UK Hacker Loses Extradition Appeal

the4thdimension writes "A UK man, accused of breaking into US Pentagon and NASA computers in March 2001, lost an extradition appeal that would have freed him, or at least had him tried in the UK. While the US accuses him of causing over $900,000 in computer damage, his attorney asserts that, if extradited to the US, he faces harsh penalties that are "intolerable" and '...the British government declined to prosecute him to enable the U.S. government to make an example of him.' He intends to appeal to the European courts."

I remember this guy

[betterunixthanunix (980855)]

Didn't he just use Microsoft's Remote Desktop to "hack into" those systems?

Re:

[Alwin Henseler (640539)]

Didn't he just use Microsoft's Remote Desktop to "hack into" those systems?

Obviously not. To cause $900k worth of damage, these systems must have been running really powerful software (read: something else).

Re:I remember this guy

[z0idberg (888892)]

IIRC the $900,000 wasnt due to actual damage he caused, it was the cost of "securing" these systems after they realised anyone with half a clue and an internet connection could compromise their machines. How they figure that is his fault rather than actually part of the cost of their network I'm not sure.

Re:I remember this guy

[blindd0t (855876)]

$900,000 makes it sound like he may have downloaded a song or two off one or more of the servers he 'hacked'. I'm being facetious, of course. ^_^

Re:I remember this guy

[G0rAk (809217)]

Didn't he just use Microsoft's Remote Desktop to "hack into" those systems?

Yes. He in fact exploited weak passwords - most commonly "administrator" and a blank password or a password of "password".

More curiously he ran a netstat on the boxes he compromised and viewed connections from other crackers whose IPs addresses put them all over the middle east and China.

This according to the BBC interview we previously discussed [slashdot.org].

Crappy retarded cliché

[Nicolas MONNET (4727)]

"And, really, if he couldn't do the time, he should not have done the crime."

I see your retarded old cliché and raise you a human right: punishment should be proportional to the crime. Did he kill anyone? Did he maim anyone? Did he steal anything? No, no and no, so why should he be punished more than someone who did?

Anyway, this nonsensical BS should be rejected by the European Court of Justice. Unlike the US Supreme court, it's not stacked with crypto-fascists like Antonin Scalia.

Re:Crappy retarded cliché

[phillous (1160303)]

This story has been in the British press for a few days, and I find the whole thing disgusting. As mentioned elsewhere, the $900k was the cost of securing these systems after this guys just walked in with default windows passwords... The stupid thing is that the whole case is based around this guys being a fucking terrorist... OH NOES SOMEONE DID SOMETHING TO WRONG AMERICA... They are a terrorist and should be locked away forever... if he wasn't from the UK they'd probably decide to bomb his fucking hometown as well.

He did not cause $900k of damages

[Nicolas MONNET (4727)]

$900k was IMO the cost of securing systems that were not secure in the first place.

You won't find a society anywhere on earth which doesn't have such laws.

Well my country doesn't extradite its own citizens.

Re:Crappy retarded cliché

[moxley (895517)]

This from an organization that charges $50k for a bolt (or whatever ridiculous amount is was) and spports "cost plus" contracting.

Likely, they have quite lax security, saw this hack attempt as a opportunity to hire a friend of someone to "secure" their network and then got a bill for 900K (which likely consisted of a large kickback for one or several other people who selected the contractor).

Sorry - but that it how it seems to work in the US defense sector.

Re:Crappy retarded cliché

[jcnnghm (538570)]

I'm tired of reading this rant. I once bid several cents per e-mail to send out thousands of e-mails a month for a government organization. Ridiculous, right? Anybody can run sendmail in a colo for $100 a month. What the actual term of the agreement doesn't say, is that the e-mails were to be sent from an application we were to develop with features unique to the organization, and the e-mail addresses were to be collected using a marketing website and software package that we were to construct, maintain, and promote. We also had to provide two dedicated T1s, four dedicated servers, a load balancer, as well as design and produce all the print marketing materials to promote the new service. All of these things were included in the contract, but we were only paid per e-mail sent. Things aren't always as they appear at first glance.

In the case of the bolt, it's not an ordinary bolt. Normal bolts are never individually tested, a single bolt from the lot is taken and destructively tested. In the case of the expensive DD bolts, they are generally one of a kind, limited production, bolts designed for one purpose. In addition, they are generally non-destructively tested, which means that they are each individually subjected to the forces that they are rated for, and then examined. This is expensive.

As far as "cost plus" goes, how else do you suggest doing it? Whenever I bid a contract I estimate cost, then add profit and that is the price. In the case of the e-mail contract I described above, I calculated the cost then decided on a fair profit. After that, I made best case, worst case, and average case estimates for e-mail volume. I ended up basing the per e-mail bid on the worst case number of messages sent. In other words, the bid price was ((cost + [slightly less than fair] profit) / worst case estimate). As it turned out, we never got close to the worst case, we were always between average and best case, so the profit was good. Had it been a "cost plus" contract, it probably would have been less expensive for the government overall, however, the risk would have been theirs, not mine (if our software was ineffective or underused, we could have potentially lost money).

Cost plus is most often used when something has to be built that is either difficult or impossible to estimate. If I were to ask you to build something that nobody has ever built before, and intended to have you sign a contract saying that you would construct it for that price, you'd probably greatly overestimate the actual cost, because you would have to make sure you don't end up too far in the red. The costs are evaluated and approved by an oversight group (like government engineers), so they can make sure project costs are really necessary. In addition, the records are audited and unnecessary cost is often disallowed. Cost plus isn't perfect, but it's less expensive in the long run then having the contractors make guesstimates then inflate them to deal with the risk and uncertainty.

