Reliable Security Information


McKinnon at Bay: Brit hacker finds Uncle Sam a hard man

Gary McKinnon, a British hacker accused of breaking into US mil computers right after 9/11 will find out tomorrow if he's about to be thrown into the thresher of mean American justice.


The US media has had virtually no interest in him. But this is not the case in the UK, where McKinnon's extradition case and sorry tale have been virtually constant news, with the big newspaper -- The Daily Mail -- even going so far as to make him its special social cause.


McKinnon's case has become the focal point for a number of aggravations built up during the years since 9/11. Primary among these are an extradition act, agreed to by Tony Blair, which much of the British media seems to regard as the UK government playing toady to American interests for the sake of the war on terror -- at the expense of its citizenry.

Yesterday, The Scotsman explained it thusly:


"Britain has extradited more than twice as many criminal suspects to the US as have gone the other way, since a controversial new law was introduced, it has been revealed.


"Suspects in the US are also 20 per cent less likely to be extradited than those living here, figures showed ... Critics said it showed Britons had 'second-class status' when it came to being sent for trial in the US ...


"Under the act, prosecutors in the UK are required to produce 'probable cause' showing the defendant's guilt, critics claim. But US prosecutors are required only to produce an arrest warrant showing the person is wanted by the authorities."


There were two indictments against McKinnon in 2002, seven years ago. (See here and here.)


However, it is the second of the two which has raised the most ire on the other side of the Atlantic.


"McKinnon's series of computer network intrusions had a profound effect on Naval Weapons Station Earle's (NWS Earle) ability to accomplish its mission in the immediate aftermath of the Sept. 11 terrorist attacks," it reads. "The entire network of 300 computers at NWS Earle, located in Colts Neck, N.J., was effectively shut down for an entire week, according to military officials at NWS Earle. For another three weeks afterward, military personnel and government civilian employees at NWSE were only able to send and receive internal e-mail ... This was a grave intrusion into a vital military computer system at a time when we, as a nation, had to summon all of our defenses against further attack ..."


If convicted on this, McKinnon would stand to get five years and a quarter of a million dollar fine. However, the first indictment, for additional mil intrusions across fourteen states, adds another $900.000 in damages. Taken together, the Brit media has come to the conclusion that McKinnon, if convicted, will be sent over for life.


A few weeks ago, a reporter for the Daily Mail contacted this writer. The Mail has been the lead newspaper in a crusade to keep McKinnon in Britain and out of the hands of US authorities.


Did I think the President might intervene to stop this case? Hmmm, all things going on in this country considered, doubt it. But I don't have his ear, obviously.


Did I think Gary McKinnon was to be made an example because of the new American emphasis on cybersecurity?


Since McKinnon isn't known in the US, symbolic value of his prosecution would be nil. (Unless it changes and he becomes a media celebrity, as in the UK.)


As for sending a message with regards to the equality and certainty of stern retaltiation for messing with US military computers, malicious behavior on the network has grown by orders of magnitude since McKinnon's transgressions. Getting into mil computers through a dial-up connection for the sake of searching for information on UFO's and suppressed 'free energy technology' -- while suitably nuts-sounding -- doesn't scale favorably when compared to today's zombie botnets, malicious ISPs and organized criminal virus-writing operations.


Anyone who says different is saying things for public consumption or exaggerating.


In any case, many of the perceptions of the McKinnon case, as told in the British newsmedia, are fairly accurate in regards to the US justice system and its jails. McKinnon, a seemingly fairly harmless fellow, since diagnosed with Asperger's Syndrome, would probably wither and possibly die in an American penitentiary, they say.


While the Brits are certainly out for mercy, it's an accurate assessment.


In an affidavit to the British High Court reviewing McKinnon's appeal to void extradition, "Joel Sickler, head of the Justice Advocacy Group in Virginia, quoted examples of other prisoners in US prisons to argue that Mr McKinnon '"will almost certainly be exposed to neglectful care.,'" reported the Telegraph.


"He said that the US bureau of prisons 'has a well-known and terrible track record of delivering on any type of health care required by an inmate, especially those with some form of mental impairment.'"


Everyone gets 'neglectful' treatment in US prisons. It's just a fact. And the general attitude among the polity is that people in prison should be treated badly. The quality of mercy has been strained in all things over the past couple decades.


In any case, the Telegraph reported that anonymous Pentagon sources were assuring the paper McKinnon would receive no mercy.


"He did very serious and deliberate damage to military and NASA computers and left silly and anti-American messages, said one anonymous source to the newspaper. "All the evidence was that someone was staging a very serious attack on US systems."


