No Charges In UK For Gary McKinnon

← Back to Stories (view on slashdot.org)

No Charges In UK For Gary McKinnon

Posted by Soulskill on Friday December 14, 2012 @04:34AM from the end-of-a-long-road dept.

clickclickdrone sends this news from the BBC: "Computer hacker Gary McKinnon, who is wanted in the U.S., will not face charges in the U.K., the Crown Prosecution Service has said. Director of Public Prosecutions Keir Starmer QC said the chances of a successful conviction were 'not high.' He announced the decision some three months after Home Secretary Theresa May stopped the extradition. Mr. McKinnon, 46, admits accessing U.S. government computers but says he was looking for evidence of UFOs. The U.S. authorities tried to extradite him to face charges of causing $800,000 (£487,000) to military computer systems and he would have faced up to 60 years in prison if convicted."

148 comments

Min score:

Reason:

Sort:

this: by samjam · 2012-12-14 04:35 · Score: 4, Informative

The UK CPS declined to prosecute him originally and further decline to do so now.
This trumps all other arguments.

--
blog.sam.liddicott.com
1. Re:this: by Grumbleduke · 2012-12-14 05:16 · Score: 4, Interesting
  
  McKinnon even sued the CPS over their decision not to prosecute him, and lost (judgment here). The CPS really don't want to prosecute him.
2. Re:this: by stephanruby · 2012-12-14 06:59 · Score: 4, Informative
  
  The UK CPS declined to prosecute him originally and further decline to do so now.
  And yet, McKinnon said he'd be willing to plead guilty if he was prosecuted in the UK.
  
  By letter dated 5 June 2009, the Claimant made further representations and indicated that he would be willing to plead guilty to an offence under section 3 of the 1990 Act. Accordingly, the Director was invited to reconsider the decision not to prosecute, since the evidential test was now satisfied, having regard to the wider public interest which, it was asserted, pointed to a prosecution in the United Kingdom. The Director was further invited to "have full regard to Article 3 and Article 8 of the Convention".
  Perhaps, it would have been too much of an embarrassment to the US if the guy had only received 6 months probation and a 1000 fine when what they really wanted was to set an example and have this autistic guy up-rooted from his own country/family, bullied and raped, and locked up in a Federal prison for the next 60 years.
3. Re:this: by GrandTeddyBearOfDoom · 2012-12-14 14:39 · Score: 1
  
  Massive Like on the current outcome, but massive Dislike on the expensive time-wasting process that is the current legal system.
  
  --
  -- The Grand Teddy Bear has Spoken: "Windows 8 Source Code Available NOW! more disgusting than your pr..."
caused $800,000... by Hagaric · 2012-12-14 04:36 · Score: 5, Funny

Could he come & cause $800,000 to my computer system too? I could use the upgrade...
1. Re:caused $800,000... by Anonymous Coward · 2012-12-14 04:39 · Score: 1
  
  Only if you have evidence of UFOs
2. Re:caused $800,000... by TFAFalcon · 2012-12-14 05:00 · Score: 1
  
  Sure I do, I run a secret international organization that fights against aliens.
3. Re:caused $800,000... by serviscope_minor · 2012-12-14 05:05 · Score: 5, Informative
  
  He didn't of course.
  It's an outright lie by the US prosecutors, since they appear to lack any kind of moral fiber.
  It's equivalent to having a burglar walking in the front door then the homeowner claiming costs for upgrading all the locks are due to the burglar.
  Sure, they needed to trash and reinstall all of the machines. But they would have needed to do exactly that anyway when an internal audit showed they were insecure.
  
  --
  SJW n. One who posts facts.
4. Re:caused $800,000... by Grumbleduke · 2012-12-14 05:24 · Score: 5, Informative
  For the record, according to one of the court rulings he was accused of the following:
  "Between February 2001 and March 2002 he gained unauthorised access to 97 computers belonging to and used by the US Government... From those computers, he extracted the identities of certain administrative accounts and associated passwords. Having gained access to those administrative accounts, he installed unauthorised remote access and administrative software called "remotely anywhere" that enabled him to access and alter data upon the American computers at any time and without detection by virtue of the programme masquerading as a Windows operating system.
  Once "remotely anywhere" was installed, Mr McKinnon proceeded to install his "suite of hacking tools" – software that he used to facilitate further compromises to the computers which also facilitated the concealment of his activities. Using this software, he was able to scan over 73,000 US Government computers for other computers and networks susceptible to compromise in a similar fashion. He was thus able to lever himself from network to network and into a number of significant Government computers in different parts of the USA. The relevant ones were:
  53 Army computers, including computers based in Virginia and Washington that controlled the Army's Military District of Washington network and are used in furtherance of national defence and security [charges 1 to 2]
  26 Navy computers, including US Naval Weapons Station Earle, New Jersey. This was responsible for replenishing munitions and supplies for the deployed Atlantic Fleet [charges 6 to 8]
  16 NASA computers [charges 12 to 15]
  1 Department of Defense computer [charges 17 to 18].
  Once the computers were accessible by Mr McKinnon, he deleted data including:
  Critical operating system files from nine computers, the deletion of which shut down the entire US Army's Military District of Washington network of over 2000 computers for 24 hours, significantly disrupting Governmental functions
  2,455 user accounts on a US Army computer that controlled access to an Army computer network, causing those computers to reboot and become inoperable
  Critical Operating system files and logs from computers at US Naval Weapons Station Earle, one of which was used for monitoring the identity, location, physical condition, staffing and battle readiness of Navy ships. Deletion of these files rendered the Base's entire network of over 300 computers inoperable at a critical time immediately following 11 September 2001 and thereafter left the network vulnerable to other intruders.
  He also copied data and files onto his own computers, including operating system files containing account names and encrypted passwords from 22 computers. These comprised:
  
  189 files from US Army computers
  35 files from US Navy computers, including approximately 950 passwords from server computers at Naval Weapons Station Earle
  6 files from NASA computers
  Mr McKinnon's conduct was intentional and calculated to influence and affect the US Government by intimidation and coercion. As a result of his conduct, damage was caused to computers by impairing their integrity, availability and operation of programmes, systems, information and data on the computers, rendering them unreliable. The cost of repair totalled over $700,000."
  Slightly more than a burglar walking in the front door and claiming the costs of upgrading the locks. More like breaking in (maybe through a weak door), completely trashing the place and leaving.
5. Re:caused $800,000... by Opportunist · 2012-12-14 05:29 · Score: 1
  
  Huh? No you don't, I have never seen you in one of the meetings.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
6. Re:caused $800,000... by Opportunist · 2012-12-14 05:31 · Score: 1
  
  Judging from all that, I guess some CISO has a lot of explaining to do. He failed on all three fronts miserably.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
7. Re:caused $800,000... by poetmatt · 2012-12-14 05:34 · Score: 3, Interesting
  
  Did he damage all that crap? possibly so, if it ever went to court. Did he do stupid things involving computers? possibly so, if it ever went to court. Was it " intentional and calculated to influence and affect the US Government by intimidation and coercion"?
  That's beyond laughable and imaginary hypothetical rhetoric, to say the least. It actually puts the US prosecutors into question as far as sanity.
8. Re:caused $800,000... by TFAFalcon · 2012-12-14 05:34 · Score: 1
  
  And yet, the UK prosecutor isn't charging him with anything. Could all that 'damage' have been made up by the US?
9. Re:caused $800,000... by serviscope_minor · 2012-12-14 05:42 · Score: 3, Interesting
  
  OK, my analogy was flawed, so I'll switch to a non analogy.
  They connected insecure systems to the internet.
  The result is that they needed to inspect and repair all of those systems regardless of whether McKinnon existed or not.
  The only reasonable response to finding the computers were potentially hacked would have been to put the entire lot offline instantly, no questions. What if it had been a much more competent foreign agent?
  How did they know that a Chinese government hacker hadn't subtly altered the readiness logs of the ships [*] at Weapons station Earle? How did they know other logs were not already filled with subtly but much more dangerously flawed data?
  Look, I'm not claiming what McKinnon did was good or right or legal.
  But claiming that he caused those costs is simply not true.
  They caused the costs through the most monumental security fuckup. The fault is entirely on them. McKinnon highlighted that they needed to spend the money RIGHT NOW to fix it.
  [*] for fuck's sake! They had logs about battle readiness on warships on the open internet and editable by almost anyone and they have the temerity to blame their fuckup one lone nutball? Words fail me.
  
