Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Wants UK Hacker To Pay To Fix Holes He Exposed

Posted by kdawson on from the on-second-thought-make-it-a-kryptonite dept.

bossanovalithium writes "Gary McKinnon, whose tribulations we have followed for several years now, is the UK hacker trying to escape extradition to the US. It appears he is expected to foot the bill for the US Government patching holes his breaching uncovered — to the tune of $700,000. It's not really the norm for someone to pay for exploits to be patched — damages fixed, yes, but this is a very different thing." The article paraphrases Eugene Spafford as saying that the victim of a cybercrime should not take the blame. "If someone broke a door to rob a store, he said, it was usual to charge them the cost of the door." Isn't the McKinnon case more like charging him to buy the lock that had been missing when he walked in?

67 of 403 comments (clear)

  1. If he's a hacker... by supersloshy · · Score: 5, Interesting

    ...couldn't he fix them himself? With supervision, I mean.

    --
    "Our country is not nearly so overrun with the bigoted as it is overrun with the broadminded." -Archbishop Fulton Sheen
    1. Re:If he's a hacker... by Anonymous Coward · · Score: 3, Funny

      dd if=/dev/zero of=/dev/hda

      Fixed! At least the holes aren't there anymore.

    2. Re:If he's a hacker... by Jurily · · Score: 5, Insightful

      couldn't he fix them himself? With supervision, I mean.

      If I tell everyone that some houses have a big fucking gap where a door should be, am I responsible for not installing one?

    3. Re:If he's a hacker... by ObsessiveMathsFreak · · Score: 4, Insightful

      You are if you made the owner look like a FOOL!! You're gonna fry.

      --
      May the Maths Be with you!
    4. Re:If he's a hacker... by netruner · · Score: 5, Insightful

      Sure, if a sufficiently arrogant and ignorant attorney brings a case against you.....

      Don't underestimate the arrogance of an attorney, or the ability of people to be swayed by theatrics over substance.

      It's not about what's fair, it's about what one can get away with.

      --



      DISCLAIMER: This post was not checked for speling and grammar- if you complain- you're a whiner
    5. Re:If he's a hacker... by mcgrew · · Score: 3, Insightful

      "If someone broke a door to rob a store, he said, it was usual to charge them the cost of the door." Isn't the McKinnon case more like charging him to buy the lock that had been missing when he walked in?

      More like being forced to buy a lock when he pointed out that there wasn't one to begin with. Whoever left the holes in the software should have to pay that 700k. If the Ubanti Motor Company* sells a car with defective brakes and the brakes fail and cause an accident, the Ubanti Motor Company will pay the damages, not some mechanic that demonstrated the brakes' fault in a different Ubanti Motors vehicle.

      *Fake name to keep fanboys from mismodding

      --
      Free Martian Whores!
    6. Re:If he's a hacker... by b4upoo · · Score: 2, Interesting

      Seems to me that we ought to thank him for exposing the vulnerability and pay him for his discovery as well as any useful work he does to further increase security.

    7. Re:If he's a hacker... by Antique+Geekmeister · · Score: 2, Informative

      He didn't "tell everyone that some houses have a big fucking gap". He was caught rooting around their files, looking for UFO secrets. That's trespass and theft and, due to the federal computers involved, espionage. And he wasn't graceful about it, he caused system disruption doing it and exposed the vulnerabilities to others. So yes, he has considerable responsibility for creating an even bigger risk for those computer owners.

      This also provides plenty of fascinating legal grounds for extradition.

    8. Re:If he's a hacker... by Jurily · · Score: 3, Interesting

      It doesn't matter how he got that information: that's breaking other laws, and there are other punishments for it. Also, he didn't create those bugs, he merely used what was already there.

      To complete my analogy: I may be a robber, but I'm not the one whose job it was to build a complete wall in that house.

    9. Re:If he's a hacker... by tagno25 · · Score: 2, Informative

      I don't speak linux, maybe someone can explain to us what this means... after reading a couple of threads with just dd >null:yes rm dr >ewf1

      somebody please translate linux jokes for us.

