I was hoping this would not be the case. McKinnon is going be crucified in a US court when they trot out the usual "terrorist" buzz words. The government is pissed! The article said that he was caught by tracing his hacking software to his girlfriend's email address - WTF does THAT mean?
Announcement
Collapse
No announcement yet.
UK hacker loses appeal against US extradition
Collapse
X
-
Re: UK hacker loses appeal against US extradition
Originally posted by SlackJaw View PostI was hoping this would not be the case. McKinnon is going be crucified in a US court when they trot out the usual "terrorist" buzz words. The government is pissed! The article said that he was caught by tracing his hacking software to his girlfriend's email address - WTF does THAT mean?
Personally, I have no sympathy for him. He (allegedly) broke the law, and was trying to hide behind the UK's extradition laws. If I recall correctly, he has repeatedly admitted what he did in published reports, but used a defense of "I didn't break the law THAT badly."
IMO, the US prosecutors should throw the book at him.Thorn
"If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird
-
Re: UK hacker loses appeal against US extradition
Originally posted by Thorn View PostIt probably means he was stupid enough to use his girlfriend's email address for something like a anonymous FTP. Of course, it may mean the IP address; it wouldn't surprise me that a non-tech reporter might not know the difference.
Personally, I have no sympathy for him. He (allegedly) broke the law, and was trying to hide behind the UK's extradition laws. If I recall correctly, he has repeatedly admitted what he did in published reports, but used a defense of "I didn't break the law THAT badly."
IMO, the US prosecutors should throw the book at him."640k ought to be enough for anybody" - Bill Gates 1981
Comment
-
Re: UK hacker loses appeal against US extradition
Originally posted by SlackJaw View PostI'm left wondering exactly what he did, and how it cost the government "hundreds of thousands" of dollars.
Of course, you have to ignore that the organization probably didn't pay out hundreds of thousands of dollars, but rather paid the normal salary to a handful of people that could, in theory, have been working on something else.
Comment
-
Re: UK hacker loses appeal against US extradition
Originally posted by SlackJaw View PostI was hoping this would not be the case. McKinnon is going be crucified in a US court when they trot out the usual "terrorist" buzz words. The government is pissed! The article said that he was caught by tracing his hacking software to his girlfriend's email address - WTF does THAT mean?
xor
The SAS coming in through the windows mite make anyones girlfriend give you up quick.
If you are going to try and hack the US government you better live in like China or Russia, not living in a country that is no doubt our greatest friend.Last edited by xor; July 30, 2008, 16:29.Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.
Comment
-
Re: UK hacker loses appeal against US extradition
Originally posted by Voltage Spike View Postthe organization probably didn't pay out hundreds of thousands of dollars, but rather paid the normal salary to a handful of people that could, in theory, have been working on something else.
So often, an organization (or even a whole industry) will claim huge "losses" due to anything from computer intrusion to piracy... but how often do these "losses" (at least, the numbers that appear on court documents) show up on end of year spreadsheets? or on tax returns?
if it's not being claimed to the IRS, it's not a real business loss, in my opinion.
(not defending digital nefarious-ness, btw... just speaking out against the manufacture of fake numbers for purposes of press releases or courtroom leverage)"I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
- Trent Reznor
Comment
-
Re: UK hacker loses appeal against US extradition
Originally posted by Deviant Ollam View Postsee... i've always found this to be interested. someone pointed out once that many organizations (be they non-profit educational institutions or for-profit publicly-traded companies) are required to have a good deal of open-ness with regard to their financial books.
So often, an organization (or even a whole industry) will claim huge "losses" due to anything from computer intrusion to piracy... but how often do these "losses" (at least, the numbers that appear on court documents) show up on end of year spreadsheets? or on tax returns?
if it's not being claimed to the IRS, it's not a real business loss, in my opinion.
