Slashdot Mirror

← Back to Stories (view on slashdot.org)

No Charges In UK For Gary McKinnon

Posted by Soulskill on from the end-of-a-long-road dept.

clickclickdrone sends this news from the BBC: "Computer hacker Gary McKinnon, who is wanted in the U.S., will not face charges in the U.K., the Crown Prosecution Service has said. Director of Public Prosecutions Keir Starmer QC said the chances of a successful conviction were 'not high.' He announced the decision some three months after Home Secretary Theresa May stopped the extradition. Mr. McKinnon, 46, admits accessing U.S. government computers but says he was looking for evidence of UFOs. The U.S. authorities tried to extradite him to face charges of causing $800,000 (£487,000) to military computer systems and he would have faced up to 60 years in prison if convicted."

29 of 148 comments (clear)

  1. this: by samjam · · Score: 4, Informative

    The UK CPS declined to prosecute him originally and further decline to do so now.

    This trumps all other arguments.

    --
    blog.sam.liddicott.com
    1. Re:this: by Grumbleduke · · Score: 4, Interesting

      McKinnon even sued the CPS over their decision not to prosecute him, and lost (judgment here). The CPS really don't want to prosecute him.

    2. Re:this: by stephanruby · · Score: 4, Informative

      The UK CPS declined to prosecute him originally and further decline to do so now.

      And yet, McKinnon said he'd be willing to plead guilty if he was prosecuted in the UK.

      By letter dated 5 June 2009, the Claimant made further representations and indicated that he would be willing to plead guilty to an offence under section 3 of the 1990 Act. Accordingly, the Director was invited to reconsider the decision not to prosecute, since the evidential test was now satisfied, having regard to the wider public interest which, it was asserted, pointed to a prosecution in the United Kingdom. The Director was further invited to "have full regard to Article 3 and Article 8 of the Convention".

      Perhaps, it would have been too much of an embarrassment to the US if the guy had only received 6 months probation and a 1000 fine when what they really wanted was to set an example and have this autistic guy up-rooted from his own country/family, bullied and raped, and locked up in a Federal prison for the next 60 years.

  2. caused $800,000... by Hagaric · · Score: 5, Funny

    Could he come & cause $800,000 to my computer system too? I could use the upgrade...

    1. Re:caused $800,000... by serviscope_minor · · Score: 5, Informative

      He didn't of course.

      It's an outright lie by the US prosecutors, since they appear to lack any kind of moral fiber.

      It's equivalent to having a burglar walking in the front door then the homeowner claiming costs for upgrading all the locks are due to the burglar.

      Sure, they needed to trash and reinstall all of the machines. But they would have needed to do exactly that anyway when an internal audit showed they were insecure.

      --
      SJW n. One who posts facts.
    2. Re:caused $800,000... by Grumbleduke · · Score: 5, Informative

      For the record, according to one of the court rulings he was accused of the following:

      "Between February 2001 and March 2002 he gained unauthorised access to 97 computers belonging to and used by the US Government... From those computers, he extracted the identities of certain administrative accounts and associated passwords. Having gained access to those administrative accounts, he installed unauthorised remote access and administrative software called "remotely anywhere" that enabled him to access and alter data upon the American computers at any time and without detection by virtue of the programme masquerading as a Windows operating system.

      Once "remotely anywhere" was installed, Mr McKinnon proceeded to install his "suite of hacking tools" – software that he used to facilitate further compromises to the computers which also facilitated the concealment of his activities. Using this software, he was able to scan over 73,000 US Government computers for other computers and networks susceptible to compromise in a similar fashion. He was thus able to lever himself from network to network and into a number of significant Government computers in different parts of the USA. The relevant ones were:

      1. 53 Army computers, including computers based in Virginia and Washington that controlled the Army's Military District of Washington network and are used in furtherance of national defence and security [charges 1 to 2]
      2. 26 Navy computers, including US Naval Weapons Station Earle, New Jersey. This was responsible for replenishing munitions and supplies for the deployed Atlantic Fleet [charges 6 to 8]
      3. 16 NASA computers [charges 12 to 15]
      4. 1 Department of Defense computer [charges 17 to 18].

      Once the computers were accessible by Mr McKinnon, he deleted data including:

      1. Critical operating system files from nine computers, the deletion of which shut down the entire US Army's Military District of Washington network of over 2000 computers for 24 hours, significantly disrupting Governmental functions
      2. 2,455 user accounts on a US Army computer that controlled access to an Army computer network, causing those computers to reboot and become inoperable
      3. Critical Operating system files and logs from computers at US Naval Weapons Station Earle, one of which was used for monitoring the identity, location, physical condition, staffing and battle readiness of Navy ships. Deletion of these files rendered the Base's entire network of over 300 computers inoperable at a critical time immediately following 11 September 2001 and thereafter left the network vulnerable to other intruders.

