet, they shouldn't have connected to the public Internet. Again, just ludicrous.
"causing damage"? This is the first I have heard of that. How did he cause damage?
You actually sound like you know a little bit about networking and operating systems, so let me ask you. Consider you accidentally leave a small hole in your system - it can be anything, a user without a password, a buffer overflow you didn't immediately patch, whatever. Some jackass comes along and exploits the weakness in your security. Let's assume he doesn't actually delete any data, and doesn't install a rootkit, doesn't copy your data to his workstation, doesn't install keyloggers, doesn't install sniffers, etc, etc. He just goes in to your system and pokes around for a little while. The question is... Did he cause any damage? The answer is (to any rationale person) ABSOLUTELY. Because you don't know what he did. He could've installed 15 rootkits for all you know. Which is why any rationale person would rebuild their system from scratch from known good sources after the most innocuous seeming of security violations. It's unfortunate, but that is serious damages that wouldn't have been caused if the jerk wouldn't have taken positive, purposeful steps to poke his nose in where he knew it didn't belong. Not by accidentally typing a web address into a browser (something that any reasonable person would acknowledge is not hacking) but by entering a command or series of commands designed to go where he knows he shouldn't be. He said it himself; he was trying to look for evidence of UFOs that the government was hiding. Or, stated another way, he was breaking into systems for the purpose of gathering data that someone didn't want him to have.
I say again - why are you rationalizing and justifying what this lowlife did?
I'm a big tall mofo.
I support your use of magic mushrooms as part of your 'alternative lifestyle', but you're not actually supposed to smoke them.
Oh wahhhhh. If you have a problem with treaties that your government signs, maybe you should make your opinion known at the polls. Complaining because someone exercises their granted rights is pretty inane. Similar to how your boreish, pseudo-clever replies are lame.
What constitutes "permission" to access unpassworded network services? Do you need written permission? If so I guess everyone who accesses public web servers is guilty of cracking them since they didn't get written permission from the server owners.
If the owner of the web server posts material an a web site that is intended for public viewing, they are giving implicit permission. It doesn't take a lot of intelligence to figure out when that's the case. Is accessing Wikipedia cracking? No, the owners of Wikipedia have implicitly granted you permission to access the material.
Lets say you connect to a web server - how are you to know if that's a public web site or a private company's intranet site that they didn't bother to password protect?
If you're looking at a web site and there is material that looks like it's coming from an intranet server, you're probably looking at a web site that some idiot didn't password protect. Take the hint, click the back button, and don't bother remembering what was there. There's no implicit permission, and it was obviously none of your business anyway. Law or not, that's both common sense and respectful of other people's privacy.
"it's not about aptitude, it's the way you're viewed" - Galinda
Hardly a precedent. The Extraditee was accused of murdering another US citizen. If it were a local that was murdered, I doubt any cooperation from the righteous US of A would be forth coming.
Area51 - We are watching...
What's with the fixation on web servers? Web servers are simple -- if you get to them, it's fair game. Password, stay away. It's perhaps a little blurry if you come to a web server that says "You should not be here, do not click any links" but anyway.
This case DOESN'T involve web servers. It's not like he typed in http://computer1.topsecret.ufos.army.mil/ or whatever, he was using other software.
Yes it's true that it's laughable how bad security was, that doesn't change the right / wrong nature of this case.
I just can't get beyond this--if you're at store, in a mall, etc, and a door that SHOULD be locked isn't, do you have a right to go in? If there's a front desk somewhere where somebody SHOULD be sitting behind it, do you have the right to go behind the desk and look through files? I don't see how an electronic medium is different.
There is a much finer point here that seems to be overlooked; what was stolen? As I see it the only information gathered was taken through the eyes into his brain. There seems to be no mention of his taking the information that was entered into his brain and using that information for gain. He is not accused of selling the information, he is simply accused of taking the information into his brain. How do you steal an image that is stored in your brain? Are we to argue that every time we look over the fence of a military installation and see... anything, that we are thus to be accused of stealing the information we have,as a natural process, stored in our brain memory bank? As I understand it, stealing is taking. Stealing is not seeing. Seeing is not stealing. He should submit to the extradition and allow himself to be properly represented by a competant counsel and in the process make new law that will forever clarify the use of the human memory.
Here's moren formant.html /
http://www.november.org/stayinfo/breaking06/DrugI
http://www.preventgenocide.org/punish/extradition
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
So, was there a crime committed? I think in the case of the bloke from UK it will (or *should*) hinge on whether he had reasonable cause to believe he was not allowed in, e.g., a MOTD describing appropriate use of the systems he logged into.
If he gets extradited to the US and imprisoned, it just means he's going to get laughed at and ridiculed by all of the _actual_ hackers imprisoned there!