      We windows users cant really do this. Right click my computer>manage>right click hard drive, select FORMAT!

      haha

      this is a Unix joke (also in BSD, Linux, Solaris, Mac, and Windows [with additional software])

      dd if=/dev/zero of=/dev/hda

      dd - convert and copy a file
      if=FILE (read from FILE)
      of=FILE (write to FILE)
      /dev/zero (a virtual device that is just 0s)
      /dev/hda or /dev/sda (the first disk drive)

      So you are writing zeros to the first disk drive and wiping out the contents. And in turn removing ALL security holes

    10. Re:If he's a hacker... by TheCarp · · Score: 3, Insightful

      Or more to the point....

      Its like he noticed your house had ACME InsecureLocks and exploited the ACME InsecureLock to get in. Then told someone "hey, you know his house uses ACME InsecureLocks?"

      Your house is no more or less secure than when he started. The only difference is, now people know that you bought locks that were not worth shit. How should that make him liable to buy you "TopBrand SecureLocks"? He didn't buy and install the ACME InsecureLocks, he just pointed out what everyone else could have found out if they just walked up to your front door and looked.

      -Steve

      --
      "I opened my eyes, and everything went dark again"
    11. Re:If he's a hacker... by infinitelink · · Score: 2, Insightful

      I don't know where your 'here' is, but of course they don't have it in the U.K.: this is why the U.S. must seek extradition; in the event criminals wanted by the U.K. are in the U.S., the U.K. can (and does) seek extradition too: we're countries on friendly terms that are already very cooperative, but even if we weren't, this could still be sought: near-enemies even request extradition from one another, so long as they have some form of diplomatic relations (and even that's not really requisite). Now, perhaps I'm ignorant of some things that I should otherwise know about, but nothing about this seems unusual to this writer. Nothing to see here: no imperialistic stench or jurisdictional trespassing (in this case).

      --
      Intelligent idiots are we. | Evil men do not understand justice.
    12. Re:If he's a hacker... by Firethorn · · Score: 2, Interesting

      They're not arguing he's not responsable for the crimes he committed. They're arguing that what the US wants him to pay is the equivalent of a burglar robbing a house by walking through the back door that has no lock, then expecting the burglar to PAY for installing a lock.

      Of course, at the expense it's probably also like all he stole was a postage stamp, and not a rare one either.

      --
      I don't read AC A human right
    13. Re:If he's a hacker... by pfleming · · Score: 2, Interesting

      I dont really agree that he should have to pay to fix the holes, but if he took data, which is essentialy property he should be held accountable.

      No. Data is not property. It's data. It's not even copyrightable.

      Again we need to stop blaming the victim. Just because I leave my car unlocked does not give you the right to steal it or the property inside it. Its still theft. Just like a store. They dont lock up all their merchandise, so that means you should be able to just take it without paying for it? No of course not, its still stealing.

      In this case, it's like someone walking down the street with a large hole mesh bag and getting mad cause your crap fell out on the sidewalk and someone else picked it up... then telling the person who picked up your crap to buy you a new bag. Cause you were too lazy or stupid to use a solid bag - or at least one with small enough holes to keep your crap in it.

    14. Re:If he's a hacker... by nomadic · · Score: 2, Insightful

      If I tell everyone that some houses have a big fucking gap where a door should be, am I responsible for not installing one?

      Better analogy would be, that if you trespassed into someone's house, then got caught, should you be responsible for the amount they paid to have someone come in and check the place out and make sure you didn't damage anything? And the answer is...well, maybe.

    15. Re:If he's a hacker... by Tacticus.v1 · · Score: 4, Informative

      Except the US Congress have not Ratified the Extradition treaty with the UK
      The UK can not request extradition of people from the USA

      http://en.wikipedia.org/wiki/Extradition_Act_2003#US_ratification.2C_2006

    16. Re:If he's a hacker... by Culture20 · · Score: 3, Funny

      If the Ubanti Motor Company* sells a car with defective brakes
      *Fake name to keep fanboys from mismodding

      That's dangerously close to Ubuntu, friend. Maybe you should leave.

  2. Well, I've learned MY lesson! by NoYob · · Score: 5, Insightful

    If I find a hole in my Government's IT security, I'll keep my mouth shut and let the government hear about it from the Chinese or the Iranians or the S. Koreans or ...anyone but me because they'll send me to jail and make me pay.

