Click here to support the Daily Grail for as little as $1/month on Patreon

‘UFO Hacker’ Loses Appeal

As Rick noted in yesterday’s news, UK ‘UFO Hacker’ Gary McKinnon has lost his appeal against extradition to the U.S. McKinnon had previously admitted to unlawfully accessing 97 US military and Nasa computers, but was fighting the extradition attempt by U.S. prosecutors.

You can find the text of the judgement here – it outlines the reasoning behind the decision, as well as lays out a few of the facts of the case:

Using his home computer the appellant, through the internet, identified US Government network computers with an open Microsoft Windows connection and from those extracted the identities of certain administrative accounts and associated passwords. Having gained access to those accounts he installed unauthorised remote access and administrative software called “remotely anywhere” that enabled him to access and alter data upon the American computers at any time and without detection by virtue of the programme masquerading as a Windows operating system. Once “remotely anywhere” was installed, he then installed software facilitating both further compromises to the computers and also the concealment of his own activities. Using this software he was able to scan over 73,000 US Government computers for other computers and networks susceptible to similar compromise. He was thus able to lever himself from network to network and into a number of significant Government computers in different parts of the USA.

…The 97 computers the appellant accessed were: 53 army computers, including computers based in Virginia and Washington that control the army’s military district of Washington network and are used in furtherance of national defence and security; 26 navy computers, including US Naval Weapons Station Earle, New Jersey, which was responsible for replenishing munitions and supplies for the deployed Atlantic fleet; 16 NASA computers; one Department of Defense computer; and one US Air Force computer.

…Having gained access to these computers the appellant deleted data from them including critical operating system files from nine computers, the deletion of which shut down the entire US Army’s Military District of Washington network of over 2000 computers for 24 hours, significantly disrupting Governmental functions; 2,455 user accounts on a US Army computer that controlled access to an Army computer network, causing these computers to reboot and become inoperable; and logs from computers at US Naval Weapons Station Earle, one of which was used for monitoring the identity, location, physical condition, staffing and battle readiness of Navy ships, deletion of these files rendering the Base’s entire network of over 300 computers inoperable at a critical time immediately following 11 September 2001 and thereafter leaving the network vulnerable to other intruders.

The key element of the latest appeal was that the plea bargain offered by U.S. prosecutors was coercive. However, the judgement would seem to put paid to talk from McKinnon and his solicitors that he might be looking at 60 years in prison in the U.S. Instead, the judgement only says that if “the appellant chose not to cooperate, and were then extradited and convicted, he might expect to receive a sentence of 8-10 years, possibly longer, and would not be repatriated to the UK for any part of it.” It might be pertinent to note though the phrase “possibly longer”, and that this prison sentence had the possibility of being in a high security prison. There’s also the question of whether coercion was implied in other statements not addressed by the court, such as the claims by McKinnon’s solicitors that “New Jersey prosecutors expressed the intention to see Mr McKinnon ‘fry’.” I find it odd that this was not raised/discussed in the decision, considering the similarity of those alleged comments to the Canadian case cited as a possible precedent (you’ll have to read the judgement for details).

Further, McKinnon’s claims of being in over his head and not interested in vandalism – just in finding UFO evidence, and being on a “moral crusade” in searching for evidence of free energy technology – seem to be embroidering the truth a little. He allegedly left a message on one of the computers saying…

US foreign policy is akin to government-sponsored terrorism these days… It was not a mistake that there was a huge security stand down on September 11 last year… I am SOLO. I will continue to disrupt at the highest levels…

Threatening to “continue to disrupt” does not equate well with McKinnon’s claims today “I maintained a quiet presence”.

It seems like the no-brainer would have been to take the plea bargain and do the year in low-security in the U.S. However, (as shown in the judgement), there actually was no guarantee of a plea, with a proviso written in to the effect that the offered deal was “a prediction, not a promise, and is not binding on the United States, the probation office, or the Court.The United States makes no promise or representation concerning what sentence the defendant will receive, and the defendant cannot withdraw a guilty plea based upon the actual sentence.” McKinnon said in the BBC interview that he did initially agree to the extradition, but pulled out (on the advice of a U.S. lawyer) when this caveat came to light.

