Slashdot Mirror
UK Hacker loses Extradition Case
SnakeOil Steve writes to tell us that Gary McKinnon, the alleged hacker who broke into Army, Air Force, Navy, and NASA systems, has just lost his extradition case. From the article: "'My intention was never to disrupt security. The fact that I logged on and there were no passwords means that there was no security,' McKinnon said, outside the hearing at London's Bow Street Magistrates Court. 'I was looking for UFOs.'"
You want to guess how well that flies? I agree it is stupid that there were no passwords on the system, but just like a yard without a fence, the fact the fence is there does not imply permission to run around there and dig up the flowers.
And it's the military. You really think you can poke around in the military's systems without them coming after you?
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
The judgement opens up the option for his extradition.
The decision is now with our Home Secretary.
Open Source Drum Kit, LPLC deve board - mjhdesigns.com
Well, that is a good point. What if I reply by saying, I went in your house BECAUSE the door was opened and wanted to make sure you were okay? Now as a defense I suppose I would be leaving a note saying, "hey wanted to make sure you were not hurt and you left your door open."
I dunno. What exactly did he break into? Did he take anything with him? Is there a loss - monetary, security - directly attributed to this action?
Seems kind of far-fetched to me.
The Kai's Semi-Updated Website Thingy
I'm sure as soon as he attempted the connection or got logged on that there was a welcome message that said "unauthorized activity prohibited" or something to that effect. How he didn't see this coming I will probably never understand.
"My intention was never to disrupt security. The fact that I logged on and there were no passwords means that there was no security" "My intention was never to pound him in the ass. The fact that he shared my cell and he was not resisting my attacks means that he wanted to get pounded in the ass" said Gary McKinnon's cell/life mate, Tiny
that the Home Secretary does not let this one go forward... as someone mentioned previously in a discussion a few days ago; we all break laws in countries which we're not in, that's ok, we shouldn't be able to be prosectued for it (I know he also broke UK law - but he should only be prosecuted under that). How would Bush feel if someone tried to prosectue an American for saying that Iran's leadership was being foolish and that they are wrong - that's illegal in Iran - where's the extradition to Iran - you can't have it both ways
*''I can't believe it's not a hyperlink.''
No country in the world should extract their citizens to U.S.A. because U.S. goverment says so. If goverments are "forced" to extract their citizens to U.S., then U.S. should extract their citizens to abroad, if citizens are accused of violating the law of other country.
"I was looking for UFOs."
Judging by the look on his facecould he be one of them?
Of course he lost the Extradition case, we can't even transport to Mars let alone Alpha Centauri.
This whole mess could have been avoided if he had only tuned in regularly to the History Channel.
He who knows best knows how little he knows. - Thomas Jefferson
Given the US track record on treatment of detainees, torture, imprisonment without trial and so on I am very suprised and disappointed that any government would willingly allow their citizens to be taken into custody in the US. Here in the UK we have an issue with "illegal imigrants" who remain in this country because on arrival they plead persecution and their lawyers find it easy to block their deportation back to a repressive regime. By the same standards the USA is clearly a repressive regime.
.mil sites looking for UFO information and is now being persecuted by overzealous 'security' gimps keen to make an example of someone (presumably because they never catch any real intruders who are far too smart)" all the way to "He's a publicity seeking prick who set this whole thing up to get busted as some kind of bid for fame"
Also, I've heard this story from all sorts of sides and opinions ranging from "He's a harmless wannabe cracker who just walked into unsecured
Whatever the outcome I'd like to see the same standards applied to SONY as to this kid. If he goes down then I want to see SONY programmers arrested and deported to the UK to face multiple criminal charges because installing rootkits is an offence under the Computer Misuse Act in this country.
With all these double standards I can't see people retaining any repect for justice or the law. Once governments undermine the law with such blatent corruption of principles it's a one way ticket down to social disintegration.
if there is a field in the middle of no where, with no locked gate, or no signs saying "dont go here" is it wrong to walk there?
Wow, that's gotta suck, hope he finds it soon! Anyone know what he had in that case?
fak3r.com
They will proceed with the highest punishment possible just to scare us all in advance.
Wait and see.