      He also copied data and files onto his own computers, including operating system files containing account names and encrypted passwords from 22 computers. These comprised:

      1. 189 files from US Army computers
      2. 35 files from US Navy computers, including approximately 950 passwords from server computers at Naval Weapons Station Earle
      3. 6 files from NASA computers

      Mr McKinnon's conduct was intentional and calculated to influence and affect the US Government by intimidation and coercion. As a result of his conduct, damage was caused to computers by impairing their integrity, availability and operation of programmes, systems, information and data on the computers, rendering them unreliable. The cost of repair totalled over $700,000."

      Slightly more than a burglar walking in the front door and claiming the costs of upgrading the locks. More like breaking in (maybe through a weak door), completely trashing the place and leaving.

    3. Re:caused $800,000... by poetmatt · · Score: 3, Interesting

      Did he damage all that crap? possibly so, if it ever went to court. Did he do stupid things involving computers? possibly so, if it ever went to court. Was it " intentional and calculated to influence and affect the US Government by intimidation and coercion"?
      That's beyond laughable and imaginary hypothetical rhetoric, to say the least. It actually puts the US prosecutors into question as far as sanity.

    4. Re:caused $800,000... by serviscope_minor · · Score: 3, Interesting

      OK, my analogy was flawed, so I'll switch to a non analogy.

      They connected insecure systems to the internet.

      The result is that they needed to inspect and repair all of those systems regardless of whether McKinnon existed or not.

      The only reasonable response to finding the computers were potentially hacked would have been to put the entire lot offline instantly, no questions. What if it had been a much more competent foreign agent?

      How did they know that a Chinese government hacker hadn't subtly altered the readiness logs of the ships [*] at Weapons station Earle? How did they know other logs were not already filled with subtly but much more dangerously flawed data?

      Look, I'm not claiming what McKinnon did was good or right or legal.

      But claiming that he caused those costs is simply not true.

      They caused the costs through the most monumental security fuckup. The fault is entirely on them. McKinnon highlighted that they needed to spend the money RIGHT NOW to fix it.

      [*] for fuck's sake! They had logs about battle readiness on warships on the open internet and editable by almost anyone and they have the temerity to blame their fuckup one lone nutball? Words fail me.

      --
      SJW n. One who posts facts.
    5. Re:caused $800,000... by Grumbleduke · · Score: 3, Informative

      Was it " intentional and calculated to influence and affect the US Government by intimidation and coercion"?

      Well the damage was obviously intentional, and it was calculated to influence the Government (even if it didn't) as evidenced by the note he admitted to leaving behind which read:

      "US foreign policy is akin to Government-sponsored terrorism these days It was not a mistake that there was a huge security stand down on September 11 last year I am SOLO. I will continue to disrupt at the highest levels "

      That sounds rather like an attempt at intimidation and coercion (however pathetic) to me...

    6. Re:caused $800,000... by Grumbleduke · · Score: 3, Insightful

      The UK prosecutor can't be bothered to charge him, because the damage wasn't done in the UK (so there isn't really any public interest in prosecuting) and the US didn't want to hand over all the (sensitive) evidence (of the details of all their military computer networks) to the UK authorities (for them to be made available in open court).

      The CPS not bringing a case doesn't mean they think he's innocent, just that they don't think it's worth the trouble to try to prosecute him.

  3. Is he free? by Hatta · · Score: 3, Interesting

    So if he's not getting extradited, and there are no charges in the UK, is McKinnon a free man?

    --
    Give me Classic Slashdot or give me death!
    1. Re:Is he free? by schneidafunk · · Score: 3, Funny

      They're having him work for SETI.

      --
      Some people die at 25 and aren't buried until 75. -Benjamin Franklin
    2. Re:Is he free? by Baloroth · · Score: 4, Informative

      So long as he stays in the UK, yes. The US still has an extradition warrant against him, so if he travels to another country he could be extradited from there (although it would depend on the judgment of those courts). Traveling to the US would obviously get him arrested.

      --
      "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    3. Re:Is he free? by geekoid · · Score: 4, Funny

      Maybe he will be abducted~

      --
      The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
    4. Re:Is he free? by tnk1 · · Score: 2

      Yes, I do think that. You seem to be of the opinion that the US government is going to extra-judicially abduct a public figure from an allied country for a minor offense. They might do that if he was some faceless terrorist in Yemen who they can't keep tabs on easily, but for a British nutcase? It's not worth the trouble. Do you know how many people they would have to abduct if they did they for every extradition charge that beat their rap?

      You only need to abduct people who you can't use the system to deal with. Iraq and Afghanistan are outside that system, and so the gloves have to come off there if they want to get their way. It may seem like they are wasting money to you, but I assure you, for the right people, it was money well spent. There is no return on investment in abducting this crackpot.

    5. Re:Is he free? by xaxa · · Score: 3, Informative

      Aren't there laws in the UK that allow holding 'suspected terrorists' for as long as they want? So not getting charged may not mean much.

      No. For "terrorism" it's 14 days, after a reduction from 28, and an attempt by the government to increase it to 42. See https://www.liberty-human-rights.org.uk/human-rights/terrorism/extended-pre-charge-detention/index.php

      See http://www.yourrights.org.uk/yourrights/the-rights-of-suspects/police-powers-of-arrest/police-detention.html for the case for normal offences (24 hours, possibly extension to 36).

