McKinnon should be scared; so should America

McKinnon should be scared; so should America

Summary: A disproportionate punishment for the NASA hacker will only incite more, and most likely less benign, people to follow in his footsteps

TOPICS: Security

"I am practically hung and quartered already" – Gary McKinnon, speaking in London on Wednesday as a UK judge decides he should be extradited to the US to face hacking charges

The unemployed North Londoner's predictions for his fate are morbid but his instincts are sound. If his appeal fails, it is unlikely he will find mercy abroad.

But while McKinnon knows what will happen to him, US authorities show no equivalent insight. Harsh injustice breeds righteous anger, and the world is full of hackers who will be only too eager to protest their disgust in practical and most unwelcome ways. Very few of them will be as easy to find as the hapless and harmless McKinnon, whose good nature amplifies his plight.

A good way to protect your critical national infrastructure is to reduce the number of people wishing to do it harm, not provide them with needless martyrs and motivation. Actions like this are akin to President Bush's "Bring it on!" brag to Iraqi insurgents in 2003, and may have equally infamous consequences.

Such considerations would matter less if the real lesson of McKinnon's activities had been learned: don't leave your system security in a mess.
McKinnon claims that in one system he found the local administrator's password was blank, which he found understandably "frightening". But we have no evidence that the authorities really took his actions seriously: where is the widespread reform, where the sackings and new blood, that would normally follow from a breach of this claimed magnitude?

While McKinnon clearly broke the law and deserves some kind of punishment as a result, the US doesn't have the best track record in handing out retribution proportional to the crime committed.

If extradited and convicted, McKinnon could be sentenced to up to 70 years in jail. That's a scarily long time -- perhaps not long enough for the US to realise that bad justice hurts those who deal it just as surely as those on the receiving end.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • As I understand it, the extradition arrangements with the US are not mutual and US does not have to prove it has a case, only make allegations.

    The US should prove it's case in our courts and our courts should pass sentence, in our jails if a jail sentence is appropriate.

    We read today that no way will the US close down Guantamo Bay!

    Between the EU and the US, our citizens are loosing all the rights that they were used to, despite the EU legislation on Human Rights. We have never lived in a more restrictive age.

    Perhaps Gary should appeal to the European Court of Human Rights, which should hold that he be tried and sentenced in his own country.
  • My statement regarding today's events.

    The verdict in the Gary Mckinnon extradition trial was really no shock
    to me considering the political climate. Lets face it, this is not about
    hacking or security this is about politics and money. Cynical? You bet I
    am, having been through an almost identical situation, very similar
    computer intrusions and similar motives - the only difference was I was
    pre-terrorism mania where everything and everyone is a suspect.

    Think about this, almost a decade ago machines belonging to the
    military, navy, army etc were broken into and this was the proof
    Congress needed to show that cyber terrorism existed. An unknown spy
    running rings of computer hackers to steal secrets for foreign
    governments. The fact that I was not a spy, and certainly not "possibly
    the single biggest threat to world peace since Adolf Hitler" didn't
    really make much of a difference to the fear machine that was put in
    place selling the idea that cyber terrorism was a real threat.

    Millions of dollars in budget increases, that is where the difference
    occurred. If you take the threat to be real (which it certainly wasn't
    back then and highly unlikely to exist today) then this raises
    questions, namely;

    1. Where have the mega budgetary increases actually been spent?

    Education cannot be one of them, as if machines are left in a state of
    'unpatched since install', with unpassworded points of entry - I cannot
    see that the money has gone to the improvement of sysadmin skills or
    awareness of the problems of being online.

    If you compare the awareness by consumers of security threats, people
    have seriously woken up to the fact that unprotected they are just
    sitting ducks to the onslaught of manual and automated attacks.
    Phishing, hacking, spam, bots, virii, worms - the majority of home users
    now have firewalls, anti virus software, spyware checkers etc - all of
    which have a much lower budget than the military. I suspect that as
    governments, unlike corporate entities do not have shareholders to
    answer to. They do not have to explain why their machines were offline
    and money was lost, that in fact they can just blame budget instead of
    actually being proactive and moving with the times.