Despite being batshit insane, he might have a point with this:
"The fact that I logged on and there were no passwords means that there was no security"
There needs to probably be some middle ground legally regarding what is and is not secure. It makes no sense that, say, accessing a windows share drive (or AFS cell if you like real network filesystems) out there on the internet with no passwords, no encryption, no attempt at all at security should be legally considered breaking and entering or whatever non-applicable metaphor the courts have wedged into computer case law. Nor should accessing an unprotected wireless connection be considered this, since many OSes will do that without asking.
One the flip side, we cannot go so far as to say that just because someone can break security, it was not really there... "You honor, if he didn't want me using his wireless connection, he shouldn't have only used WEP and MAC restrictions. I mean seriously, it was trivial to get his WEP key and change my MAC address to one of the allowed ones".
As much as I hate to say this, there needs to be SOME standard of security to apply to something before breaking it can be considered a crime. We run into this with the DMCA where ROT13 is a perfectly legit encryption algorithm in the eyes of the law. Maybe NIST approved cyphers or something like that should be the standard. It is just silly to leave something wide open then act all surprised and litigious when someone checks it out.
And before anyone makes a brain dead "leaving my house open does not give you the right to come in and snoop around" analogy, let's be clear that by virtue of having something published on the internet, you are inviting people to take a look. There is no accurate and meaningful real world analogy for computer network security so keep your unlocked cars, unattended briefcases, and snail mail stories to yourself. There are many services you can log into without a password (think anon FTP, demo systems, or even some telnet/ssh BBSes), so if you don't want people thinking they can log in and look around, try setting a password. Sheesh
Finkployd
I've said this on digg and i'll say it here again, he didn't hack anything. In his interviews it was said that the systems were already compromised and were being used by people from eastern european countries. I commend him for seeking the truth but not for going about it idiotically. In any case he doesn't deserve anything more than a few months in jail (if that even, better in a halfway house if there are such things in the UK), probation, and community service.
This has gotten way out of proportion. He didn't even do anything to damage US operations nor was this even his intent, he's not a terrorist and had no malicious intent. I would rather make sure those idiotic sysadmins never worked in IT for the rest of their lives since they left administrator passwords open! Freakin morons.
The system was comprimised. You don't just reboot them- you need to reimage the system to make sure nothing was left behind by the intruder. For a military system, they probably did a forensic search to see what he had access to and what information may have been comprimised. That takes time.
I still have more fans than freaks. WTF is wrong with you people?
* There was no security.
d octrine
* I was looking for UFOs.
Could this fall under the "attractive nuisance doctrine"?
http://en.wikipedia.org/wiki/Attractive_nuisance_
(IANAL)
...But considering our (The USA's) government is trying to allow torture for "illegal combatants", who's to say he won't be considered one and shipped off to a torture camp? Here in the USA, he'd probably be tried for some asinine terrorism chagre and sentenced to life in a torture camp or to death.
Is UFO technology something to laugh about?
Yes, the subject of UFOs seems funny, but when military whistleblowers claim there is some truth behind the technology...that is a different matter.
www.disclosureproject.org
If the witnesses on the Disclosure Project site (as referenced by the hacker) are really from the government, we all must reconsider our position. According to their claims, our government has free energy technology capable of powering the world without dirty fuels.
Think about the implications and the technology. I know many here are smart enough to look beyond the "little green men".
Anybody who thinks that it's OK to go poking around obviously non-public military sites
I'm afraid I don't know the specific details of the case - was he accessing web sites? Were they obviously non-public? How could he have found out that they were obviously non-public before accessing them (and thus being branded a cracker)?
if you're finding passwords and deployment details, you can be pretty sure it's not supposed to be public
If you've found passwords and deployment details then you have already accessed the server and thus liable to be prosecuted as a cracker. Please explain how one would find out _before_ potentially breaking the law that they shouldn't proceed any further.
In fact, if he wanted to do the right thing, he should have emailed a security contact for the site and notified him/her about the problem.
Emailing them saying "hey, I just accessed all your confidential data" doesn't seem like a good way of avoiding prosecution does it?