  4. Re:proofread a few lines only? by halfEvilTech · · Score: 4, Insightful

    Damages they are claiming though come from having to fix the vulnerabilites that let him in in the first place. That and the money spent on the legal bills for embarassing them.

  5. Reverse the charges by FrostedWheat · · Score: 4, Insightful

    Right, so the real people responsible will be charged now? The ones who left seriously insecure military computers connected to the internet?

    1. Re:Reverse the charges by Opportunist · · Score: 2

      Hey, all he wanted to do is play a nice game of chess.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Reverse the charges by hawkinspeter · · Score: 2

      As he wasn't in the US, he shouldn't be subject to US law. As he is in the UK, he's only subject to UK law.

      --
      You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
  6. Re:proofread a few lines only? by serviscope_minor · · Score: 2

    and it costs money

    It would have cost the same with or without McKinnon. Unless you think it's reasonable for them to leave unsecured computers connected to the net until such time as they happen to notice an exploit.

    --
    SJW n. One who posts facts.
  7. The guilty ones by edibobb · · Score: 2

    If anyone should be punished, it's those incompetents who did not secure the computers in the first place. It's like leaving the door to the office building unlocked and unguarded. There's nothing like a foreign scapegoat to distract the news media.

  8. Re:proofread a few lines only? by Albanach · · Score: 3, Insightful

    Surely if you discovered computers important to national security were unprotected, were using default passwords allowing easy access, or hadn't been appropriately patched and maintained, you would have to treat these machines as potentially compromised whether or not you know someone had accessed them.

    As a result, all the costs you mention, other than the legal ones, would necessarily have to be incurred anyway.

  9. Re:proofread a few lines only? by Grumbleduke · · Score: 2

    McKinnon is accused of deleting a load of "critical system files" from a number of key military computers (shutting down various networks), along with over 2,000 user accounts from Army's Washington DC(?) network. They wouldn't have had to fix all of that without his interference.

    As for the computers being unsecured, afaik there is no way to completely secure any network connected to the Internet, although I don't know how much work he had to do to break in.

  10. he guessed the passwords by alices+ice · · Score: 2

    he also admitted his "hacking" was almost entirely limited to guessing default or super weak (12345) passwords- this is actually farcical. they have to paint him as some Asperger super hacker to stop themselves looking like idiots

  11. Re:proofread a few lines only? by serviscope_minor · · Score: 5, Insightful

    They wouldn't have had to fix all of that without his interference.

    Please NEVER EVER get a job in security.

    Ever

    Ever

    Ever.

    Once such important systems had even been found potentially compromised, they become entirely untrustworthy and cannot be used.

    They noticed McKinnon by sheer blind luck.

    If it had been a competent agent of Mossad or something they would never have noticed. Or by someone as competent as the guys that made Flame.

    But the fact that they were wildly insecure meant that they would have had to shut down the entire system basically instantly and repair it.

    They were bloody lucky it was McKinnon and not someone else.

    --
    SJW n. One who posts facts.
  12. Re:Loony by wild_quinine · · Score: 4, Funny

    No, he has Asperger's syndrome, which, from what I can gather, is way for IT guys like us to behave like absolutely fucking pricks, and we just have to hold up the card "Asperger's" and everyone is supposed to accept our miserable attitude. Apserger also apparently extends to hacking into systems we have no business being in. Apparently, providing we have this wonderful social ineptitude disease, we don't face the consequences of any of our online actions.

    I don't know about the rest of you, but I think I'm going to go out at lunch and kick some little old lady in the ass. "Asperger's!"

    Did you really just have an uncalled for, violent, frothing rage at people with "social ineptitude disease"? You know, it pays to look both ways before crossing Irony Street.

  13. Re:proofread a few lines only? by sjames · · Score: 3, Insightful

    Yes they would IF they were doing their jobs. As soon as it was found that someone from the outside could (even in theory) gain access to those machines, they were untrustworthy and needed to be wiped completely and re-installed. For all we know, actual enemies had been playing in those systems for quite a while and would still be there if not for McKinnon bumbling in and making noise.

  14. Gary M. not the problem, lack of adequate security by rts008 · · Score: 2

    More like breaking in (maybe through a weak door),...

    The quote contains the root of the problem.

    If these compromised networks had adequate security to start with, Gary M. wold not have gotten in.

    As long as the mindset of 'convenience/budget overrules security' this stuff will keep happening frequently.
    There is a good reason banks spend the money to install those expensive, elaborate bank vaults for the money to be kept in.
    We see that here on /. all the time, and have for years....thousands of comments by IT folks on /. complaining that their pointy haired bosses begrudge the cost of network security, yet that network is so vital to the organization.

    I propose that when these security breaches occur, that those responsible for security policy decisions share the guilt with the 'hacker' equally.

    Only then will this issue be improved.

    --
    Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti