UK Hacker Loses Extradition Appeal

the4thdimension writes "A UK man, accused of breaking into US Pentagon and NASA computers in March 2001, lost an extradition appeal that would have freed him, or at least had him tried in the UK. While the US accuses him of causing over $900,000 in computer damage, his attorney asserts that, if extradited to the US, he faces harsh penalties that are "intolerable" and '...the British government declined to prosecute him to enable the U.S. government to make an example of him.' He intends to appeal to the European courts."

I remember this guy

[betterunixthanunix]

Didn't he just use Microsoft's Remote Desktop to "hack into" those systems?

Re:I remember this guy

[z0idberg]

IIRC the $900,000 wasnt due to actual damage he caused, it was the cost of "securing" these systems after they realised anyone with half a clue and an internet connection could compromise their machines. How they figure that is his fault rather than actually part of the cost of their network I'm not sure.

Re:I remember this guy

[G0rAk]

Didn't he just use Microsoft's Remote Desktop to "hack into" those systems?

Yes. He in fact exploited weak passwords - most commonly "administrator" and a blank password or a password of "password".

More curiously he ran a netstat on the boxes he compromised and viewed connections from other crackers whose IPs addresses put them all over the middle east and China.

This according to the BBC interview we previously discussed.

Re:I remember this guy

[blindd0t]

$900,000 makes it sound like he may have downloaded a song or two off one or more of the servers he 'hacked'. I'm being facetious, of course. ^_^

Ah the Uk

The UK, acting like the US' fucking lapdog, again. If I were PM I'd be telling the US government where they can shove their 'special relationship' and their entirely one-sided extradition treaty. Then I'd tell them to put ACTA in the same place.

So, whaddya reckon chaps? Think Anonymous Coward could succeed Gordon Brown?

Re:Ah the Uk

[$RANDOMLUSER]

Some of us here in the States are pretty fed up with the US throwing its weight around on the world stage, also.

Re:Ah the Uk

[GauteL]

"huh? how is honoring extradition treaties acting as a 'lap dog'?"

I wish people would sometimes read other comments before replying.

The reason for Britain being named a 'lap dog' is that the extradition treaty is one-sided. The US does not have to show probable cause to get Britain to extradite people to the US, but Britain has to for it to happen the other way around.

Re:Ah the Uk

[Khisanth+Magus]

Not really. Regular US citizens don't really have any power anymore. We get to choose which person we want to screw us over, that is about it. Its pretty much a given fact that everyone running for office is going to be a corrupt politician who has no intention of listening to us.

Re:Ah the Uk

[G0rAk]

We discuss this point every time Gary McKinnon's case comes up, but lets go over the problems with the UK-US fast track extradition agreement one more time:

The agreement is supposed to be reciprocal however the US have not implemented their end of it. We can not fast track the extradition of US citizens but any UK citizen can be fast tracked. All of this was introduced to "fight terrorism" but has largely been used for cases like this and the NatWest Three.

Secondly our law forbids the extradition of persons to countries where they may face inhuman or unreasonable punishment. As such all states which implement the death penalty fall under this heading. The US should fall under this heading.

There are many other reasons why the UK can rightly be labelled a lap dog unrelated to these issues, our Special Relationship with the US is largely asking how high when told to jump.

Re:Ah the Uk

[spottedkangaroo]

Not without a billion dollars. Dollars are the only votes left that mean anything here. To that end, I send spare dollars to the EFF since they're actually getting things done; things that complaining and protesting do not get done.

Re:Ah the Uk

[FireStormZ]

I assume youre talking about this?

"Article 8

        Extradition Procedures and Required Documents. Article 8 establishes the procedures and describes the documents that are required to support a request for extradition. All requests for extradition shall be submitted through the diplomatic channel. Among other requirements, Article 8(3) provides that a request for the extradition of a person sought for prosecution must be supported by: (a) a copy of the warrant or order of arrest issued by a judge or other competent authority; (b) a copy of the charging document, if any; and (c) for requests to the United States, such information as would provide a reasonable basis to believe that the person sought committed the offense for which extradition is sought. The Treaty will not change the evidentiary burden required for extradition requests to the United States. ***However, under the new Treaty, the evidentiary requirements for extradition from the United Kingdom are lowered from a "prima facie" standard to what in practice will constitute a U.S. probable cause standard."***

The standards are the same, the UK bar was lowered to meet the US standard..

one-way treaty

[cliffski]

For me the big story is the one-sided nature of this treaty. We regularly extradite suspects to the USA, yet the USA refuses to do the same for people living in the USA wanted for crimes in the UK.
That's just insane, and our government are spineless scum for agreeing to it.

Re:one-way treaty

[Frosty+Piss]

That's because the UK is our bitch. Come on now, you know it's true.

Re:one-way treaty

[the+eric+conspiracy]

"an agency"???

Give me a break. I thought the brits had a reasonable understanding of how the courts in the US work. This moron committed a quite serious crime; it is not at all unreasonable that he should suffer significant consequences.

Here is a bit of writeup on the topic in the Washington Post:

McKinnon's lawyers alleged that an American official had told him he would be forced to serve a lengthy sentence in the United States if he fought against his extradition, something they say amounted to an unlawful threat.

The five Law Lords were unanimous in deciding McKinnon had failed to prove his case.

So the brits had their chance to decide if these claims of unfair treatment were credible or not and decided NOT. So WTF is all the whining about? At the absolute highest level this was decided internally in England - the signing of the original treaty PLUS an appeals process. I don't see how this could have been more fair.

Re:one-way treaty

[pzs]

Luckily, the policy positions of the UK government do not entirely represent the UK, otherwise I'd completely agree with you.

Outside of the spineless lap-dogs in the government, we still have art, music, comedy and other culture that is very much independent of the United States (although, of course, influenced by US culture) and still worth something.

I may not be very proud of my government but I am (occasionally) proud of the citizens of the UK.

Re:one-way treaty

[SimonGhent]

However, if plays nice and owns up to all the stuff he says he didn't do but they claim he did

Not quite true.

From http://www.guardian.co.uk/theguardian/2005/jul/09/weekend7.weekend2:

Gary was kept in a police station overnight. Then the Americans offered him a deal, via his British solicitor. "They said, 'If you incur the cost of the whole extradition process, be a good boy, come over here, we'll give you three or four years, rather than the whole sentence.' I said, 'OK, give me that in writing.' They said, 'Oh no, we can't do that.' So they were offering a secret trial, no right of appeal on the outcome, no comment to the newspapers, and nothing in writing. My solicitor, doing her job, advised me to take it, and when I said no, she was very, 'Ooh, they're going to come down heavy.'"

Also, from http://www.guardian.co.uk/world/2008/jul/27/internationalcrime.hacking...

In a further twist, it has emerged that a crucial file containing details of the early meetings with the US prosecutors, at which the offers were apparently made, has gone missing from the office of McKinnon's solicitor. A laptop holding details of the same meetings was stolen from the car of one of his barristers.

Re:one-way treaty

[Richard+W.M.+Jones]

Just when has the US refused to extradite a suspect to the UK say in the last ten years?

Very recently actually. When British journalist Terry Lloyd was shot by US forces in Iraq, the US refused to cooperate or extradite any troops to face trial here. The case had to dropped entirely (just this week).

Rich.

There's still the EU

[serviscope_minor]

Hopefully the EU court will have something else to say about this. But anyway, thanks, Blair + new labour for completely fucking up a country.

Duh

[Wiarumas]

From TFA: "Prosecutors allege that McKinnon hacked into than 90 computer systems belonging to the U.S. Army, Navy, Air Force, Department of Defense and NASA between February 2001 and March 2002, causing $900,000 worth of damage.

McKinnon has acknowledged accessing the computers, but he disputes the reported damage and said he did it because he wanted to find evidence that America was concealing the existence of aliens."

Duh. The only reason this topic may recieve negative attention is because its the United States. Truth be told, that if this was ANY country, the same thing would have happened. What did he expect? We are talking about highly classified stuff. He may have not caused as much as the claimed damage, but he DID access them. In some countries, he would be executed...

Re:Duh

[$RANDOMLUSER]

I think the sysadmins who set up a "secure military system" that could be breached by an amateur on the internet should be executed.

Re:Duh

[GauteL]

"Duh. The only reason this topic may recieve negative attention is because its the United States"

No, the reason is that the UK extradites its own citizens to a foreign country for crimes commited in the UK, when it can't be completely sure of its citizen being given a fair trial.

As it stands he is a foreigner in the US in a harsh political climate which makes it quite likely he could get convicted a terrorist even if he is just a "good old" computer criminal. At the very least he will feel forced to plea bargain for a very bad deal.

The extradition treaty is also completely one-sided, in that the US does not need to extradite its own citizens to the UK. The deal is shameful.

Re:Duh

[Tim+C]

I were stood on the Mexico side of the border and you on the US side and I shot you, I would have committed my crime in Mexico, no? Same thing, greater distance involved.

Re:Duh

[GauteL]

"Bullpuckey. The crimes were committed in the US, against US property."

Bollocks. He was sitting in Britain using his computer. Because of this Britain should have balls enough to tell the US to sod it and try him in his home country instead of shipping him overseas to a country where he has very limited rights as a non-citizen.

Re:Not a death penalty case

[betterunixthanunix]

"The guy's lawyers are acting like we're going to flog him and throw him in a dungeon or something."

He gained unauthorized access to defense department computers in the months following the September 11 attacks, and he is not a US citizen. Where did we toss other people who pissed off the DoD? He has a semi-legitimate reason to be afraid.

Re:Not a death penalty case

[darien]

The linked story doesn't mention it, but he says he was told by US government officials that if he didn't plead guilty and agree to be extradited, he could be facing sixty years in prison.

Re:Not a death penalty case

[sunking2]

Guess he should have thought about that a little earlier. People are responsible for their own actions. What did he think would happen? Nobody's fault but his own that he didn't think things through well enough.

Interview

[SimonGhent]

There's a rather good interview with Gary McKinnon on the Guardian's web site from earlier this month.

Provides quite an insight into what he did, why he says he did it and his mental state.

Wonder if he was a /. poster. Wouldn't surprise me.

Re:Not a death penalty case

compared to the sentences handed down by British courts, you are.

Nobody gets 97 years in the UK. Beside the obvious point that a person would die in jail before reaching 97 years, the number of people in the UK on a prison sentence designed to ensure that they spent the rest of their natural life in jail is (iirc) about 35. You have to have done something unbelievably sick to warrant such a sentence (see here). Where there's talk of treating him as a terrorist if he doesn't plead guilty (wtf?) and giving him a sentence stratospherically higher than he'd ever be likely to get in a British court sounds 'intolerable' to me.

Crappy retarded cliché

[Nicolas+MONNET]

"And, really, if he couldn't do the time, he should not have done the crime."

I see your retarded old cliché and raise you a human right: punishment should be proportional to the crime. Did he kill anyone? Did he maim anyone? Did he steal anything? No, no and no, so why should he be punished more than someone who did?

Anyway, this nonsensical BS should be rejected by the European Court of Justice. Unlike the US Supreme court, it's not stacked with crypto-fascists like Antonin Scalia.

Re:Crappy retarded cliché

[phillous]

This story has been in the British press for a few days, and I find the whole thing disgusting. As mentioned elsewhere, the $900k was the cost of securing these systems after this guys just walked in with default windows passwords... The stupid thing is that the whole case is based around this guys being a fucking terrorist... OH NOES SOMEONE DID SOMETHING TO WRONG AMERICA... They are a terrorist and should be locked away forever... if he wasn't from the UK they'd probably decide to bomb his fucking hometown as well.

Re:Crappy retarded cliché

[jcnnghm]

I'm tired of reading this rant. I once bid several cents per e-mail to send out thousands of e-mails a month for a government organization. Ridiculous, right? Anybody can run sendmail in a colo for $100 a month. What the actual term of the agreement doesn't say, is that the e-mails were to be sent from an application we were to develop with features unique to the organization, and the e-mail addresses were to be collected using a marketing website and software package that we were to construct, maintain, and promote. We also had to provide two dedicated T1s, four dedicated servers, a load balancer, as well as design and produce all the print marketing materials to promote the new service. All of these things were included in the contract, but we were only paid per e-mail sent. Things aren't always as they appear at first glance.

In the case of the bolt, it's not an ordinary bolt. Normal bolts are never individually tested, a single bolt from the lot is taken and destructively tested. In the case of the expensive DD bolts, they are generally one of a kind, limited production, bolts designed for one purpose. In addition, they are generally non-destructively tested, which means that they are each individually subjected to the forces that they are rated for, and then examined. This is expensive.

As far as "cost plus" goes, how else do you suggest doing it? Whenever I bid a contract I estimate cost, then add profit and that is the price. In the case of the e-mail contract I described above, I calculated the cost then decided on a fair profit. After that, I made best case, worst case, and average case estimates for e-mail volume. I ended up basing the per e-mail bid on the worst case number of messages sent. In other words, the bid price was ((cost + [slightly less than fair] profit) / worst case estimate). As it turned out, we never got close to the worst case, we were always between average and best case, so the profit was good. Had it been a "cost plus" contract, it probably would have been less expensive for the government overall, however, the risk would have been theirs, not mine (if our software was ineffective or underused, we could have potentially lost money).

Cost plus is most often used when something has to be built that is either difficult or impossible to estimate. If I were to ask you to build something that nobody has ever built before, and intended to have you sign a contract saying that you would construct it for that price, you'd probably greatly overestimate the actual cost, because you would have to make sure you don't end up too far in the red. The costs are evaluated and approved by an oversight group (like government engineers), so they can make sure project costs are really necessary. In addition, the records are audited and unnecessary cost is often disallowed. Cost plus isn't perfect, but it's less expensive in the long run then having the contractors make guesstimates then inflate them to deal with the risk and uncertainty.

In the long run, the single most disingenuous thing I've seen in government contract is the blatant racism and sexism. Females and minorities are given preferential treatment because of their race or gender. Depending on the contract, their price proposals are also evaluated differently as well, often getting a 5% discount. In other words, a $100k bid placed by a MBE will be read as $95k when compared to other bids. The process is not only unfair and discriminatory, but can result in less qualified firms winning contracts on the basis of quotas. I was told by a colleague once that a bid of theirs was rejected, although they were both the low and most responsible bidder, because the contracting agency wanted to meet their quota.

Who am I to tell you though, you've got it all figured out. Why don't you put your money where your mouth is, start a company, and win some contracts. All you've got to do is demonstrate that you can do the work, and bid low.

He did not cause $900k of damages

[Nicolas+MONNET]

$900k was IMO the cost of securing systems that were not secure in the first place.

You won't find a society anywhere on earth which doesn't have such laws.

Well my country doesn't extradite its own citizens.