Announcement

Collapse
No announcement yet.

UK hacker loses appeal against US extradition

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • UK hacker loses appeal against US extradition

    I was hoping this would not be the case. McKinnon is going be crucified in a US court when they trot out the usual "terrorist" buzz words. The government is pissed! The article said that he was caught by tracing his hacking software to his girlfriend's email address - WTF does THAT mean?
    "640k ought to be enough for anybody" - Bill Gates 1981

  • #2
    Re: UK hacker loses appeal against US extradition

    Originally posted by SlackJaw View Post
    I was hoping this would not be the case. McKinnon is going be crucified in a US court when they trot out the usual "terrorist" buzz words. The government is pissed! The article said that he was caught by tracing his hacking software to his girlfriend's email address - WTF does THAT mean?
    It probably means he was stupid enough to use his girlfriend's email address for something like a anonymous FTP. Of course, it may mean the IP address; it wouldn't surprise me that a non-tech reporter might not know the difference.

    Personally, I have no sympathy for him. He (allegedly) broke the law, and was trying to hide behind the UK's extradition laws. If I recall correctly, he has repeatedly admitted what he did in published reports, but used a defense of "I didn't break the law THAT badly."

    IMO, the US prosecutors should throw the book at him.
    Thorn
    "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

    Comment


    • #3
      Re: UK hacker loses appeal against US extradition

      Originally posted by Thorn View Post
      It probably means he was stupid enough to use his girlfriend's email address for something like a anonymous FTP. Of course, it may mean the IP address; it wouldn't surprise me that a non-tech reporter might not know the difference.

      Personally, I have no sympathy for him. He (allegedly) broke the law, and was trying to hide behind the UK's extradition laws. If I recall correctly, he has repeatedly admitted what he did in published reports, but used a defense of "I didn't break the law THAT badly."

      IMO, the US prosecutors should throw the book at him.
      At face value, I totally agree with you thorn, and at first I figured this guy was being bankrolled by some "evil" faction. I mean shouldn't you have "mad l33t haxor skilz" to intrude on the pentagon and NASA? But as the story played out, it turns out this guy is a virtual nobody. I'm left wondering exactly what he did, and how it cost the government "hundreds of thousands" of dollars. My second concern is - and we may never know - is did carnivore play any part in the detection. I have a hard time believing this is just a giant sniffer. But whatever his "real" reason, you can be certain that when he stands trial, he's going to be quite unhappy.
      "640k ought to be enough for anybody" - Bill Gates 1981

      Comment


      • #4
        Re: UK hacker loses appeal against US extradition

        Originally posted by SlackJaw View Post
        I'm left wondering exactly what he did, and how it cost the government "hundreds of thousands" of dollars.
        I don't really know the story, but I would assume that this is largely the cost of analyzing the system after the attack. If he only got a toehold into the organization's network, they can't know that for sure without auditing everything. Auditing takes time and is therefore expensive.

        Of course, you have to ignore that the organization probably didn't pay out hundreds of thousands of dollars, but rather paid the normal salary to a handful of people that could, in theory, have been working on something else.

        Comment


        • #5
          Re: UK hacker loses appeal against US extradition

          Originally posted by SlackJaw View Post
          I was hoping this would not be the case. McKinnon is going be crucified in a US court when they trot out the usual "terrorist" buzz words. The government is pissed! The article said that he was caught by tracing his hacking software to his girlfriend's email address - WTF does THAT mean?
          Must have missed Steven RamBam's talk

          xor

          The SAS coming in through the windows mite make anyones girlfriend give you up quick.

          If you are going to try and hack the US government you better live in like China or Russia, not living in a country that is no doubt our greatest friend.
          Last edited by xor; July 30, 2008, 15:29.
          Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

          Comment


          • #6
            Re: UK hacker loses appeal against US extradition

            Originally posted by Voltage Spike View Post
            the organization probably didn't pay out hundreds of thousands of dollars, but rather paid the normal salary to a handful of people that could, in theory, have been working on something else.
            see... i've always found this to be interested. someone pointed out once that many organizations (be they non-profit educational institutions or for-profit publicly-traded companies) are required to have a good deal of open-ness with regard to their financial books.

            So often, an organization (or even a whole industry) will claim huge "losses" due to anything from computer intrusion to piracy... but how often do these "losses" (at least, the numbers that appear on court documents) show up on end of year spreadsheets? or on tax returns?

            if it's not being claimed to the IRS, it's not a real business loss, in my opinion.

            (not defending digital nefarious-ness, btw... just speaking out against the manufacture of fake numbers for purposes of press releases or courtroom leverage)
            "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
            - Trent Reznor

            Comment


            • #7
              Re: UK hacker loses appeal against US extradition

              Originally posted by Deviant Ollam View Post
              see... i've always found this to be interested. someone pointed out once that many organizations (be they non-profit educational institutions or for-profit publicly-traded companies) are required to have a good deal of open-ness with regard to their financial books.

              So often, an organization (or even a whole industry) will claim huge "losses" due to anything from computer intrusion to piracy... but how often do these "losses" (at least, the numbers that appear on court documents) show up on end of year spreadsheets? or on tax returns?

              if it's not being claimed to the IRS, it's not a real business loss, in my opinion.

              (not defending digital nefarious-ness, btw... just speaking out against the manufacture of fake numbers for purposes of press releases or courtroom leverage)
              I have a different take on this based on first hand experience.

              Let's say, for the sake of this discussions, that he is guilty of what he has been accused of, illegally entering the networks of the US Government. Based on that the following are potential items that result in real cost, whether a tax paying organization or not:

              1. Identifying how he entered the network and taking actions to prevent the same thing from happening again. When you taken into account the size of the DOD's organization from a physical and network, you can see how many sites would have to be inspected and verified. I believe I read somewhere that he accomplished this by using a dial up modem that provided access to the internal network. How hard is it to check for this? How many man hours do you think it would take to inpsect every phone number that answered with a modem at a Government PBX? While our military is vastly under paid, again speaking from first hand experience, there is still a cost to have these people doing this work.
              2. Investigating what information he accessed and what the impact unauthorized access to that information has on our nation defense. Anyone who has done forensics analaysis knows that it is not a processed that is rushed, lest mistakes be made, and again given the size and potential number of systems he could have had access to and having to do the impact analysis of that amount of information is very time consuming and thus costly.
              3. The last, and often the most overlooked, is what is the cost to fix any systems about which he gained information. Take any major weapons system or platform and the disclosure of even unclassified information that is available on government systems could reveal short comings or means to detecting or defeating those systems/platforms. The cost of having to do upgrads and or abandoning these systems and platforms as a result of the unauthorized access to this information should not be overlooked. No matter if he was acting along or in concert with 3rd parties the fact that the informaiton is no longer "controlled" means that it could cost lives in the wrong hands and therefore can not be considered safe any longer.

              Bottom line - someone gaining unauthorized access to any information has a lot of hidden cost to the parties invovled.
              DaKahuna
              ___________________
              Will Hack for Bandwidth

              Comment


              • #8
                Re: UK hacker loses appeal against US extradition

                Originally posted by DaKahuna View Post
                very time consuming and thus costly
                I think this is the point that is quite debatable. Since this network is so large, we can probably assume they have full-time staff performing these operations. The organization is therefore not paying anything extra to perform these tasks. If you are going to talk about the cost of this time, then, you have to figure out what the people might have been doing otherwise, factor in the chances of success of that project, and estimate the revenue/cost savings of the alternative projects.

                Another cost may be that of hiring new people to deal with the increased workload, but ,unless they are contractors hired solely for analysis/response, it isn't as simple as "time eq money".

                Comment


                • #9
                  Re: UK hacker loses appeal against US extradition

                  Even if they used existing contractors and other employees, there is surely overtime and performing work outside of the scope of an original contract to contend with. You can assume a full-time staff is performing regular operations, but probably not performing forensic analysis on systems just for the absolute joy it brings. It isn't like every location has a forensics expert hanging out.

                  I'll agree that some numbers that companies may put out are a little hard to swallow without proof. A billion dollar loss because the janitor got pwned is not going to fly too well. I think it may be an easier thing to state "This cost us n to clean up and remedy." rather than the whole "We lost huge tracts of land and many ponies because of this horrible atrocity, we demand compensation!" statement that is more often published.
                  ----------------------------------------
                  Fraternal Order of Locksport

                  Comment


                  • #10
                    Re: UK hacker loses appeal against US extradition

                    We're talking about the government here. When they say they spent x million dollars fixing something, it's typically an underestimation. Remember, they have to put everything out to tender, pick the highest bidder on a cost+ basis, run security clearances because the contractor only wants to send new guys, pay for time and cost overruns, fire that contractor (paying the termination fees), hire a new one, repeat, more time and cost overruns, file a lawsuit against the original contractor, and then they get 15000 pages of documentation dictating how they're going to track down the actual damage done. Somewhere on page 14999, someone checks the logs.

                    Comment


                    • #11
                      Re: UK hacker loses appeal against US extradition

                      Still not in jail, here in the US....WTF.

                      http://news.bbc.co.uk/2/hi/uk_news/8312134.stm

                      xor

                      Note to self, hire Gary's lawyer if I ever get in trouble.
                      Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                      Comment


                      • #12
                        Re: UK hacker loses appeal against US extradition

                        In related news...

                        http://www.networkworld.com/communit...ity_2009-10-16

                        http://www.gao.gov/new.items/d104.pdf

                        xor
                        Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                        Comment


                        • #13
                          Re: UK hacker loses appeal against US extradition

                          I have a friend that works in NASA and I asked him about this incident and what they have done to correct it. They aren't even allowed to talk about it (even internally), they refer to it as "the incident"
                          "As Arthur C Clarke puts it, "Any sufficiently advanced technology is indistinguishable from magic". Here is my corollary: "Any sufficiently technical expert is indistinguishable from a witch"."

                          Comment

                          Working...
                          X