  --
  SJW n. One who posts facts.
10. Re:caused $800,000... by Grumbleduke · 2012-12-14 05:42 · Score: 3, Informative
  
  Was it " intentional and calculated to influence and affect the US Government by intimidation and coercion"?
  Well the damage was obviously intentional, and it was calculated to influence the Government (even if it didn't) as evidenced by the note he admitted to leaving behind which read:
  "US foreign policy is akin to Government-sponsored terrorism these days It was not a mistake that there was a huge security stand down on September 11 last year I am SOLO. I will continue to disrupt at the highest levels "
  That sounds rather like an attempt at intimidation and coercion (however pathetic) to me...
11. Re:caused $800,000... by Grumbleduke · 2012-12-14 05:47 · Score: 3, Insightful
  
  The UK prosecutor can't be bothered to charge him, because the damage wasn't done in the UK (so there isn't really any public interest in prosecuting) and the US didn't want to hand over all the (sensitive) evidence (of the details of all their military computer networks) to the UK authorities (for them to be made available in open court).
  The CPS not bringing a case doesn't mean they think he's innocent, just that they don't think it's worth the trouble to try to prosecute him.
12. Re:caused $800,000... by Samantha+Wright · 2012-12-14 05:53 · Score: 1
  
  Well, duh. He's on the board of directors! Why would he go to any of the meetings?
  
  --
  Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
13. Re:caused $800,000... by TFAFalcon · 2012-12-14 05:58 · Score: 1
  
  I'm the guy behind the screen (terrible skin condition) shouting the orders at everyone. So who are you? The scientist or the engineer?
14. Re:caused $800,000... by citizenr · 2012-12-14 06:30 · Score: 1
  
  Judging from all that, I guess some CISO has a lot of explaining to do. He failed on all three fronts miserably.
  Awww how cute. You really thing IS in CISO stands for Information Security. I am going to enlighten you - it is just a misspelled JS as in Job Security.
  CISOs main role is delegating responsibility, not securing infrastructure. Everything can be wide open and unsecure as long as you have a piece of paper stating someone else is responsible for it.
  
  --
  Who logs in to gdm? Not I, said the duck.
15. Re:caused $800,000... by Anonymous Coward · 2012-12-14 06:36 · Score: 0
  
  They are lawyers - they will say anything and do anything for money.
16. Re:caused $800,000... by Anonymous Coward · 2012-12-14 06:38 · Score: 0
  
  Apparently, words do not fail you.
17. Re:caused $800,000... by Anonymous Coward · 2012-12-14 06:42 · Score: 0
  
  That's because he was talking about SETI, not the Aryan Brotherhood...
18. Re:caused $800,000... by Shimbo · 2012-12-14 06:54 · Score: 1
  
  The CPS not bringing a case doesn't mean they think he's innocent, just that they don't think it's worth the trouble to try to prosecute him.
  That's pretty much the default attitude of the CPS; prosecution is really too much of a bother and expense. Police officers always say CPS stands for "Couldn’t Prosecute Satan". You need to keep that it mind when asking "why wasn't X charged?"
19. Re:caused $800,000... by Stalks · 2012-12-14 08:27 · Score: 1
  
  It was also aledged that McKinnon wasn't the only person gaining access to these machines. McKinnon said the computers were like an open book and lots of people were in there. Sure, the damage was done, if you say so, but it may not of all been McKinnon.
20. Re:caused $800,000... by Opportunist · 2012-12-14 10:35 · Score: 1
  
  I'm the walrus.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
21. Re:caused $800,000... by Opportunist · 2012-12-14 10:41 · Score: 1
  
  The sad thing is that you're probably even right. Most CISOs I've met have written more papers to cover their ass than to cover their field of responsibility.
  I know I'm "doing it wrong". But I tend to think that I owe my company the honesty (please refrain from reading further if you're already ROFLing, just trying to keep your sides from splitting) to actually do my WORK instead of just covering my rear end.
  As a reward, we had a LOT of attacks lately, none of which were successful. And in our last external review they had to dig up two minor issues so they don't hand in a blank record.
  My reward is that (relevant) people actually listen when I voice my concerns. I guess they like that I don't just cover my ass but theirs as well.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
22. Re:caused $800,000... by Anonymous Coward · 2012-12-14 11:25 · Score: 0
  
  You mean how for the next few years after the breach there'd be a chorus of, "It must have been that hacker," every time anybody screwed up?
  "This data is corrupt."
  "Hacker!"
  "This workstation's full of porn"
  "Hacker!"
  "Redskins have a losing streak"
  "Hacker!"
23. Re:caused $800,000... by Provocateur · 2012-12-14 15:06 · Score: 1
  
  Never even read the summary? It seems he accidentally the computer.
  
  --
  WARNING: Smartphones have side effects--most of them undocumented.
24. Re:caused $800,000... by Anonymous Coward · 2012-12-14 21:21 · Score: 0
  
  This is the code-word for Terrorism. An attempt to influence a government by intimidation and coercion.
  (anonymous only because I don't have my /. password here)
25. Re:caused $800,000... by Xest · 2012-12-14 21:41 · Score: 1
  
  Quite possibly no, he didn't. The quote from the CPS:
  "The potential difficulties in bringing a case in England and Wales now should not be underestimated, not least the passage of time, the logistics of transferring sensitive evidence prepared for a court in the US to London for trial, the participation of US government witnesses in the trial and the need fully to comply with the duties of disclosure imposed on the CPS.
  The prospects of a conviction against Mr McKinnon which reflects the full extent of his alleged criminality are not high."
  Which basically says that whilst the US claimed all those things, there was basically no chance of the US being able to prove any of it to be actually true to the standards required in a British court.
  That doesn't really instill confidence, if he'd done so much damage you'd have thought they'd be able to at least bring some witnesses, and some evidence over to prove at least some degree of criminality. The fact they can't even prove the slightest bit of it to gain at least some kind of conviction really talks for itself.
  As is normal in cases like this the prosecution throws everything they can at the defendant to see what will stick. In this case the CPS (the UK's prosecution) judged that it's very likely that absolutely none of it will actually stick.
26. Re:caused $800,000... by Hognoxious · 2012-12-14 22:19 · Score: 1
  
  Key words: accused of.
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
27. Re:caused $800,000... by Grumbleduke · 2012-12-15 00:48 · Score: 1
  
  Well yeah... when you arrest someone or try to prosecute them for a crime, it's all just accusations. In this case, it is unlikely to be proved in court due to there being no trial. The US are alleging he did this and caused this much damage, which is why they want to put him on trial...
28. Re:caused $800,000... by Occams · 2012-12-15 08:38 · Score: 1
  
  The only relevant crime is his breach of a UK hacking law. The USA laws have no jurisdiction in Britain so it is imposible to break them from there.
  