    2. If in this case as in mine, there were clearly many other hackers
    with access to the same systems at the same time, why have they not been
    prosecuted or even mentioned?

    This seems to me to be more proof of my theory that so-called super
    hackers are hauled in front of the courts when it is convenient for
    their cases to be used for more proof of computer insecurity and the
    need for greater budgetary increases..

    3. Where are the administrators and their bosses in this case?

    In this political climate, one of the dark looming threat from the bad
    men all around us (as we are constantly reminded), to not secure
    machines properly they have committed federal offences. It is surely not
    good practice to have machines, sitting on the Internet, unfirewalled,
    unpassworded containing alleged sensitive information - and most likely
    a direct violation of their contract and training.
    This is a sysadmins first job, to change any default passwords or to set
    ones where they are not needed - and certainly ensure that those
    machines are sitting behind a firewall. I am not trying to say that Gary
    was attempting to test their security, but if this was a corporate
    environment the sysadmin would have some major explaining to do.

    4. Is the fact that the USA are fighting so hard for extradition a dig
    at our legal system?

    Gary has admitted his guilt and wants his trial to be in the UK, so why
    can't he be tried here? Could this be to do with the fact that most
    computer crime here (financial gain notwithstanding) is dealt with by
    means of fines. Do the USA see us as a soft touch? This brings the idea
    of two scenarios;

    - Gary being tried by a jury of his peers. They hear the evidence and
    consider the fac
  • Gary has admitted his guilt and wants his trial to be in the UK, so why
    can't he be tried here? Could this be to do with the fact that most
    computer crime here (financial gain notwithstanding) is dealt with by
    means of fines. Do the USA see us as a soft touch? This brings the idea
    of two scenarios;

    - Gary being tried by a jury of his peers. They hear the evidence and
    consider the fact that the machines were badly administrated and this is
    taken into consideration when sentencing.

    - Gary being tried in a foreign country by a jury that hears he has
    'attacked their country' this is bound to have a bearing on the sentencing.

    A possible 70 years in prison, for what exactly? showing that in a
    decade the USA military have not learned, or at worst, blatantly ignored
    the security threats around them when it is they who tell us every day
    that we should be afraid.

    In my case I was never debriefed by any of the authorities that I
    hacked, never asking how I did what I did - never asking me to comment
    on my peers or related community. Gary says he is guilty, why are we
    going to punish this man further by sending him to a foreign jail which
    is known for brutality against inmates:

    - where is the leniency for admission of guilt? Let this guy talk to
    kids about how this trial has affected his life. Let this guy talk to
    governments.. Let this guy talk and discuss and explain.. don't send him
    to a punishment likely to be worse than he would receive in this country
    for murder.

    The extradition bill is being tested right in front of your eyes, it is
    a blatant decline in our civil liberties and a worrying step forward for
    our so-called democratic society.

    Mathew 'Kuji' Bevan
  • I work for the Mod. In order to claim overtime, I am required to provide a login name and password for two sites. Hardly top secret stuff, but it would seem to be a damn sight more secure than the US military.
    Furthermore, locking up Gary would, as the previous commentator stated, wave a red flag to other would-be hackers to have a go. If I was an insurgent in Iraq, I'd put down my gun and crank up my laptop.
  • Sacrificing a lamb to please the gods of the day is what governments did a few centuries ago. As well as burning to death anyone questioning the believes of the state.
  • Gary McKinnon is not guilty of any hacking The internet was designed as an open access system right from the concept it was designed to share information. If the US government choose to connect secret systems to it unprotected by leaving default passwords they are actualy inviting access on an open system. However they also routinely burgle other peoples computers on a continuous 24 hr 7 day a week basis,also they illegaly tap telephone calls via the keyhole sattelite,and have installed an illegal backdoor access to every copy of windows operating system to allow themselves in they are far more guilty than Gary Mckinnon.see the following link

    America should be seriously worried about the vindictive idiots that are about to enslave it.
  • If you leave your door unlocked its still a crime to trespass in someone house through 70 years seems a little silly