    --
    It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
    1. Re:Well, I've learned MY lesson! by gx5000 · · Score: 2, Interesting

      It's not my fault! It's yours ! No responsibility, no accountability... Whoever designed this should be sued and bring in the hacker as a witness... If I build something and you can get around it, I WILL be paying you to show me how you did it and PLEAD with you to help me out.... Trying to cover my ass for my stupidity, well, that requires an act of ignorance.

      --
      End of Line.
    2. Re:Well, I've learned MY lesson! by Dog-Cow · · Score: 5, Funny

      Gary did scan another country (other than his own).

    3. Re:Well, I've learned MY lesson! by the_womble · · Score: 2, Insightful

      He made the mistake of scanning a country of which his own is apparently (to judge by the terms of the extradition treaty) a dependency.

    4. Re:Well, I've learned MY lesson! by Anonymous Coward · · Score: 2, Funny

      If I find a hole in my Government's IT security, I'll keep my mouth shut and let the government hear about it from the Chinese or the Iranians or the S. Koreans or ...anyone but me because they'll send me to jail and make me pay.

      He wasn't reporting holes he was poking around NASA files trying to find proof about UFOs and Aliens. He's become a poster child to the UFO loonies. He claims to have seen proof on NASA computers but of coarse wasn't able to save any of it. I tried to point out to some of them that if he was a hacker didn't he know about the "PrtScn". key? Look at it this way if you sneak into a government facility into areas with information marked "Secret" haven't you broken some laws? This was a foreign national doing it. Since England won't extradite him they are basically going after him anyway they can. The excuse may be silly but there is a reason behind it.

    5. Re:Well, I've learned MY lesson! by bill_kress · · Score: 3, Interesting

      Very good point except you were probably thinking of N. Korea.

      I get really annoyed that people try to discourage hackers from their own country that might be somewhat loyal. I'd recommend encouraging and paying them.

      The analogy in the summary is flawed... It's more like suppose there are hundreds of people trying to break into your house every minute--Knocking at the door, twisting the knob, slamming against the door trying to gauge it's strength, ...

      Now one kids comes up and notices that you have an open basement window. None of the other attackers have noticed it yet.

      The kid climbs in, doesn't touch anything, looks through your old family pictures maybe, climbs back out--

      At this point he has a choice to make. Does he let you know that you screwed up, does he walk away, or does he try to sell the info to one of the guys hanging around on your front porch?

      What could you do to encourage this kid to make the correct decision?

      Out of all the people in the world, you are unlikely to stop them all by punishing them. You're only likely to influence the decisions of the few that are likely to want to help (and make them less likely). That's the only effect this crap has.

    6. Re:Well, I've learned MY lesson! by jellybear · · Score: 2, Funny

      2 countries 1 cup.

    7. Re:Well, I've learned MY lesson! by hesaigo999ca · · Score: 2, Insightful

      Unfortunately this is exactly why trying to do something ice for someone is ridiculous, and that the last die hard movie, based on true story within the government about how lax the system is, and that when this was brought to the attention of certain individuals, they were sentenced for breach when they showed they broke easily into one organization's file system...I tend to agree that it seems the government is not making any friends, and setting precedent that even people within the US who would want to see their private info kept private, could be held accountable for such treason because they got the gut feeling they should let the US government in on their mistakes.

    8. Re:Well, I've learned MY lesson! by Ghubi · · Score: 2, Insightful

      Gary McKinnon didn't report anything to anyone. He got caught logged in to computers he wasn't authorized to access.

  3. Potholes by Whorhay · · Score: 4, Insightful

    I wouldn't report any kind of crime or safety hazard if this becomes a regular tactic.

    1. Re:Potholes by kylemonger · · Score: 5, Insightful

      The good guys will make you pay them for exposing holes.
      The bad guys will pay you.
      Hmmm, maybe I got the "bad guys" and "good guys" mixed up there.

    2. Re:Potholes by DragonWriter · · Score: 2, Insightful

      I wouldn't report any kind of crime or safety hazard if this becomes a regular tactic.

      McKinnon didn't "report any kind of crime or safety hazard", and there is no reason to expect that, even if the approach the government used to here to assess damages from a violation of the law were to be accepted in that role that it would somehow affect people who "report any kind of crime or safety hazard".