I also personally take issue with the hyping of what McKinnon did. Firstly, the constant repetition that he “was able to scan over 73,000 US Government computers” means nothing. Anybody can do that, it’s virtually just a matter of aiming the software and pulling the trigger. Any ‘script kiddie‘ can do it (and they do regularly). Secondly, the fact that McKinnon was able to gain access to *open systems* on the DoD and U.S. military is appalling – in a way, they should be thankful that he showed them how screwed their security was, as there are a lot more nefarious hackers out there than Gary McKinnon, who actually work for other governments/intelligence agencies.

And quoting $700,000 damage means nothing until we know how much of that figure of “damage” actually includes fixing things that needed to be fixed anyhow (that is, systems that needed their security fixed).

If McKinnon does end up in a U.S. court, we may see the full story of this saga come out, though it may be in the U.S. military’s best interest to avoid the court system (in the case that they have to present evidence), as happened in the Matthew Bevan case (notably though, Bevan was tried in the UK).

If this whole case wasn’t surreal enough, Wired also reported on the case today via a vitriolic attack on McKinnon from journalist Kevin Poulsen. The story is full of glossing over of facts and sarcasm from Poulsen, although he does point out some of the weaker points of McKinnon’s claims and defence. The strange part is, though, that Poulsen was once in McKinnon’s shoes. Objective journalism, or professional jealousy/contempt?

Editor
  1. If you can’t hack the punishment, don’t hack
    And all those other clichés… the crime and time, et al.

    What’s the big fuss about?

    He did something obviously very illegal and to the US Military post 911 no less – talk about stoopid with two “o”s (or more) and now its all “poor me”?

    No matter what he had his chance to do it easy but in the immortal words of John Belush…

    “But NOOooooOOOOOooooooooooooooooOOOoooooooooooooooo!

    He should plea utter insanity…

    Cheers

    1. Stoopid is as stoopid does
      [quote=tihz_ho]And all those other clichés… the crime and time, et al.

      What’s the big fuss about?

      He did something obviously very illegal and to the US Military post 911 no less – talk about stoopid with two “o”s (or more) and now its all “poor me”?[/quote]

      While I agree in spirit with much of that, there is also an element of laziness in relying on that sort of response. Falling in to hacking is quite easy, for anyone interested in computers and networking fundamentals…it’s all part of being fascinated with how it all works, how it breaks, and the boost to the intellectual ego of using that knowledge to do things others can’t. For any kid growing up in ‘War Games’ era too, there’s the bonus thrill of getting inside the U.S. military’s own computers. There isn’t the same fear/guilt with breaking into someone’s house – you’re half a world away, still inside your own bedroom/whatever, and you feel like you aren’t really intruding on one individual’s private property.

      Yes, it’s stoopid (moreso in hindsight!), but it’s also (to me at least) rather understandable to see young ‘geek’ men get their adrenaline kicks in this way (finally, the nerds have power in their hands!). I feel more antipathy towards professional (military!) systems administrators who left their networks so badly open – securing their networks is, after all, what they get paid to do. When you work in a daycare center, shouldn’t you get upset at yourself when you leave the door to the paint room open and the naughty kids get in there and throw it everywhere?

      Then I remember that Gary McKinnon was in his mid-30s when he did this, and I wonder whether he is just plain stoopid.

      Kind regards,
      Greg
      ——————————————-
      You monkeys only think you’re running things

      1. Nerd’s having the power…who’d thought?
        Good point that the US military is also stoopid for being able to be hacked in the first place.

        BUT…

        You knew that was coming… 🙂

        I believe it is a fine line to walk in saying blame must be shared with the military for not taking stronger measures to protect their servers.

        Children in a day care centre do no know right from wrong so yes the blame is with the person who left the door open.

        However, we are not talking about children but adults who are members of society and are expected to know right from wrong. The message of the movie War Games was how foolish war is and not in support of hackers – in fact it highlighted a worst case scenario to be caused by a hacker.

        Raping a woman because she is dressed in a sexy dress does not shift any blame from the rapist! As I said it is a fine line to walk in shifting blame.

        Just because it is the US military and shoddy security does not excuse or shift blame even if he was looking for UFO files. What he was doing was wrong, period. Therefore he is subject to the full penalty of the law. He had his easy out and he didn’t take it…stoopid. He can’t cry now as he is not in day care any more.

        If the law is an ass then change it – until then it’s still the law. 🙂

        Cheers

        1. For what?
          [quote]What he was doing was wrong, period. Therefore he is subject to the full penalty of the law.[/quote]

          Yes, receive the full penalty of the law. But for what? For ilegally entering those “secure” secret systems—which he accpets he did—or for creating all that havok of deleting files and make all those sensitive computers inoperable during such a paranoid 9/11 era—which he emphatically denies?

          When the trial starts in the US, I’m eager to see what kind of proof for all that costly damage the government will provide. Then again, the trial could be held in Guantanamo, which means we won’t see jack.

          Sometimes I feel the real reason this dumbass is being punished, it’s because he might have accidentally erased the porn file of some 4-star general 😉

          —–
          It’s not the depth of the rabbit hole that bugs me…
          It’s all the rabbit SH*T you stumble over on your way down!!!

          Red Pill Junkie

          1. Really…?
            “…accidentally erased the porn file of some 4-star general”

            As I said before just because this is the US military we should not let any prejudices cloud our opinions like the pot smoking vegan hippy crystal tree huggers who see this as a “win” against the “establishment”, “make love not war” et al. See how that works? Its wrong to do that.

            Everyone who is in prison “emphatically denies” they did anything wrong. You are not falling for that one…right? 🙂 He had his chance before to take the easy road…but…?

            Clearly he was wrong to break in to the “secure” network. Just because it was not secure enough it does not lessen the guilt.

            Just because you don’t have a “Binford Double Action Magnum Death Lock(TM) on your front door does not lessen the guilt of the person who “bumped” your door lock and robbed you. You’re not suggesting this are you? 😉

            Cheers

          2. Agreed
            We agree on that: ilegally entering = bad.

            But what many people are concerned with, is that the Government is making up the other accusations (deleting files, turning sensitive computers inoperable, etc) to get this guy the harshest sentence possible (60 years in Guantanamo).

            Maybe they intend to make an example out of this guy.Or maybe the reason is even more subtle and complex (e.g. to make foreign nations think the US Gvt REALLY has sensitive info on aliens and UFOs).

            Punish the guy. Don’t crucify him.

            —–
            It’s not the depth of the rabbit hole that bugs me…
            It’s all the rabbit SH*T you stumble over on your way down!!!

            Red Pill Junkie

          3. However…
            “…the Government is making up the other accusations (deleting files, turning sensitive computers inoperable, etc)”

            Well if he didn’t break into the network in the first place…

            So back to your apartment…

            You: “Hey this is missing as well”

            Robber: “I never took that!”

            You: “Oh…Ok, off you go then”

            See how that works?

            The punishments have all be laid out in the framework of the law. Again he had his chance for easy time but he thought he would be the hero – the “teflon hacker”.

            Well I for one would not like others to get the idea that people CAN break into military systems or any system and just get away with it and be labelled a “hero”. What if he had broken into YOUR bank system?

            “So Mr Junkie, you say you didn’t buy all that stuff on the internet…? Prove it!” 😉

            Being soft on any hacker gives others the mandate to “go for it” as if it was some kind of “rite of passage” into the rewarding world of network security consultancy.

            “Gee, if I can bust into this ATM I can later be hired as a security consultant!” Go on then, off you go! 🙂

            Cheers

          4. creative destruction ?
            I can see how it can be considered creative to get around security barriers. But I can’t see how it can be considered creative to go and destroy things after you have done that.

            Creative people make things. New art, new machines, new food. Creative people don’t go break things for no good reason, and creative people don’t steal for the fun of it.

            Hackers analyze existing systems, and find the weaknesses. Most often they only exploit known weaknesses, no creativity involved there.

            I know how to get into most peoples’ houses – you wait until they are not home, then you kick in the door, or break a window. It is trivial. Then you can steal their stuff, or burn the place if you want. I don’t do that, why should I? Just to show that it can be done? I am not a destructive person.

            If the accused is such a creative guy, then let us see him create something.

            —-
            The large print giveth,
            The small print taketh away.

          5. It’s a geek thing
            This is a geek mentality, that stems from the desire to prove you’re better than most people because of how smart you are. I suppose it is also a way to get even wit the world. I don’t know.

            Let me repeat what I wrote since my very first post:

            I DO NOT believe Gary McKinnon is a hero. Period.

            He should pay for his crime.

            BUT, I would like to know what happened to all those guys in charge of the systems a pot-smoking brain-dead british bloke was able to enter with just the tyniest amount of computer knowledge. Did they get to keep their jobs? Don’t you feel just a little curious about that? After all, you would expect that people in the front lines are the most capable and comitted you could find, and that certainly includes the digital front line, right? RIGHT?

            —–
            It’s not the depth of the rabbit hole that bugs me…
            It’s all the rabbit SH*T you stumble over on your way down!!!

            Red Pill Junkie

          6. locks on doors
            Certainly if there is something important behind a door, the owner should invest in sturdy locks and a sturdy door.

            Critical military computers should not be on the same physical network as the non-critical ones. In the old days, like 20 years ago, they were not on the same network.

            There was a big story about a hacker back then, some guy from Germany. He broke into the Livermore network. Turns out, he basically broke into their broom closet, but it was a big scandal. I don’t know what McKinnon broke into.

            —-
            The large print giveth,
            The small print taketh away.

          7. It appalls me
            It has always appalled me that the military US computers run on Windows. Couldn’t they make their own OS?

            —–
            It’s not the depth of the rabbit hole that bugs me…
            It’s all the rabbit SH*T you stumble over on your way down!!!

            Red Pill Junkie

          8. Weak analogies
            [quote=red pill junkie]I DO NOT believe Gary McKinnon is a hero. Period.[/quote]

            Indeed, and until he has some of this UFO evidence he talks about, then his speculations on that topic are groundless. He should not be a pin-up boy for UFO conspiracy theorists at this point. As I originally pointed out as well, his statements about causing disruption and the foreign policy of the U.S. suggest more than just a detached interest in ufology.

            On the other hand, I think people are quick to say “do the crime, do the time”, without considering the differences. It’s intellectual laziness to compare it to walking into someone’s house – it is vastly different. As I’ve pointed out, sitting in your bedroom half a world away, poking into military computers, does not carry the sense of personal violation (and immediacy) of walking into a person’s bedroom in person. It’s also exceedingly easy to fall into, if you have an interest in how networks work – you try this software that scans for open ports on your own home network, then just for a kick you try scanning someone ‘invincible’ like NASA or the Army…then when you see open doors everywhere, it’s a little hard not to peek inside.

            Compare the feel of whether someone you know had downloaded some mp3s, versus someone you know who had stolen a CD out of someone’s car. Again, it’s a different thing.

            However, I think my opinion hinges on whether he committed the vandalism that the U.S. authorites are claiming he did (and which he is denying). I have a very different view on his character if he intentionally caused damage – it’s one thing to stumble into open cyber doors and poke around out of curiosity, but a completely different matter to then cause wilful damage.

            On a related theme, I wonder whether McKinnon would have done what he did, if he was doing it right now. I don’t know too many hackers who would willingly go into Chinese or Russian defence computers – there’s that feeling you might suddenly have some unwelcome visitors, or start getting very sick for no particular reason. Before 9/11, I think there was a lot more of a benign view of the U.S. (rightly or wrongly) and what it might do to you – a year in prison seems pretty easy compared to what other intelligence services might do. These days though, with rendition/Gitmo etc, perhaps there are a lot fewer hacking attempts into these computers…

            Then again, young lads with computers will be…young lads with computers.

            Kind regards,
            Greg
            ——————————————-
            You monkeys only think you’re running things

          9. Well
            It’s ironic how many hackers that got busted in the early days, ended up being hired by the Government for their expertise. Remember that movie with Leo and Tom Hanks, ‘Catch me if you can’?

            Another interesting thing about American law is how they permit ordinary people to have weapons, just in case they need to overthrow the government one of these days.

            So how does that translate in the digital frontier? 😉

            —–
            It’s not the depth of the rabbit hole that bugs me…
            It’s all the rabbit SH*T you stumble over on your way down!!!

            Red Pill Junkie

This site uses Akismet to reduce spam. Learn how your comment data is processed.