US Wants UK Hacker To Pay To Fix Holes He Exposed 403
bossanovalithium writes "Gary McKinnon, whose tribulations we have followed for several years now, is the UK hacker trying to escape extradition to the US. It appears he is expected to foot the bill for the US Government patching holes his breaching uncovered — to the tune of $700,000. It's not really the norm for someone to pay for exploits to be patched — damages fixed, yes, but this is a very different thing." The article paraphrases Eugene Spafford as saying that the victim of a cybercrime should not take the blame. "If someone broke a door to rob a store, he said, it was usual to charge them the cost of the door." Isn't the McKinnon case more like charging him to buy the lock that had been missing when he walked in?
China and Iran will tell Washington about it? (Score:4, Informative)
South Korea (the one with Seoul) probably would tell Washington about it, but it's unlikely that China or Iran would. It's more likely that they would exploit the vulnerability in secret.
Re:Taking responsibility for ones actions. (Score:4, Informative)
Re:Taking responsibility for ones actions. (Score:3, Informative)
You know, not from the U.S.
Is it really that expensive? (Score:2, Informative)
Re:I have to agree with kdawson... (Score:2, Informative)
Which country do you live in? I'm guessing the UK or somewhere in the EU. Here in the South, if someone was burglarizing my property repeatedly and also assaulted my wife, he would have been shot, not videotaped.
Fixed that for you.
Re:If he's a hacker... (Score:2, Informative)
He didn't "tell everyone that some houses have a big fucking gap". He was caught rooting around their files, looking for UFO secrets. That's trespass and theft and, due to the federal computers involved, espionage. And he wasn't graceful about it, he caused system disruption doing it and exposed the vulnerabilities to others. So yes, he has considerable responsibility for creating an even bigger risk for those computer owners.
This also provides plenty of fascinating legal grounds for extradition.
Re:No, that's just plain silly. (Score:5, Informative)
This is clearly a very intelligent person whose skills are of immense value.
From Wikipedia: McKinnon claimed that he was able to get into the military's networks simply by using a Perl script that searched for blank passwords; in other words his report suggests that there were computers on these networks with the default passwords active.
Note that this is never ever reported in news articles. It is always that he 'hacked into' the computers. I think most people would agree that trying blank passwords doesn't really count as hacking, and most people have probably done it at one point in their lives. It is completely ridiculous that he could be extradited over this.
Re:Well here is the US claim (Score:2, Informative)
Many posters here seem to believe he just 'pointed out security flaws', akin to telling someone their door locks are easily picked, and then suddenly being held responsible for the owner wanting better lock.
That is clearly not the case here. He found security holes, -and exploited them-, and -damaged systems- as a result.
http://www.publications.parliament.uk/pa/ld200708/ldjudgmt/jd080730/mckinn-1.htm [parliament.uk]
Even if I leave my door wide open, if someone comes in and trashes my house, I'm going to expect them to pay for the repairs and clean-up. That's going to include me doing a complete inventory to figure out what might now be missing or broken. And that will take a while.
Weak security != permission to exploit
And the $700K amount is vague as to it's origin, I also saw nothing that specifically indicated that any of the $700K was specifically for -upgrading- security.
Re:If he's a hacker... (Score:2, Informative)
I don't speak linux, maybe someone can explain to us what this means... after reading a couple of threads with just dd >null:yes rm dr >ewf1
somebody please translate linux jokes for us.
We windows users cant really do this. Right click my computer>manage>right click hard drive, select FORMAT!
haha
this is a Unix joke (also in BSD, Linux, Solaris, Mac, and Windows [with additional software])
/dev/zero (a virtual device that is just 0s)
/dev/hda or /dev/sda (the first disk drive)
dd if=/dev/zero of=/dev/hda
dd - convert and copy a file
if=FILE (read from FILE)
of=FILE (write to FILE)
So you are writing zeros to the first disk drive and wiping out the contents. And in turn removing ALL security holes
Re:If he's a hacker... (Score:4, Informative)
Except the US Congress have not Ratified the Extradition treaty with the UK
The UK can not request extradition of people from the USA
http://en.wikipedia.org/wiki/Extradition_Act_2003#US_ratification.2C_2006 [wikipedia.org]