    3. Re:Potholes by Chris+Burke · · Score: 2, Insightful

      Perhaps this will teach some people that if you don't want to pay the fines for breaking the law, then don't break the law!

      Well it's teaching me that if you break the law, you'll have to pay fines for things you didn't do.

      That doesn't really encourage respect for the law, you know.

      He didn't create the vulnerabilities, he exploited him. Punish him for the illegal computer trespass, but fix your own damn security holes, because those were your fault.

      --

      The enemies of Democracy are
  4. I have to agree with kdawson... by rwade · · Score: 5, Insightful

    This is exactly like charging for a lock that was never there. Another analogy -- it is like forcing the thief to pay for the security system that the store owner now feels that he has to buy to prevent future actions.

    If he damaged a system by hacking in, that's one thing. He should pay for that. But it's hardly his fault that the holes were there in the first place and he shouldn't be held responsible for funding the software improvements to prevent such actions in the future.

    1. Re:I have to agree with kdawson... by sumdumass · · Score: 5, Interesting

      This is not entirely unheard of.

      I had someone repeatedly break into my garage and take my gas cans for the lawnmowers and root through the cars for money. Eventually, they took an expensive looking but stock car radio. The time that happened, my then girlfriend walked into the garage to go to work and startled the intruder. He knocked her down and ran but wasn't afraid to come back.

      I eventually placed some hidden cameras in the garage and back yard with a dummy camera on the side of the house in plain sight. It took the guy about 5 days to realize the visible camera was a dummy and I got his picture including him rooting through everything and taking crap. I then placed a piece of a set of antique lamps made of sterling silver in the garage but locked them in a cabinet with a window. Anyways, those lamps were valuable enough to make his repeated breaking in worthy of a felony on the crap I could prove he stole alone.

      The prosecutor advocated that the guy pay for the security system and cameras that I had to install because of his actions. The judge agreed and order it as part of his restitution. Of course he couldn't pay while sitting in jail, but as a term of his parole, he had to make payments to an account until the costs were paid off. As I understood it, I could have sued him for the costs but doing it this way made it a condition of his freedom which meant I was more likely to get paid.

    2. Re:I have to agree with kdawson... by Altus · · Score: 2, Insightful

      that would be paying for the materials necessary to catch the theif. Costs incurred while investigating someone breaking into your house.

      This situation is more akin to you catching him and then the judge ordering him to pay for a new steel reinforced garage door with a retinal scanner for access.

      If they were trying to get the hacker to pay for the expense of having caught him I might buy that. If, say, they spent a bunch of money on a new server and network setup to act as a honey pot to catch the hacker that might be reasonable.

      --

      "In America, first you get the sugar, then you get the power, then you get the women..." -H. Simpson

    3. Re:I have to agree with kdawson... by Anonymous Coward · · Score: 2, Informative

      Which country do you live in? I'm guessing the UK or somewhere in the EU. Here in the South, if someone was burglarizing my property repeatedly and also assaulted my wife, he would have been shot, not videotaped.

      Fixed that for you.

    4. Re:I have to agree with kdawson... by Monkeedude1212 · · Score: 3, Insightful

      It's an interesting story - but the one thing that sets it aside is that the cameras were fundamental in the charging him for his crime, possibly even the capture.

      In the full article, it doesn't say what the 700,000 dollars are for. Its a little sketchy on what can be claimed as the "Damage Caused" and whether or not the money is for the systems (and security checks) to be implemented after his breach.

      Whereas you had to set up a Camera to catch the criminal, the US Government caught their criminal and now want to put up the camera. Two different scenarios, which can appear to be so similar that distinguishing who should pay what gets a little fuzzy.

      Peter Sommer (the expert refered to in the article), is basically saying that the security should have already have been implemented. In your case, you can argue that you shouldn't require cameras to be set up in your garage as a basic security measure. Closing and locking doors and windows should be enough.

      Basically the Government did not have a firewall or any security systems in place at all to stop someone from Remoting in. Thats like leaving your door open, and expecting someone not to enter without permission. Someone walks inside, does that constitute as breaking and entering?

      The "Hacker" used a popular program used for technical support to log into a computer. My ISP can't even do that, and all because I have 60 dollars Linksys router at home (not even a firewall), which BY DEFAULT blocks any incoming traffic on those ports.