  --
  Heavy is the head that wears the tinfoil hat.
29. Re:caused $800,000... by Insanity+Defense · 2012-12-15 08:38 · Score: 1
  
  Key words: accused of.
  Actually he admits his guilt. He wanted to be tried and punished in the UK in proportion to his crimes. The prosecution wants to punish him in proportion to the amount spent doing a security audit and putting in place security that should have been there in the first place. They also want his time (the rest of his life) in maximum security with physically dangerous people in a U.S. prison.
30. Re:caused $800,000... by Grumbleduke · 2012-12-15 09:47 · Score: 1
  
  Common misunderstanding. Laws apply to wherever the law says it applies - that's one of the principles of individual sovereignty. If the US (or the UK) wants to pass a law making it a crime to do something in another country, they can. The only limit is their ability to enforce that.
  In this case, though, it is arguable that the "act" was carried out in the US - certainly the damage was suffered there.
  However, that doesn't mean there isn't a huge hole in the current multinational framework for criminal (and civil) liability; the systems were developed at a time when it would be clear where an act took place, and aren't suitable to a world where a single act can take place through multiple jurisdictions.
  Given the recent mess with the ITU, though, I doubt the major countries will be able to sort out a framework for Internet-based jurisdiction any time soon...
31. Re:caused $800,000... by Hognoxious · 2012-12-18 06:34 · Score: 1
  
  No, the prosecution want to prosecute him in proportion to the amount of embarrassment caused to a load of asshat brasshats.
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
32. Re:caused $800,000... by Hognoxious · 2012-12-18 06:38 · Score: 1
  
  If someone wanted to extradite somebody from the US, they'd have to come up with a lot more than accusations. Probable cause, which is generally interpreted so strictly as to mean proof of guilt.
  Turnabout's fair play, no?
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
33. Re:caused $800,000... by Grumbleduke · 2012-12-18 10:41 · Score: 1
  
  Probable cause is not the same as proof of guilt. Wikipedia quotes a definition of the former as "a reasonable amount of suspicion, supported by circumstances sufficiently strong to justify a prudent and cautious person's belief that certain facts are probably true" - which is a much lower test than proof of guilt.
  And it's pretty much the same test for extradition from the UK, which requires "reasonable grounds to suspect" (or a national equivalent). Whether a US judge is more likely than a UK one to find an excuse not to extradite one of her own citizens is another matter.
proofread a few lines only? by Anonymous Coward · 2012-12-14 04:38 · Score: 0

You accidentally the whole sentence:
"The U.S. authorities tried to extradite him to face charges of causing $800,000 (£487,000) to military computer systems..."
1. Re:proofread a few lines only? by halfEvilTech · 2012-12-14 04:41 · Score: 4, Insightful
  
  Damages they are claiming though come from having to fix the vulnerabilites that let him in in the first place. That and the money spent on the legal bills for embarassing them.
2. Re:proofread a few lines only? by X0563511 · 2012-12-14 04:41 · Score: 1
  
  Bullshit numbers.
  He may have cost them that much in man-hours to clean up the mess, but he most certainly didn't cause any physical damage.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
3. Re:proofread a few lines only? by Anonymous Coward · 2012-12-14 04:41 · Score: 0
  
  "...$800,000 of necessary security hardening to military..."?
  The basic fact is that the "military computer systems" were not secured in a suitable manner, when they should have been.
4. Re:proofread a few lines only? by Anonymous Coward · 2012-12-14 04:47 · Score: 1
  
  Money better spent on a crazy British dude than the Chinese hackers who would have found the holes next.
5. Re:proofread a few lines only? by Anonymous Coward · 2012-12-14 04:53 · Score: 1, Insightful
  
  I buy 3000 rolls of toilet paper drive to the middle of a busy interstate and dump them in a huge pile. I didnt cause any physical damage so therefore I am not guilty of anything. Is that your logic here? If someone had a fender bender because of it then I am guilty?
  Look here is the facts he broke into someones computer (in this case the US gov). They then had to go thru and re-audit everything (as they are required to by law). Spending huge amounts of time (and money) checking things out that were otherwise fine. And remember contractors are not paid 10 bucks an hour (the people most likely doing it). They are paid 50+ per hour...
  They are probably dropping it because the other side doesnt want to bother with it but wanted a way out as they buy the guys story. The US and the UK are BFF's... You are right he did not do much harm but did waste lots of peoples time.
6. Re:proofread a few lines only? by X0563511 · 2012-12-14 04:58 · Score: 1
  
  That was an awfully long way to say "yep, I agree."
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
7. Re:proofread a few lines only? by geekoid · 2012-12-14 05:00 · Score: 1, Informative
  
  No. Its the cost of having people scour the systems for any damage he causes, compare the data against backups to chance for changes, deletion and any programs he left behind, for tracking him.
  This isn't One computer, it's a lot of computers on a lot of systems, and it costs money to have people do that work.
  As well as possible legal bills.
  
  --
  The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
8. Re:proofread a few lines only? by geekoid · 2012-12-14 05:01 · Score: 1
  
  How do you know that? hmm?
  
  --
  The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
9. Re:proofread a few lines only? by serviscope_minor · 2012-12-14 05:08 · Score: 1
  
  He may have cost them that much in man-hours to clean up the mess, but he most certainly didn't cause any physical damage.
  Not entirely.
  It would have cost them that much to clean up the mess when in the absence of McKinnon an internal audit had shown that all those systems were insecure and potentially hacked by neferaious foreign national spies.
  The machines were insecure and needed fixing.
  That is the case whether or not the flaw was highlighted by McKinnon.
  I'm not claiming he's the good guy in this (though they should thank their lucky stars it was a UFO seeking nutball, not a Chinese government operative in those systems). But to claim he caused the damage is disengenuous.
  I repeat: the machines were already damages with or without McKinnon.
  
  --
  SJW n. One who posts facts.
10. Re:proofread a few lines only? by serviscope_minor · 2012-12-14 05:12 · Score: 2
  
  and it costs money
  It would have cost the same with or without McKinnon. Unless you think it's reasonable for them to leave unsecured computers connected to the net until such time as they happen to notice an exploit.
  
  --
  SJW n. One who posts facts.
11. Re:proofread a few lines only? by TFAFalcon · 2012-12-14 05:13 · Score: 1
  
  Shouldn't all that work be done anyway? If they had an insecure system, then it might have been hacked by others before and after McKinon. So why should he bare all the blame for it?
12. Re:proofread a few lines only? by Anonymous Coward · 2012-12-14 05:14 · Score: 0
  
  True, the numbers are not his doing.
  Nevertheless, he should have gone to jail/probation/whatever or gotten mental help for actually going into those systems. Just because I don't lock my front door does not give anyone the right to walk in and start rifling through my paperwork. There do need to be penalties for that sort of behavior.
13. Re:proofread a few lines only? by Albanach · 2012-12-14 05:15 · Score: 3, Insightful
  
  Surely if you discovered computers important to national security were unprotected, were using default passwords allowing easy access, or hadn't been appropriately patched and maintained, you would have to treat these machines as potentially compromised whether or not you know someone had accessed them.
  As a result, all the costs you mention, other than the legal ones, would necessarily have to be incurred anyway.
14. Re:proofread a few lines only? by MtHuurne · 2012-12-14 05:22 · Score: 1
  
  Wouldn't they have to check the systems anyway after discovering they were vulnerable? A break-in points out vulnerabilities in a system, but it is not the cause of those vulnerabilities and if one person can break in, others can as well.
  If someone else had found the same vulnerabilities earlier and alerted them without breaking in, would that person be charged for the costs of reviewing the systems?
15. Re:proofread a few lines only? by TFAFalcon · 2012-12-14 05:24 · Score: 1
  
  You get drunk and hit someone with your car. Are you also responsible for the careful search of all the other roads in your state, since it's possible you've also hit someone else so they might be lying in a ditch somewhere?
  He's responsible for what he DID - break into a computer, not really a major crime when you think of it. He's not responsible for the costs of checking if he did anything else. Once it's been revealed that the system had crap security, that check should have been done anyway - how many other hackers might have exploited the same security holes before McKinon?
16. Re:proofread a few lines only? by Grumbleduke · 2012-12-14 05:28 · Score: 2
  
  McKinnon is accused of deleting a load of "critical system files" from a number of key military computers (shutting down various networks), along with over 2,000 user accounts from Army's Washington DC(?) network. They wouldn't have had to fix all of that without his interference.
  As for the computers being unsecured, afaik there is no way to completely secure any network connected to the Internet, although I don't know how much work he had to do to break in.
17. Re:proofread a few lines only? by poetmatt · 2012-12-14 05:35 · Score: 1
  
  Oh man....wait....it's almost like they *FIXED* this.
  but yeah yeah collateral damages, etc etc. keep up the imagination there.
18. Re:proofread a few lines only? by Grumbleduke · 2012-12-14 05:38 · Score: 1
  
  He's responsible for what he DID - break into a computer
  Actually it was 97 computers (possibly 96). From which he was* able to access a further 73,000 networked, US Government computers. He shut down "the entire US Army's Military District of Washington network of over 2000 computers for 24 hours", and rendered some 300 computers at US Naval Weapons Station Earle inoperable for a while, including one "used for monitoring the identity, location, physical condition, staffing and battle readiness of Navy ships." Oh, and he installed a "suite of hacking tools" on the computers he did access to make it easier for him (and anyone else) to gain access to them in the future.
  But yes, that's just like breaking into a single computer...
  *Please insert the word "allegedly" as appropriate throughout. As this will never go to trial, we will probably never know what actually happened.
19. Re:proofread a few lines only? by serviscope_minor · 2012-12-14 05:46 · Score: 5, Insightful
  
  They wouldn't have had to fix all of that without his interference.
  Please NEVER EVER get a job in security.
  Ever
  Ever
  Ever.
  Once such important systems had even been found potentially compromised, they become entirely untrustworthy and cannot be used.
  They noticed McKinnon by sheer blind luck.
  If it had been a competent agent of Mossad or something they would never have noticed. Or by someone as competent as the guys that made Flame.
  But the fact that they were wildly insecure meant that they would have had to shut down the entire system basically instantly and repair it.
  They were bloody lucky it was McKinnon and not someone else.
  
  --
  SJW n. One who posts facts.
20. Re:proofread a few lines only? by Grumbleduke · 2012-12-14 05:54 · Score: 1
  
  They would have had to shut down the computers/networks, but (and at this point I should declare that I'm not a computer security expert) presumably had they simply discovered the flaw, they could have taken them down in a controlled, scheduled way, and then combed through the stuff to check for problems at will. This way it seems the networks were crashed by McKinnon, which strikes me as being likely to cause much greater short-term problems and thus costs.
  And no, I have no intention of getting a job in security; and I'm not saying this system was good, or that the US were not at all to blame - but that doesn't really matter in criminal prosecutions. The guy (allegedly) broke both UK and US laws by intentionally breaking in to some high-profile military computer networks and trashed them. That sounds fairly serious to me.
21. Re:proofread a few lines only? by sjames · 2012-12-14 06:14 · Score: 3, Insightful
  
  Yes they would IF they were doing their jobs. As soon as it was found that someone from the outside could (even in theory) gain access to those machines, they were untrustworthy and needed to be wiped completely and re-installed. For all we know, actual enemies had been playing in those systems for quite a while and would still be there if not for McKinnon bumbling in and making noise.
22. Re:proofread a few lines only? by Anonymous Coward · 2012-12-14 06:21 · Score: 1
  
  All (minus legal bills) of which any IT group of a handful of people tops could do in a month. And guess what, you'd be able to hack off a zero from the end of their "damages" price tag.
  You and I both know it, the vast majority of the sentence time and fine are the "making the US military look stupid again" tax. The annoying part is that it's so goddamn easy to do that, you have to be careful you don't do it accidentally.
  Or maybe it was just that the military's lawyers cost $720,000, which given the utter insanity that is the US legal system, is entirely possible.
23. Re:proofread a few lines only? by Anonymous Coward · 2012-12-14 06:53 · Score: 0
  
  break into a computer, not really a major crime when you think of it.
  Oh cool can I pick the lock on your front door of your house walk around not doing much. Then leave. Would you be cool with that? But I 'only' did it to YOUR house no big deal right? Hell not even really a crime. No you would consider it a breaking and an entering and call the cops.
24. Re:proofread a few lines only? by Anonymous Coward · 2012-12-14 06:55 · Score: 0
  
  And if he did nothing at all, they would still have to pay all of those claimed costs to repair their infrastructure. If there is a vulnerability found in your systems you assume that all machines connected are compromised and shut them down to be fixed. The fact that he was dicking around in the computers prior to their discovery of the flaw has no bearing on how much they needed to pay; that should be considered a fixed cost of upgrading a serious vulnerability that **they** left through their own negligence and incompetence.
  All he is guilty of is poking around on classified networks, to which 60 years seems like a ludicruously unreasonable sentence given the circumstances of the "attack." A 12 year old kid wanting to play a nice game of chess could have broken past these simple defenses they had in place. If anything, they should be thanking the guy because the alternative was an actual threat that knows what they are doing using that vulnerability to gain undetected access to the systems.
25. Re:proofread a few lines only? by TheNinjaroach · 2012-12-14 07:01 · Score: 1
  
  I buy 3000 rolls of toilet paper drive to the middle of a busy interstate and dump them in a huge pile.
  Please take photos!
  
  --
  I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
26. Re:proofread a few lines only? by Patch86 · 2012-12-14 08:34 · Score: 1
  
  If it had been a competent agent of Mossad or something they would never have noticed. Or by someone as competent as the guys that made Flame.
  They were bloody lucky it was McKinnon and not someone else.
  You assume that it WAS only McKinnon. Skilled attackers could have been waltzing in and out of that gaping security hole for years before McKinnon spoiled it for them by drawing attention to it. Who knows how many government secrets have found their way into unfriendly hands because of this?
27. Re:proofread a few lines only? by jonbryce · 2012-12-14 10:30 · Score: 1
  
  He had to fire up Terminal Services Client (now known as Remote Desktop Client), and log on as administrator, leaving the password field blank.
28. Re:proofread a few lines only? by Hognoxious · 2012-12-14 19:54 · Score: 1
  
  Internal audit? What internal audit?
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
29. Re:proofread a few lines only? by Hognoxious · 2012-12-14 22:37 · Score: 1
  
  They would have had to shut down the computers/networks, but (and at this point I should declare that I'm not a computer security expert)
  
  Good thing you pointed that out.
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
30. Re:proofread a few lines only? by Hognoxious · 2012-12-14 22:47 · Score: 1
  
  You say "if you discovered". That's the point. It wasn't a problem before, because they didn't know about it. And you'd be amazed how many people would say that without a hint of irony.
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
31. Re:proofread a few lines only? by Anonymous Coward · 2012-12-15 01:52 · Score: 0
  
  If it had been a competent agent of Mossad or something they would never have noticed
  Mossad doesn't need to sneak in to the Pentagon, it has root access.
Is he free? by Hatta · 2012-12-14 04:40 · Score: 3, Interesting

So if he's not getting extradited, and there are no charges in the UK, is McKinnon a free man?

--
Give me Classic Slashdot or give me death!
1. Re:Is he free? by schneidafunk · 2012-12-14 04:46 · Score: 3, Funny
  
  They're having him work for SETI.
  
  --
  Some people die at 25 and aren't buried until 75. -Benjamin Franklin
2. Re:Is he free? by xaxa · 2012-12-14 04:47 · Score: 1
  
  So if he's not getting extradited, and there are no charges in the UK, is McKinnon a free man?
  Yes, I think so. That's what not being charged generally means (if that sounds sarcastic it's not supposed to be -- simply IANAL.)
  "... will not face charges in the UK, bringing to an end a 10-year legal battle."
  "Janis Sharp, Mr McKinnon's mother, said the news was "amazing" and she was grateful the case was "all over now".
3. Re:Is he free? by Anonymous Coward · 2012-12-14 04:51 · Score: 0
  
  I believe he is a free man. IMHO this situation is wrong - he did something wrong (and even admitted to it) and doesn't have to face the consequences.
4. Re:Is he free? by Baloroth · 2012-12-14 04:52 · Score: 4, Informative
  
  So long as he stays in the UK, yes. The US still has an extradition warrant against him, so if he travels to another country he could be extradited from there (although it would depend on the judgment of those courts). Traveling to the US would obviously get him arrested.
  
  --
  "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
5. Re:Is he free? by geekoid · 2012-12-14 05:02 · Score: 4, Funny
  
  Maybe he will be abducted~
  
  --
  The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
6. Re:Is he free? by TFAFalcon · 2012-12-14 05:02 · Score: 1
  
  I guess the wrong thing wasn't illegal then. At least not in the place where he did it.
7. Re:Is he free? by Anonymous Coward · 2012-12-14 05:05 · Score: 1
  
  He also needs to stay away from any of the US Bases in the UK.
  Then again the MiB (US Gov Issue) might be trying to whisk him away to Gitmo and let him spend 10 years there without access to counsel, charges or any prospect of release.
  For our US readers, there are prisoners in the GULAG called GITMO who's release has been signed by the President yet they are still getting beatings on an almost daily basis. One has been there for more than 10 years without charge. There is no evidence against him and his country of citizenship is willing to have him back yet the US authourities are ignoring the wishes of the President who I might remind you, is Commander in Chief and keeping him incarcerated.
  Is the US the paragon of Justice? I think not.
8. Re:Is he free? by tnk1 · 2012-12-14 05:27 · Score: 1
  
  It would be a waste of time and money. They already taught him his lesson by putting him through the process.
  He will be watched for the rest of his life, however.
9. Re:Is he free? by Anonymous Coward · 2012-12-14 05:32 · Score: 0
  
  If I was him I would try to change my identity and start a new life. If there's one thing that history has taught us about coercive authority (aka "government"), it's that coercive authority is NEVER to be trusted.
10. Re:Is he free? by Opportunist · 2012-12-14 05:34 · Score: 1
  
  Waste of time and money? You're talking about the country that has two rather pointless wars running, you think they care about a waste of time and money?
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
11. Re:Is he free? by Anonymous Coward · 2012-12-14 05:38 · Score: 0
  
  They're having him work for SETI.
  Oh irony of ironies if Gary McKinnon himself turns out to be the very LGM Gary was looking for...
12. Re:Is he free? by Anonymous Coward · 2012-12-14 05:41 · Score: 1
  
  If the detainee are all wrong evil muslim terrorists, why fear giving them a trial and follow a proper procedure to punish them?
13. Re:Is he free? by tnk1 · 2012-12-14 05:53 · Score: 2
  
  Yes, I do think that. You seem to be of the opinion that the US government is going to extra-judicially abduct a public figure from an allied country for a minor offense. They might do that if he was some faceless terrorist in Yemen who they can't keep tabs on easily, but for a British nutcase? It's not worth the trouble. Do you know how many people they would have to abduct if they did they for every extradition charge that beat their rap?
  You only need to abduct people who you can't use the system to deal with. Iraq and Afghanistan are outside that system, and so the gloves have to come off there if they want to get their way. It may seem like they are wasting money to you, but I assure you, for the right people, it was money well spent. There is no return on investment in abducting this crackpot.
14. Re:Is he free? by TFAFalcon · 2012-12-14 06:06 · Score: 1
  
  Aren't there laws in the UK that allow holding 'suspected terrorists' for as long as they want? So not getting charged may not mean much.
15. Re:Is he free? by sjames · 2012-12-14 06:19 · Score: 1
  
  He faced 10 years of extradition hearings with the threat of being extradited to a less civilized legal system hanging over his head. There were consequences and he has faced them.
16. Re:Is he free? by xaxa · 2012-12-14 06:36 · Score: 3, Informative
  
  Aren't there laws in the UK that allow holding 'suspected terrorists' for as long as they want? So not getting charged may not mean much.
  No. For "terrorism" it's 14 days, after a reduction from 28, and an attempt by the government to increase it to 42. See https://www.liberty-human-rights.org.uk/human-rights/terrorism/extended-pre-charge-detention/index.php
  See http://www.yourrights.org.uk/yourrights/the-rights-of-suspects/police-powers-of-arrest/police-detention.html for the case for normal offences (24 hours, possibly extension to 36).
17. Re:Is he free? by Lemming+Mark · 2012-12-14 07:24 · Score: 1
  
  There was also a form of house arrest in use (supposedly for people who couldn't be tried for security reasons, I think) that was used to severely restrict people's freedom. This was applied if the right people believed "We really, really think this guy is dodgy" but couldn't say why, at least not in a public forum. The house arrest approach was adopted after a ruling by the Law Lords (would now be the Supreme Court, I think) saying that indefinite detention in prison without trial was not legal. The "suspects" were then allowed out of prison but only permitted a very specific, restricted set of "freedoms" including being restricted to their home for most hours of the day.
  I'm not sure if those measures are still in force (though I suspect so). As I understand it, they were a separate issue from the (much shorter) periods you could be held by police without charge, nominally whilst they gather evidence, etc.
18. Re:Is he free? by usuallylost · 2012-12-14 08:25 · Score: 1
  
  So if he's not getting extradited, and there are no charges in the UK, is McKinnon a free man?
  From what the article said as long as he stays in the UK his a free man. If he goes to any other country that the US has an extradition treaty with he could find himself on a plane to the US. So basically his punishment here is that he can basically never leave the UK again.
19. Re:Is he free? by Anonymous Coward · 2012-12-14 11:30 · Score: 0
  
  ...and probed.
20. Re:Is he free? by Anonymous Coward · 2012-12-14 11:41 · Score: 0
  
  It's certainly getting harder to distinguish between the PR bods, the MIC dissinfo bods and the bods that actually believe what they write. What gives you away is the cogence of your argument. It's assumed that nobody intelligent enough to write what you wrote could also actually believe it.
21. Re:Is he free? by Anonymous Coward · 2012-12-14 23:02 · Score: 0
  
  The house arrest approach was adopted after a ruling by the Law Lords (would now be the Supreme Court, I think) saying that indefinite detention in prison without trial was not legal.
  
  This is nonsense, since they were not being detained anyway.
  
  The "suspects" were then allowed out of prison but only permitted a very specific, restricted set of "freedoms" including being restricted to their home for most hours of the day.
  They were free to leave the country at any point. Most seemed rather unenthusiastic about exercising that right.
Reverse the charges by FrostedWheat · 2012-12-14 04:59 · Score: 4, Insightful

Right, so the real people responsible will be charged now? The ones who left seriously insecure military computers connected to the internet?
1. Re:Reverse the charges by Anonymous Coward · 2012-12-14 05:10 · Score: 0
  
  No. They might be (partially) responsible, but they did not commit the crime.
  If I leave my door unlocked and someone steals stuff from my house, my insurance company might refuse to pay, but it will still be the burglar, not me, who committed a crime and can be charged with it.
2. Re:Reverse the charges by Spottywot · 2012-12-14 05:16 · Score: 1
  
  That's hilarious it really is, I love the idea of the CPS trying to prosecute the Pentegon for running an insecure network :) I know that's not what you meant, but the fact is the Pentagon still think he is 'one of the most dangerous hackers of all time' and would still love to hold him responsible for their own deficiencies. An epic case of deferring responsibility if ever there was one.
  
  --
  In a cybernetic fit of rage she pissed off to another age...
3. Re:Reverse the charges by PIBM · 2012-12-14 05:19 · Score: 1
  
  We are talking about a military organisation. This is their REQUIREMENT of being secure. What would you say if they had provided a google map interface to launch nukes (click where you want it to detonate!) and a little kid found this nice little game and nuked the western half of the country ? Still the kids fault ??
4. Re:Reverse the charges by N!k0N · 2012-12-14 05:33 · Score: 1
  
  We are talking about a military organisation. This is their REQUIREMENT of being secure. What would you say if they had provided a google map interface to launch nukes (click where you want it to detonate!) and a little kid found this nice little game and nuked the western half of the country ? Still the kids fault ??
  Wasn't there a movie about this once?
5. Re:Reverse the charges by tnk1 · 2012-12-14 05:35 · Score: 1
  
  You don't charge people who made mistakes in their jobs unless they did so with criminal intent, and I encourage you to attempt to prove that in a court of law. They can be fired or demoted or have nothing whatever happen to them at all. Although someone clearly failed in their job, and possibly should be fired, responsibility was probably shared in small parts by dozens of people who were lax at their jobs. Such is the problems with having a huge government bureaucracy: huge problems, and no one person to reasonably or easily hold accountable for them.
  Either way, the only real criminal here is McKinnon, as he entered a system that he had no business entering, which there is no reasonable excuse for him to have done. The fact they attempted to get their hands on him for trial was proper, he broke a law in the US and there is an extradition treaty. The actual charges were entirely overblown, but that doesn't mean he isn't guilty of the basic offense.
6. Re:Reverse the charges by Opportunist · 2012-12-14 05:41 · Score: 1
  
  It depends on the severity of the negligence to say for sure whether some of the blame is to be put on the CISO. One thing is certain, he dropped the ball seriously here. If he had been working for me, he'd have been looking for a new job (or some rope) the next day.
  Especially in an environment where security is one of the key assets, things like this MUST NOT happen. At the very least, they MUST NOT happen for such a long time. Getting into a lesser important security area, ok. But at the very least it has to stop right there. Especially from what it looks like the US government relies on some sort of "bouncer security". Once you're in the club, nobody bothers to check your ID anymore, so sneak in through the back door and nobody cares you're not 18.
  This is absolutely unacceptable for a high security environment. Especially that he could install software without raising any kind of warning.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
7. Re:Reverse the charges by Opportunist · 2012-12-14 05:41 · Score: 2
  
  Hey, all he wanted to do is play a nice game of chess.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
8. Re:Reverse the charges by Anonymous Coward · 2012-12-14 05:46 · Score: 0
  
  The military may be charged with negligence or what-have-you but the kid is still the one breaking in to the system and launching the nukes.
9. Re:Reverse the charges by Anonymous Coward · 2012-12-14 05:57 · Score: 1
  
  The fact they attempted to get their hands on him for trial was proper, he broke a law in the US and there is an extradition treaty.
  No, he broke a law in the UK, because... (*drumroll*) HE WAS IN THE UK.
10. Re:Reverse the charges by tnk1 · 2012-12-14 06:29 · Score: 1
  
  Awkward language. I meant to say he broke a US law, and there is an extradition treaty that allows people to be extradited from the UK for breaking US laws.
  And sure, he was in the UK at the time. That doesn't matter except that he can't be taken immediately into custody from the UK. He still broke a US law and entered a system based in the US. It's going to be a hard thing to argue that the US has no right to go after people who break into US government systems that are hosted on US soil just because they did so remotely.
  I know that we are all going to be up in arms about arresting foreign nationals for things that they did from other countries, but there does exist a concept that is known as extraterritorial law. It's not without controversy, but it's hardly a new idea.
11. Re:Reverse the charges by idontgno · 2012-12-14 07:27 · Score: 1
  
  You don't charge people who made mistakes in their jobs unless they did so with criminal intent, and I encourage you to attempt to prove that in a court of law.
  Uniformed members of the Armed Forces responsible for managing the DoD assets affected by this were theoretically vulnerable to being charged with, for instance, dereliction of duty. The Uniform Code of Military Justice is funny that way. If command could argue that the systems managers had a duty to secure the systems, the failure to do so would be a culpable crime.
  That said, I'm sure it didn't happen that way because the defense would turn the spotlight of attention up the chain of command, embarrasing everyone above the "foot soldier" level with their own inattention to duty. You'll almost never see a prosecution in those circumstances. Besides, the negligence which led to the event probably doesn't come to the level of criminal negligence. (I don't think leaving a vulnerable computer exposed to the internet has quite become criminal negligence yet, since so many people continue to run unpatched Windows installations.)
  
  --
  Welcome to the Panopticon. Used to be a prison, now it's your home.
12. Re:Reverse the charges by hawkinspeter · 2012-12-14 08:22 · Score: 2
  
  As he wasn't in the US, he shouldn't be subject to US law. As he is in the UK, he's only subject to UK law.
  
  --
  You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
Treaties suck by Anonymous Coward · 2012-12-14 05:07 · Score: 0

Treaties trump local and federal laws and reasonable suspicion. Once you have a treaty, you must do as treaty says, even if it is wrong. If you do not, then you nation is a scum-bag and the other nation can decide to not honor treaties also. Personally I believe we have too many frivolous treaties. More treaties need to be dishonored, the true nature of nations needs to be exposed. The USA has too many things that benefit corporations and even it's own government. The rest of the sum bag nations need to be exposed also.
ok by Anonymous Coward · 2012-12-14 05:11 · Score: 0

I didn't know accessing a database and reading some files could cause $800 000 worth of damage, seems reasonable.
1. Re:ok by Grumbleduke · 2012-12-14 05:31 · Score: 1
  
  It's possible deleting a load of critical system files (shutting down various military networks) and removing over 2,000 user accounts may have caused some of the damage (both long-term costs of replacing, and call-out fees for technicians during the short-term panic of working out what was going). If you want more details of what he is accused of, read the first few paragraphs of this judgment.
2. Re:ok by Opportunist · 2012-12-14 05:44 · Score: 1
  
  It can. Not directly by damaging files, but indirectly by requiring a verification on all those files because they COULD have been tampered with. Now all it takes is a LOT of data with originals stowed in some hard to reach place and you're getting there.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
The guilty ones by edibobb · 2012-12-14 05:13 · Score: 2

If anyone should be punished, it's those incompetents who did not secure the computers in the first place. It's like leaving the door to the office building unlocked and unguarded. There's nothing like a foreign scapegoat to distract the news media.
1. Re:The guilty ones by TFAFalcon · 2012-12-14 05:51 · Score: 1
  
  My guess is that any investigation into this security SNAFU would end up uncovering a memo stating something like 'We've finished securing the network using the full $10.25 granted by congress. Please dedicate more funds next year.' After that any investigation would suddenly find itself without funds and be quickly shut down.
2. Re:The guilty ones by Anonymous Coward · 2012-12-14 06:02 · Score: 0
  
  If I leave my house unlocked and someone comes in and takes all my stuff while I'm out, should I be charged with robbery and the actual robber let off scot-free?
3. Re:The guilty ones by edibobb · 2012-12-15 15:00 · Score: 1
  
  If you are working in my house, then you are responsible for locking the door when you leave.
So, I guess this is what it takes... by Anonymous Coward · 2012-12-14 05:27 · Score: 0

...to be banned in real life.
No USA trips for him any time ever.
he guessed the passwords by alices+ice · 2012-12-14 05:29 · Score: 2

he also admitted his "hacking" was almost entirely limited to guessing default or super weak (12345) passwords- this is actually farcical. they have to paint him as some Asperger super hacker to stop themselves looking like idiots
Captain Explanation to the rescue! by Anonymous Coward · 2012-12-14 05:31 · Score: 0

He's making fun of careless writing in TFS:

causing $800,000 (£487,000) to military computer systems
Re:Loony by wild_quinine · 2012-12-14 05:48 · Score: 4, Funny

No, he has Asperger's syndrome, which, from what I can gather, is way for IT guys like us to behave like absolutely fucking pricks, and we just have to hold up the card "Asperger's" and everyone is supposed to accept our miserable attitude. Apserger also apparently extends to hacking into systems we have no business being in. Apparently, providing we have this wonderful social ineptitude disease, we don't face the consequences of any of our online actions.
I don't know about the rest of you, but I think I'm going to go out at lunch and kick some little old lady in the ass. "Asperger's!"
Did you really just have an uncalled for, violent, frothing rage at people with "social ineptitude disease"? You know, it pays to look both ways before crossing Irony Street.
Good thing... by Anonymous Coward · 2012-12-14 05:55 · Score: 1

...his name is Gary McKinnon and not say, Babar Ahmad...
WASTED TIME . . . by Anonymous Coward · 2012-12-14 06:00 · Score: 0

all this time everyone's been watching this case and worrying, oh man I hope I don't get in trouble for hacking or pissing off the wrong powers that be.
Further.
It nipped the UFO discussion/hacking talk in the bud. Fear effect.
All it did was dumb us down, pushing shit back ten years, am I glad his already fucked up life won't be fucked up further? Sure I am, but in the big picture none of this hacking crap matters because it was all a pile of bullshit black ops from the start. To scare would be hacker/crackers
THIS FEAR HAS WASTED 10 YEARS AND ALLOWED A POLICE STATE IN
Re:Loony by Anonymous Coward · 2012-12-14 06:10 · Score: 1, Interesting

No, he's laughing at the people who think assburgers is a defense for committing crimes.
No, they would have had to taken them down NOW by Anonymous Coward · 2012-12-14 06:12 · Score: 0

There was operational data on some of those computers.
AS SOON AS the security breech was discovered, they would have had to take down the system IMMEDIATELY in case the system hadn't yet been noticed. Delay 5 seconds longer and that's long enough to copy a few MB of data off there.
That you think they should is indication of why you MUST NEVER work in security EVER.
IT IS NOT a reason why McKinnon did that damage, merely reason to be stark staring petrified of you EVER having ANYTHING to do with security.
1. Re:No, they would have had to taken them down NOW by Hognoxious · 2012-12-14 22:42 · Score: 1
  
  AS SOON AS the security breech was discovered
  I heard they tried to muzzle him, but he had them over a barrel. There's obviously mortar this story [enough - Ed]
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
You had nothing stolen by Anonymous Coward · 2012-12-14 06:18 · Score: 0

You had nothing stolen, so the robber was not stealing.
The front door had "Welcome" written on it.
You are not going to manage to get the bloke who walked in, read your newspaper and walked out again who was under the impression this was an open lounge done for burglary.
And in your case, you would not be insured, so you would NOT get damages back for having to replace things or put locks on your doors and windows.
So even in your bad analogy, what the USA tried to do would be illegal (fraudulent claim against insurance for your analogy).
But in this case, it wasn't even burglary.
This is Dumb by TemperedAlchemist · 2012-12-14 06:37 · Score: 1

Hack into a foreign government's computer system and cause $800k worth of damage, violating international laws in the process? Extradition is blocked.
But if you're Richard O'Dwyer and do something completely legal in the UK and causing no direct monetary damage? Theresa May goes out of her way to bend over and let Uncle Sam do his dirty work.
The difference? One guy was looking for UFOs, the other had a website that had links to pirated content. Logic, right?
My feelings could be summed quite well by a lovable Tim Minchin
1. Re:This is Dumb by Xest · 2012-12-14 21:52 · Score: 1
  
  To be fair, O'Dwyer largely only has himself to blame though. In accepting the deal with the US to pay them $20,000 and promise not to break any US laws again (which is fucking sick, since when did the US get to hold British citizens to US legal standards?) he ended the situation early, but didn't let enough pressure build on Theresa May to go the same route.
  I think it's almost a certainty that O'Dwyer's extradition would also have been blocked eventually once appeals etc. were exhausted and enough political pressure exerted, but he didn't let it reach that point. I sympathise with why he didn't, but I think the deal he accepted was pretty fucking stupid, as he signed an agreement that means he can now be extradited to the US for breaking a US law in the UK that is not a crime here.
  Potentially, if he was jaywalking in the UK (not an actual crime in the UK) that could now give the US reason to extradite him again. Whether they'd actually do that I guess depends on what he does with his life now, but there strikes me as something very wrong with the deal he accepted.
  Still, I can sympathise with why he accepted it- to get it all over and done with, but I'm intrigued to see if it turns round and bites him sometime in the future, I wouldn't want that deal hanging over my head as it strikes me as almost as bad as the extradition itself hanging over you.
Not for long by ThatsNotPudding · 2012-12-14 06:40 · Score: 1

So if he's not getting extradited, and there are no charges in the UK, is McKinnon a free man?
Only until he pops up on Seal Team 6's list.
A reason breaking is separate from entering by SuperBanana · 2012-12-14 06:47 · Score: 1

Look, clearly you're new to this whole thing, because the whole "it was unlocked" crap has been trotted around here since 1998 or so. 1)Trespass is still a crime. Further, breaking and entering requires only pushing open a closed door - it doesn't have to be locked. They're still separate crimes. If someone's front door is open but you don't belong in their house, you're still "entering" and committing trespass, which is illegal, and has been since common law times. 2)He didn't just enter the systems, he modified them, destroyed both data and functionality, and installed spying software.