It _could_ also be argued that since these were military secrets, knowing them turns him into a target and so the best way of remaining safe is to keep very quiet and hope noone notices.
http://blog.nexusuk.org
It is a hazy issue when the crime commited is somewhat abstract. But this only means that prosecuters can paint any kind of picture they want. Which of course means he is screwed. However having seen his interview, he didn't talk like he had a clue. especially when descibing his methods; in fact it sounded like he was using VNC or something similar on a dial up connection (and by his own admission in 4bit colour depth). As for the whole alien thing, that sounds like a desperate attempt to publicise his plight outside the IT community to get public sympathy, which is prob a smart move. And if he was smart enough and was on their systems for that number of years, he would undoubtedly have collected and stored documents and images of interest. I'm not so sure he saw anything. As for the US government, they would have been better saying "we were hacked because of insecurities in a commercial piece of software we were using as an OS. This software is being phased out and replace with a more secure environment. Gary who??"
As you've said, the open door analogy isn't the best here, but it can be improved a little bit. A publicly accessible computer system on the internet is similar to a unlocked door in a business district. If it doesn't say 'Employees Only' or isn't locked (compare to requiring a password or announcing that permission to access is restricted), then you won't be charged with tresspassing for opening the door and checking out what's inside. Of course you can't take (or break) anything, but you can't do that in any 'open to the public' place either.
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
This does feel other-worldly to me. You would think that the US would be too embarassed to admit that 'the British loon looking for UFOs' was able to break into a 'valuable' system that lacked passwords. The real prosecution should be of the people in charge of security here in the US. After all, there are people that are actually trying to do harm to the US, its military and its information systems. If the loon looking for aliens can break in, why do we think that a real enemy of the state could not. This has the air of a Monty Python sketch - something where a Scotish seperatist in a kilt keeps showing up in a top secret facility as the security officer assures the Prime Minister that he needn't worry about Nazi spies. The crime isn't that a loon is looking for aliens, it is that supposidly serious people cannot even keep the loon out.
Think global, act loco
I suppose you obtained permission from every contributor (read: copyright holder) on slashdot.org before you broke into port 80 and pirated all of this text and graphics to your computer, correct?
Give me a break. This guy spent at least a year (2/01 to 3/02) hacking into U.S. Government computer systems, he's 40 years old, and he's more than competent with computers. He knew exactly what he's doing, and he knows what he's doing when he obfuscates the issue by saying that he logged into systems that didn't have a password. It's ridiculous to assume from his flippant answer that all of the thousands of systems he hacked into had no passwords. Keep in mind by his own admission he was scouring file systems for evidence of UFOs. How many file systems do you know don't require any authentication whatsoever?
before you broke into port 80 and pirated all of this text and graphics to your computer
Talk about horrible, totally irrelevant, and not remotely applicable analogies. Anyone with half a brain and even moderate computer skills knows that using a web browser to access unprotected content is one thing. Telnetting into a machine, password or no, is a completely different matter.
Finally, I have no idea why it's popular to defend people with no life that are amused by causing damage to systems they don't own and know they shouldn't be accessing.
I'm a big tall mofo.
No, they have an almost unprecedented asymmetric extradition treaty.
(Wikipedia)
This is the reason for the opposition to Gary's extradition, and that of the NatWest Three, and so on. The UK basically handed a huge chunk of sovereignty right over to the Americans, basically saying "If you want a British citizen, you can have him bound hand and foot."
my password really is 'stinkypants'
... should consider itself a vassal.
So, it seems we have a problem with a good metaphor.
People have used a house with its door unlocked--not really.
A mall with an unlocked door marked "No admittance"--not quite.
A better analogy would be a hall (in a mall), with an unlocked, unmarked door.
Now, there are public places on the sites he "hacked", I'm sure. This would be equivalent to the store-containing areas of the mall. There are also places that require passwords. Now, the private places are equivalent to a hall full of locked, unmarked doors. Now say one of the doors is unlocked. Gary has been going down this hall, trying all the doors (he knows the mall is hiding all the "good stuff"--interpret at will), and finds one unlocked. He goes in, of course.
Now, the question is, when did this become illegal? In my opinion, when he went through the door. It was unmarked, so it could be assumed that it was public. But he had tried nearby identical doors, and found them locked. This adds to the assumption that he knew he was trespassing.
DISCLAIMER: I am not a lawyer.
I want a free Gary McKinnon T-Shirt!
"I guess I'm gonna fade into Bolivian."
Free Gary McKinnon by tdougan
Or did you mean "free" Gary McKinnon T-shirt