      That is like placing a lock on your door, which is pretty standard. Which the government didn't do, and is now trying to claim almost 3 quarters of a million dollars for.

    5. Re:I have to agree with kdawson... by PitaBred · · Score: 3, Insightful

      Don't be stupid. The Supreme Court has specifically said the police are not indebted to protect you. If you think otherwise, you're a moron.

      Besides, to your "point", the law is on my side. I have a right to be secure in my possessions and person.

      I will not shoot someone on sight for trespassing. But I will shoot someone who routinely (or even once) burglarizes my home, or assaulted my wife or family. Given the very low rate of catching people for doing those kinds of things, there is very little incentive for criminals to not run rampant, unless there is the risk of them getting hurt. Why do you think that all mass shootings in recent memory have happened in "firearm free" zones?

      --
      My blog. Good stuff (when I remember to update it). Read it.
  5. Re:Taking responsibility for ones actions. by intermodal · · Score: 5, Insightful

    The holes aren't his "damage". The holes were already there. I don't care if a whole wall was missing, if an individual walks into a building and does damage or steals, the damage or stealing is what they are responsible for. Building the wall or replacing the lock is not their responsibility at all.

    --
    In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
  6. Re:Taking responsibility for ones actions. by Monkeedude1212 · · Score: 5, Insightful

    Repaying any damage he would have caused: Expected.

    Going to Jail for his actions: Expected.

    Paying 700,000 Dollars to fix the hole he DISCOVERED (not created): Unlawful.

  7. Faulty locks by Adrian+Lopez · · Score: 5, Insightful

    Isn't the McKinnon case more like charging him to buy the lock that had been missing when he walked in?

    Rather like the lock company demanding he reimburse them the cost of redesigning their badly designed locks?

    --
    "In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
    1. Re:Faulty locks by sonnejw0 · · Score: 3, Insightful

      This is security through obscurity, and it's frightening that a government entity relies upon it enough to fine someone for publicly declaring a security flaw. Should Microsoft, Apple, or the Linux Foundation pay a fine every time they patch a security bug, thereby describing how to utilize that bug in all unpatched systems?

      I think not, I think that's ridiculous. But that quickly brings us to the argument that all software that we rely on should be open source so that we can modify it to fix it ourselves ... or the corollary, that all software we rely on should be closed source so it's difficult to find bugs (which is kind of an untrue assumption. I'd rather be in control of how I keep private what I'm trying to keep private. If I don't have control over the means of privacy, I have no privacy at all ... I guess I should go delete my FB account).

  8. It's not paying for the lock... by spydabyte · · Score: 5, Insightful

    It's paying for the research, development, and possibly deployment of a new and improved lock.

    Analogies should be correct to be effective. Sadly, the most effective ones are often incorrect.

  9. China and Iran will tell Washington about it? by rwade · · Score: 3, Informative

    South Korea (the one with Seoul) probably would tell Washington about it, but it's unlikely that China or Iran would. It's more likely that they would exploit the vulnerability in secret.

    1. Re:China and Iran will tell Washington about it? by rwade · · Score: 3, Insightful

      The original poster tossed South Korea (which Washington considers to be one of its strongest military allies) with Iran ( which Washington considers part of the so-called "Axis of Evil") and China (which Washington considers one of its strongest rivals), it is unlikely that he knows the difference.

    2. Re:China and Iran will tell Washington about it? by eln · · Score: 2, Insightful

      I think he was just trying to be punny. If someone is dumb enough to not know the difference between North and South Korea, I doubt they'll know where Seoul is, or even that it exists.

  10. Analogy, sans car by Bobfrankly1 · · Score: 3, Insightful

    I like the lock analogy, but I think it would be more appropriate to say that they are charging him for discovering that the bolts that hold the locked door shut were missing. He simply pointed it out...

  11. Re:Taking responsibility for ones actions. by pla · · Score: 4, Insightful

    No, it is not simply like charging him to buy the lock that had been missing. If you entered someone's home uninvited and deliberately or accidentally caused substantial cost and damage to the homeowner, you should be liable for your actions.

    I know, right?