Another anonymous US intelligence official told the newspaper: "He really caused us a lot of trouble."


Indeed, since McKinnon has been fighting being turned over to the US since 2002 and become a cause in the process (even rallying Pink Floyd's Dave Gilmour), he would naturally not be thought of fondly by stodgy law and order types.


However, "silly and anti-American messages" and causing "a lot of trouble" are hardly unique transgressions in cyberspace.


One can find much video of McKinnon, taken from British TV, by the bushel basket on YouTube.


On these and in the British press, McKinnon babbles about UFOs and free energy. After taking it all in, one comes to the conclusion that McKinnon sincerely believes what he's saying -- that he was about to download earthshaking photographic evidence of conspiracy when interrupted -- but that he's also a bit feeble-minded.


"As America goes on the warpath against a daily battery of cyber attacks, his family and lawyers fear that he could be made an example in a Virginia courtroom should he lose his battle against being sent to the US," concludes the Telegraph.


Going on the warpath against daily cyber assaults overstates US motivations a bit. But once someone is headed for the gears of the US justice system as a person caught in the hysteria of the war on terror, the machine can't and won't be switched off.


A better solution would have had the British government prosecuting McKinnon years ago. In this, British authorities are culpable, just as the American government is guilty of Ahab-like obsession. This would have been the reasonable solution.


There is precedent: In the late Nineties the British government tried to prosecute a hacker named Kuji, who in collaboration with a friend named Datastream Cowboy, had invaded US mil computers in Troy, New York.


What were they looking for?


"Matthew Bevan [Kuji] was interested in little but gathering evidence confirming that Area 51 was a secret hangar for captured alien spacecraft," reads an old but lengthy report from the Crypt Newsletter, a publication I edited.


The two hackers had been the centerpieces of US government warnings on invasions of its computer in reports and major news articles from '96 to '97.


However, at the time there seemed to be real little real practical interest in the US government in helping to ensure a prosecutions in the UK was successful.


It was a different time, well before 9/11, and "Matthew Bevan, 23, a hacker known as Kuji, walked out of a south London Crown Court a free man as prosecutors confessed it wasn't worth trying him on the basis of flimsy claims made by the U.S. military."


The claims were, in fact, not flimsy but that's the way it rolled. Is Gary McKinnon earning extra payback for what happened in the late Nineties? Do the people involved even care anymore?


Tomorrow, Gary McKinnon will get part of an answer, perhaps an exceedingly unpleasant one.


Updated


"Gary McKinnon has lost a judicial review against his extradition to the United States on hacking charges," reported el Reg a few hours ago.


McKinnon's lawyers have 28 days to appeal, it added.


"[A potential sixty year sentence] for a rather hopeless individual who believes in UFOs is obviously absurd, and British law should have the ability to ensure that a citizen is not exposed to harsher treatment in America, then Americans accused of the same crime would face here," opined a columnist at the Guardian.



McKinnon's mother appealed to Barack Obama, saying: "This is from the Bush era ... [Obama] would not want this to happen."




George Smith also blogs here.

Comments (1)

As a british citizen, I have seen a little of the press coverage.
It seems to me that the key to punitive action should be motivation. Was it this person's intent to shut down U.S. defence ststems?


Answer, no, it appears not.


Was the hacker a terrorist intending to damage the United States?


No, it appears not.


Was the hacker aware of the potential results of his intrusion?


No, it appears not.


If McKinnon is, as claimed, suffering from a mental disability, it seems the weight of the law is wasted upon him.


Sure, punish him, cut him off from the internet forever, lock him up...


But why?


Because he found an unlocked door? because he exposed just how woefully unprotected that computer network was?


Because a nerd in his bedroom across an ocean was free to roam what should have been a locked-down system.


Like most people, I've seen the 1980s movie 'War Games', in which a nerd in his bedroom hacks into a giant defence computer beneath Cheyenne Mountain. I'd have assumed the military out there had too, and laughed at how impossible the scenario was.


How naive of the military to imagine that there are no jihadist terror-hackers out there.


In short, I believe the hacker might deserve to be punished for his actions, but I see no reason why he should be extradited, and that if a custodial sentence were necessary, that it should be served in his home-country.


However, his success at penetrating that system should cause fingers to point at the persons whose duty it should have been to specify and ensure the computer network security, just as it would be if the hacker had walked in though the front gate of a naval defence establishment, past the guards, unchallenged, and gained access to its control room.

Leave a comment

 
Subscribe to SitRep:
GlobalSecurity.org SitRep RSS Feed GlobalSecurity.org SitRep ATOM Feed