(not defending digital nefarious-ness, btw... just speaking out against the manufacture of fake numbers for purposes of press releases or courtroom leverage)
Let's say, for the sake of this discussions, that he is guilty of what he has been accused of, illegally entering the networks of the US Government. Based on that the following are potential items that result in real cost, whether a tax paying organization or not:
1. Identifying how he entered the network and taking actions to prevent the same thing from happening again. When you taken into account the size of the DOD's organization from a physical and network, you can see how many sites would have to be inspected and verified. I believe I read somewhere that he accomplished this by using a dial up modem that provided access to the internal network. How hard is it to check for this? How many man hours do you think it would take to inpsect every phone number that answered with a modem at a Government PBX? While our military is vastly under paid, again speaking from first hand experience, there is still a cost to have these people doing this work.
2. Investigating what information he accessed and what the impact unauthorized access to that information has on our nation defense. Anyone who has done forensics analaysis knows that it is not a processed that is rushed, lest mistakes be made, and again given the size and potential number of systems he could have had access to and having to do the impact analysis of that amount of information is very time consuming and thus costly.
3. The last, and often the most overlooked, is what is the cost to fix any systems about which he gained information. Take any major weapons system or platform and the disclosure of even unclassified information that is available on government systems could reveal short comings or means to detecting or defeating those systems/platforms. The cost of having to do upgrads and or abandoning these systems and platforms as a result of the unauthorized access to this information should not be overlooked. No matter if he was acting along or in concert with 3rd parties the fact that the informaiton is no longer "controlled" means that it could cost lives in the wrong hands and therefore can not be considered safe any longer.
Bottom line - someone gaining unauthorized access to any information has a lot of hidden cost to the parties invovled.DaKahuna
___________________
Will Hack for Bandwidth
Comment
-
Re: UK hacker loses appeal against US extradition
Originally posted by DaKahuna View Postvery time consuming and thus costly
Another cost may be that of hiring new people to deal with the increased workload, but ,unless they are contractors hired solely for analysis/response, it isn't as simple as "time eq money".
Comment
-
Re: UK hacker loses appeal against US extradition
Even if they used existing contractors and other employees, there is surely overtime and performing work outside of the scope of an original contract to contend with. You can assume a full-time staff is performing regular operations, but probably not performing forensic analysis on systems just for the absolute joy it brings. It isn't like every location has a forensics expert hanging out.
I'll agree that some numbers that companies may put out are a little hard to swallow without proof. A billion dollar loss because the janitor got pwned is not going to fly too well. I think it may be an easier thing to state "This cost us n to clean up and remedy." rather than the whole "We lost huge tracts of land and many ponies because of this horrible atrocity, we demand compensation!" statement that is more often published.----------------------------------------
Fraternal Order of Locksport
Comment
-
Re: UK hacker loses appeal against US extradition
We're talking about the government here. When they say they spent x million dollars fixing something, it's typically an underestimation. Remember, they have to put everything out to tender, pick the highest bidder on a cost+ basis, run security clearances because the contractor only wants to send new guys, pay for time and cost overruns, fire that contractor (paying the termination fees), hire a new one, repeat, more time and cost overruns, file a lawsuit against the original contractor, and then they get 15000 pages of documentation dictating how they're going to track down the actual damage done. Somewhere on page 14999, someone checks the logs.
Comment
-
Re: UK hacker loses appeal against US extradition
Still not in jail, here in the US....WTF.
http://news.bbc.co.uk/2/hi/uk_news/8312134.stm
xor
Note to self, hire Gary's lawyer if I ever get in trouble.Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.
Comment
-
Re: UK hacker loses appeal against US extradition
In related news...
http://www.networkworld.com/communit...ity_2009-10-16
http://www.gao.gov/new.items/d104.pdf
xorJust because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.
Comment
-
Re: UK hacker loses appeal against US extradition
I have a friend that works in NASA and I asked him about this incident and what they have done to correct it. They aren't even allowed to talk about it (even internally), they refer to it as "the incident""As Arthur C Clarke puts it, "Any sufficiently advanced technology is indistinguishable from magic". Here is my corollary: "Any sufficiently technical expert is indistinguishable from a witch"."
Comment
Comment