    Like last week, these kids walked uninvited across my lawn, and caused substantial damage to a number of blades of grass! And then to add insult to injury, their damned irresponsible parents just couldn't grasp their liability to pony up for the slab, four walls, roof, and two garage doors to "repair" the space their crotch-fruit just casually trespassed across!

    Sure, some scofflaws would point out that I didn't have a whole garage there to start with, so why should they have to pay for the rest? But hey, I had the good solid dirt underneath a future-garage, at least.

  12. logic doesn't enter into it by NotQuiteReal · · Score: 3, Insightful

    These are legal matters we are talking about here.

    --
    This issue is a bit more complicated than you think.
    1. Re:logic doesn't enter into it by geekoid · · Score: 2, Insightful

      Correct, and If I trespass onto someone property bu walking through a gate with no lck, I will not be force to buy a new lock. That doesn't mean I shouldn't be fined for trespassing.

      --
      The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
    2. Re:logic doesn't enter into it by JumpDrive · · Score: 3, Insightful

      These are US government and legal matters which we are talking about here.

      There fixed it for you.

  13. The REAL crime is exposure. by Errol+backfiring · · Score: 2, Insightful

    The real crime is exposing sensitive data through the internet. If a hacker shows his concern and makes it clear that the government is exposing sensitive data, the criminal is the government, not the hacker.

    The funny thing is that the real crimes are often not legally the real crimes. In the Netherlands, it is not a crime to have a system full of sensitive data that is hardly secured. But it IS a crime for anyone to expose this insecurity. The Dutch government has created a special "theft of processor time" law to ensure this.

    --
    Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
  14. Me thinks by arizwebfoot · · Score: 2, Insightful

    "Isn't the McKinnon case more like charging him to buy the lock that had been missing when he walked in?"

    More like they want him to pay for a lock that wasn't there because he was the first one to tell them that the lock wasn't there.

    Or even more obvious, somebody forgot to put in a front door and now the store wants him to pay for a new door because he was the first one to tell the store that they had no door.

    --
    Beer is proof that God loves us and wants us to be happy.
  15. Re:There is some logic to it by Donovon · · Score: 2, Insightful

    However what is at issue here is what if you walk up to your neighbor and say "Hey don't you think maybe you should have a door on that house? Someone could get in you know..." He then sends you the bill for the door, lock, security bars, and exterior gate.

    D.

  16. No, that's just plain silly. by moz25 · · Score: 2, Interesting

    This is where dogmatic views and analogies really contrast with technological reality. Those security holes would have existed whether or not he abused them in some misguided and naive attempt at finding info about UFOs. This is clearly a very intelligent person whose skills are of immense value. He just wasn't mature enough to realize the consequences and he certainly wasn't paranoid enough to keep his mouth shut.

    It makes no sense whatsoever to lock him up with dumbasses whose greatest accomplishment in life is learning that beating their girlfriends is a bad thing or that guns and drugs don't mix well. What a sad waste of talent.

    No, instead, I say: let him pay that $700000, but let him do it in the form of consulting. And fire the idiots who made those security holes in the first place.

    --
    see a Text Widget
    1. Re:No, that's just plain silly. by Timmmm · · Score: 4, Informative

      This is clearly a very intelligent person whose skills are of immense value.

      From Wikipedia: McKinnon claimed that he was able to get into the military's networks simply by using a Perl script that searched for blank passwords; in other words his report suggests that there were computers on these networks with the default passwords active.

      Note that this is never ever reported in news articles. It is always that he 'hacked into' the computers. I think most people would agree that trying blank passwords doesn't really count as hacking, and most people have probably done it at one point in their lives. It is completely ridiculous that he could be extradited over this.

  17. I'll take car analogies for $200 Alex. by fahrbot-bot · · Score: 2, Funny

    Isn't the McKinnon case more like charging him to buy the lock that had been missing when he walked in?

    I'm sorry, you must state your question in the form of an Automotive analogy...

    --
    It must have been something you assimilated. . . .
  18. Re:Taking responsibility for ones actions. by cabjf · · Score: 3, Informative

    "Great, now everyone knows we have the holes and we actually have to fix them. Everything was fine when people just assumed we had a secure system. Now this guy goes and rains on our parade. Let's try to get him to pay for fixing them."

