Gary McKinnon Loses Extradition Appeal

G0rAk writes "The BBC is reporting that hacker Gary McKinnon has lost his High Court appeal against extradition to the United States. The fight is not yet over yet: 'We will certainly be applying for this court to certify a point of law of public importance and to grant leave.' said his lawyer, referring to alleged threats by US authorities. One New Jersey prosecutor apparently has stated that that 'he would fry,' a statement that would be among issues raised when they take they appeal to the House of Lords."

Re:WTF??

[Hittite Creosote]

You've a different read to the impression I've seen. He's someone who admits he has no high opinion of himself, some might say he has an overactive imagination, and his kiddie skillz were enough to get him in trouble because US military thought using Windows was a good idea (this is his legal defence line, anyway).

As you could tell if you read the article.

Go To Jail, Do not Pass Go

[sycodon]

maintained that he was motivated by curiosity
Hmmm... .I wonder how easy it is to get into...(insert anything here).

B.S. The guy is a hacker who purposely broke into a system he was not supposed to be in. He knew it. He knew it was improper and illegal.

It's no different that getting into bank accounts, credit card accounts, school records, etc.

If you excuse him, then no one can bitch and moan about hackers and vulnerabilities in Windows, OS X, Linux, or anything else.

If we are serious about computer security and viruses, and everything else, this guy must go to trial and probably go to jail.
l.

I agree, absolutely shocking

[Nicolas MONNET]

Esp. considering how little media attention it gets.

I wonder if the guy can appeal to the European Court of Human Rights, I hope they would cancel this scandalous extradition considering the terrible track record of the US justice system.

Note that before this case I believed that no country extradited its own citizens, because that's how it is here in France. Might have to do with brits being subjects, not citizens, I guess ;) Anyway, they (government) couldn't pull that shit off here. You might make fun of our propension to demonstrations and strikes, but that's how we keep the man in check.

Re:6 years ago i would of agreed with the court

[Cederic]

Do you really think that any court in America would give this punk the death penalty?

Yes.

Oh, it wont be for 'hacking', it'll be some contrived terrorism charge endangering the American national security or some such bullshit.

But basically, he wont get a fair trial, he wont get a reasonable punishment, he should not be getting fucking extradited. I'm pissed off with my own government for even considering permitting this.

Re:Let's Pretend This Is Your House

[rucs_hack]

I'm from the UK.

Frankly, he was a jerk to think that breaking into US military computers was a wise thing to do.

Ignorance of the law is no defence, he should face the full (custodial) penalty of the US over this offence. Perhaps that isn't the cool thing to say, but it's true.

Re:let the book be thrown

[_Sprocket_]

America will throw the book at McKinnon because they are embarassed of their lax security practises on such high profile systems. They will make an example of McKinnon because he used little more than a brute force 2-line PERL script to bombard many desktops with obvious passwords (e.g., "password" or "" [blank]).

Not quite. The US Government is not embarrassed over this incident. Officials will throw the book at McKinnon because, unfortunately, that's how they handle these things. For a long time, the US Government seemed more than happy to spend resources to prosecute attackers instead of due diligence efforts to make their networks harder targets. US Government officials may lack understanding on infosec issues... but they know, and write, the law. Any script kiddie pointing their box towards a .gov domain should keep this in mind.

Now - I don't subscribe to this belief. I find it rather sad. And thankfully, since the time of McKinnon's attacks, some things have changed. But bureaucracy is a tough vehicle to turn. I only wish all of the US Government's infosec woes were well handled since then.

America is even more ashamed of this security breach because the many same systems were infiltrated by Mathew Bevan using the exact same tactics over 10 years prior. That's right - these government and military and NASA computers have had no password policy after 10 years and 2 break-ins. Adding the number 1 to the end of these passwords would have stopped McKinnon dead in his tracks.

We're actually talking about less than 10 years - maybe 8 years at the most generous. And I know for certain password policies existed in at least some of the institutions targeted during the time of McKinnon's attacks. Having said all that - the incident does hint at issues that existed in US Government's handling of Infosec. It may not be such a clear guide to the current state.

McKinnon is not a sophisticated programmer or cracker. He simply challenged seemingly high security systems with very low-tech kludgey scripts to see what would happen. He got lucky, then he got audacious, and then he got careless.

I can't say what degree of security existed in all networks McKinnon touched - but I wouldn't expect they would have been classified as "high security" systems. There's a lot of hyperbole that seems to be associated with this and similar cases. Everyone seems to be making the situation grander than it really is. For example - McKinnon is correct when he notes there is a Building 8 at JSC that houses an imaging department. But that building is hardly a secured facility and, in fact, also houses the site's medical clinic. It would seem to be an odd location for a group that's supposedly dedicated to eradicating photographic evidence of extraterrestrial space craft from NASA's stock footage (never mind the technical challenge of targeting a system specifically in Building 8 when JSC's campus and associated network is large and complex).