--
Please help metamoderate.
Re:No, you're a twat. by Anonymous Coward · 2012-12-14 07:08 · Score: 0

Looks like we got a self-diagnosed assburgers sufferer here.
Ulterior motives by Anonymous Coward · 2012-12-14 08:12 · Score: 0

He's guilty as hell, and they know it. This is basically just a way for them to tell the US "Screw you," once again. There was no doubt whatsoever, since he clearly did it, and clearly admitted it. No one but a liar would say the chance of conviction was low in a fair trial. The only other possibility is that he was actually working for them, but I find this less likely.
1. Re:Ulterior motives by hawkinspeter · 2012-12-14 09:20 · Score: 1
  
  However, it's debatable whether his actions were illegal in the UK. US laws don't have jurisdiction over UK citizens unless they are in the US despite what the US government might want. The issue is which laws did he break?
  
  --
  You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
2. Re:Ulterior motives by Anonymous Coward · 2012-12-14 20:50 · Score: 0
  
  Computer Misuse Act? http://en.wikipedia.org/wiki/Computer_Misuse_Act_1990
3. Re:Ulterior motives by hawkinspeter · 2012-12-14 21:20 · Score: 1
  
  Yep - most likely. I think he's already served the 6 months maximum prison term and he's probably lost more than the Â£5000 maximum fine.
  
  --
  You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
Gary M. not the problem, lack of adequate security by rts008 · 2012-12-14 09:01 · Score: 2

More like breaking in (maybe through a weak door),...

The quote contains the root of the problem.
If these compromised networks had adequate security to start with, Gary M. wold not have gotten in.
As long as the mindset of 'convenience/budget overrules security' this stuff will keep happening frequently.
There is a good reason banks spend the money to install those expensive, elaborate bank vaults for the money to be kept in.
We see that here on /. all the time, and have for years....thousands of comments by IT folks on /. complaining that their pointy haired bosses begrudge the cost of network security, yet that network is so vital to the organization.
I propose that when these security breaches occur, that those responsible for security policy decisions share the guilt with the 'hacker' equally.
Only then will this issue be improved.

--
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
Hit the nail on the head with sledge hammer.... by rts008 · 2012-12-14 09:16 · Score: 1

Now for the obligatory /. car analogy:
I leave my laptop on the front seat, get out of the car, lock all the doors, and walk away. Some passerby looks in and sees the 'OH, Shiny!' sitting there and then reaches in the open window and takes it.
I cry foul!
Where the major difference between the analogy and the network breaching comes into play:
Most everyone will agree the theft was wrong, they still consider me an idiot for not rolling up the windows, but the network lack of adequate security seems not to cause that same 'You're an idiot' response. WTF?

--
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
1. Re:Hit the nail on the head with sledge hammer.... by Hognoxious · 2012-12-14 22:29 · Score: 1
  
  In the real, physical, tangible world there are behaviour conventions that are either ingrained or that we learn as children.
  These are largely, at present, absent in cyberspace which, rightly or wrongly, is regarded as different.
  Hence, the "unlocked door/open window == an unsecured server" argument is a pile of poo just like ur mom.
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Re:Gary M. not the problem, lack of adequate secur by Grumbleduke · 2012-12-14 09:33 · Score: 1

But that isn't how (most) crimes work. It is (in many places) a criminal offence maliciously to gain unauthorised access to computer systems, and thus those who do so should get punished. Arguments of proportionality of sentences, precise wordings of the offence and the purpose/merits of a criminal justice system aside, whether other people are also doing shouldn't really be an issue.
Whether or not other people are to blame (the operators of the system, other people breaking the law) is a separate issue, and is between them and the authorities. Should the system techs and operators be held criminally responsible? Probably not. However, should they be liable for their own negligence and/or breach of contract, definitely. And their supervisors. And anyone else who is liable (civilly).
Iran Called! by andersh · 2012-12-14 12:45 · Score: 1

Iran called. You're guilty of unislamic behavior in the US/UK/anywhere. Please report to Teheran's Torture and Corrections department tomorrow... They too have extraterritorial laws, we should respect that, right? Hahaha.
1. Re:Iran Called! by tnk1 · 2012-12-14 19:32 · Score: 1
  
  If we had a treaty with Iran for such things, then yes, you could be arrested for that in the US and held for an extradition hearing. Of course, the extradition treaties are usually clear about the sort of offenses allowed for extradition and what sort of punishments could be expected. In both cases, it's almost impossible that the US would sign such a treaty with Iran, even if we didn't hate their guts, because the US will not sign a treaty that does not allow it's citizens the freedom of speech and religion.
  Unlike your Iran situation, the UK has signed agreements that cover this, and the crime was not political nor was it a speech issue. They do have the right to not extradite, as they have chosen, but they do have the responsibility to hold the hearing and extradite if appropriate. They would do that because the agreement is bilateral and the US would turn over people wanted on UK crimes as well, again, subject to an extradition hearing. Should the UK decide to completely not comply, then the extradition agreements would break down. Then, the US might have to resort to other means.
2. Re:Iran Called! by bytesex · 2012-12-14 22:45 · Score: 1
  
  You already have a treaty. It's called interpol, and Saudi used it last year to have a cartoonist extradited.
  
  --
  Religion is what happens when nature strikes and groupthink goes wrong.
3. Re:Iran Called! by Hognoxious · 2012-12-14 23:14 · Score: 1
  
  Unlike your Iran situation, the UK has signed agreements that cover this
  
  No they haven't. He isn't a tehrrust, and the amount of actual damages was not sufficient to make it a serious financial crime, which is why Hollywood accounting was applied.
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Re:Loony by ignavus · 2012-12-14 23:45 · Score: 1

No, he's laughing at the people who think assburgers is a defense for committing crimes.
It could be a defence if it is relevant to the matter of intent. Person A might buy a bomb to commit a violent crime. Person B might buy a bomb to see how they work - maintaining strict safety precautions for working with explosives at all times. Person B could well have Asperger's (there was such a case - including both Asperger's and all the safety precautions) - and the Asperger's diagnosis could be directly relevant to showing that there was no harmful intent or even negligence - just an unusual, rather than violent, hobby.
"Unusual hobbies" is part of the Asperger diagnostic crieria (unusual or intense interests). And people with Asperger's do not always have the same intent (motivation) that other people do. And they might be very meticulous in things like taking correct precautions because of their attention to details and tendency towards routine.
Psychiatric conditions might also be relevant during sentencing...

--
I am anarch of all I survey.
Re:Gary M. not the problem, lack of adequate secur by Anonymous Coward · 2012-12-14 23:47 · Score: 0

Yes, he committed a crime. But the potential punishment in the US was disproportionate to what he did.
Re:Loony by Anonymous Coward · 2012-12-15 02:06 · Score: 0

Why not - worked for this moron in the UK.