  19. Faulty Lock Users by eldavojohn · · Score: 3, Insightful

    Isn't the McKinnon case more like charging him to buy the lock that had been missing when he walked in?

    Rather like the lock company demanding he reimburse them the cost of redesigning their badly designed locks?

    From what I can find of his "hacking" abilities on the black vault:

    Somewhat frustrated by the common avenues of UFO research, Gary began some basic computer hacking techniques from his girlfriend's Aunt's house in the mid-late 1990s. Soon he began using a system of scanning for blank administrator passwords on supposedly secure networks ...

    Sounds more like the lock company distributed a working lock to many U.S. government entities and they put the locks on their sensitive possessions but some individuals simply forgot to close the clasp and had no policy for walking around double checking locks. If he did do $700k of damage and bring the system to a halt, he should pay for it. If they are charging him $700k for a script that scans for blank passwords on accounts on their systems and drop it in a chron job, I'll gladly fulfill the work order for half that price!

    --
    My work here is dung.
  20. Re:Taking responsibility for ones actions. by gnud · · Score: 2, Informative

    The fact that the systems are federal might not matter a whole lot, since the perp is British.

    You know, not from the U.S.

  21. the punishment is not heavy enough by bugs2squash · · Score: 2, Funny

    He should pay to re-train the entire government technical staff.

    --
    Nullius in verba
  22. Car analogy... by mangu · · Score: 3, Insightful

    It's paying for the research, development, and possibly deployment of a new and improved lock.

    Similarly, Ralph Nader should pay for the research, development, and deployment of a new and improved Chevrolet Corvair?

  23. Is it really that expensive? by FreudianNightmare · · Score: 2, Informative

    To have someone set some damn passwords? (10th Paragraph).

    --
    'Speak softly and carry a beagle'
  24. Suit time! by Runaway1956 · · Score: 5, Funny

    You'll be hearing from our lawyers soon. The crashes involving our automobiles were entirely due to operator error. There is nothing wrong with our braking system!!

    Danny Ubanti
    President and CEO
    Ubanti Motor Company Inc Ltd

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  25. So many car analogies by countertrolling · · Score: 2, Insightful

    I don't have a car, you insensitive clod...

    A better analogy would be for me to have to replace the emperor's wardrobe

    --
    For justice, we must go to Don Corleone
  26. Well here is the US claim by the+eric+conspiracy · · Score: 3, Insightful

    From Wikipedia

    "The US authorities claim he deleted critical files from operating systems, which shut down the US Army's Military District of Washington network of 2,000 computers for 24 hours, as well as deleting US Navy Weapons logs, rendering a naval base's network of 300 computers inoperable after the September 11th terrorist attacks. They claim the cost of tracking and correcting the problems he caused was $700,000.[15]"

    So I don't see where the idea that the claim the $700,000 is merely to secure previously unsecured systems originates from.

    If you break into a networkof military computers, it seems reasonable that the owners of the computers would feel that a complete audit of the network to asses damages would be necessary.

  27. Re:Well here is the US claim by nomadic · · Score: 2, Insightful

    So I don't see where the idea that the claim the $700,000 is merely to secure previously unsecured systems originates from.

    The imagination of slashdotters, who can never escape that techies-vs-the-rest-of-the-world mentality.

  28. Re:Well here is the US claim by gnieboer · · Score: 2, Informative

    Many posters here seem to believe he just 'pointed out security flaws', akin to telling someone their door locks are easily picked, and then suddenly being held responsible for the owner wanting better lock.

    That is clearly not the case here. He found security holes, -and exploited them-, and -damaged systems- as a result.

    http://www.publications.parliament.uk/pa/ld200708/ldjudgmt/jd080730/mckinn-1.htm

    Even if I leave my door wide open, if someone comes in and trashes my house, I'm going to expect them to pay for the repairs and clean-up. That's going to include me doing a complete inventory to figure out what might now be missing or broken. And that will take a while.

    Weak security != permission to exploit

    And the $700K amount is vague as to it's origin, I also saw nothing that specifically indicated that any of the $700K was specifically for -upgrading- security.

  29. Emperor has child pay for clothes by noidentity · · Score: 2

    In other news, the emperor is demanding that the child who pointed out that he lacks clothes be the one to pay for them.