In the long run, the single most disingenuous thing I've seen in government contract is the blatant racism and sexism. Females and minorities are given preferential treatment because of their race or gender. Depending on the contract, their price proposals are also evaluated differently as well, often getting a 5% discount. In other words, a $100k bid placed by a MBE will be read as $95k when compared to other bids. The process is not only unfair and discriminatory, but can result in less qualified firms winning contracts on the basis of quotas. I was told by a colleague once that a bid of theirs was rejected, although they were both the low and most responsible bidder, because the contracting agency wanted to meet their quota.

Who am I to tell you though, you've got it all figured out. Why don't you put your money where your mouth is, start a company, and win some contracts. All you've got to do is demonstrate that you can do the work, and bid low.

Ah the Uk

[by Anonymous Coward]

The UK, acting like the US' fucking lapdog, again. If I were PM I'd be telling the US government where they can shove their 'special relationship' and their entirely one-sided extradition treaty. Then I'd tell them to put ACTA in the same place.

So, whaddya reckon chaps? Think Anonymous Coward could succeed Gordon Brown?

Re:Ah the Uk

[$RANDOMLUSER (804576)]

Some of us here in the States are pretty fed up with the US throwing its weight around on the world stage, also.

Re:Ah the Uk

[zsau (266209)]

Don't worry, the way things are going you'll involuntarily stop soon enough.

Re:Ah the Uk

[Khisanth Magus (1090101)]

Not really. Regular US citizens don't really have any power anymore. We get to choose which person we want to screw us over, that is about it. Its pretty much a given fact that everyone running for office is going to be a corrupt politician who has no intention of listening to us.

Re:Ah the Uk

[spottedkangaroo (451692)]

Not without a billion dollars. Dollars are the only votes left that mean anything here. To that end, I send spare dollars to the EFF since they're actually getting things done; things that complaining and protesting do not get done.

Re:Ah the Uk

[GauteL (29207)]

"huh? how is honoring extradition treaties acting as a 'lap dog'?"

I wish people would sometimes read other comments before replying.

The reason for Britain being named a 'lap dog' is that the extradition treaty is one-sided. The US does not have to show probable cause to get Britain to extradite people to the US, but Britain has to for it to happen the other way around.

Re:Ah the Uk

[FireStormZ (1315639)]

I assume youre talking about this?

"Article 8

        Extradition Procedures and Required Documents. Article 8 establishes the procedures and describes the documents that are required to support a request for extradition. All requests for extradition shall be submitted through the diplomatic channel. Among other requirements, Article 8(3) provides that a request for the extradition of a person sought for prosecution must be supported by: (a) a copy of the warrant or order of arrest issued by a judge or other competent authority; (b) a copy of the charging document, if any; and (c) for requests to the United States, such information as would provide a reasonable basis to believe that the person sought committed the offense for which extradition is sought. The Treaty will not change the evidentiary burden required for extradition requests to the United States. ***However, under the new Treaty, the evidentiary requirements for extradition from the United Kingdom are lowered from a "prima facie" standard to what in practice will constitute a U.S. probable cause standard."***

The standards are the same, the UK bar was lowered to meet the US standard..

Re:Ah the Uk

[G0rAk (809217)]

We discuss this point every time Gary McKinnon's case comes up, but lets go over the problems with the UK-US fast track extradition agreement one more time:

The agreement is supposed to be reciprocal however the US have not implemented their end of it. We can not fast track the extradition of US citizens but any UK citizen can be fast tracked. All of this was introduced to "fight terrorism" but has largely been used for cases like this and the NatWest Three [wikipedia.org].

Secondly our law forbids the extradition of persons to countries where they may face inhuman or unreasonable punishment. As such all states which implement the death penalty fall under this heading. The US should fall under this heading.

There are many other reasons why the UK can rightly be labelled a lap dog unrelated to these issues, our Special Relationship with the US is largely asking how high when told to jump.

$900,000 of damage?

[neokushan (932374)]

I wonder what the going rate of a military-certified security expert is, these days...

one-way treaty

[cliffski (65094)]

For me the big story is the one-sided nature of this treaty. We regularly extradite suspects to the USA, yet the USA refuses to do the same for people living in the USA wanted for crimes in the UK.
That's just insane, and our government are spineless scum for agreeing to it.

Re:one-way treaty

[Frosty Piss (770223)]

That's because the UK is our bitch. Come on now, you know it's true.

Re:one-way treaty

[pzs (857406)]

Luckily, the policy positions of the UK government do not entirely represent the UK, otherwise I'd completely agree with you.

Outside of the spineless lap-dogs in the government, we still have art, music, comedy and other culture that is very much independent of the United States (although, of course, influenced by US culture) and still worth something.

I may not be very proud of my government but I am (occasionally) proud of the citizens of the UK.

Re:

[Austerity Empowers (669817)]

Doesn't the UK refuse to extradite suspects who would face the death penalty in the US? (Also, usually our most high profile cases)

The numbers may not add up, but if our government can do as it pleases based on popular opinion, any refusal to hand over death row candidates becomes high profile and public opinion turns against the Commie Europeans. Having to dumb down charges just to get the suspects (i.e. take the death penalty off the table) presses some hot buttons. Worse it creates an environment where t

An practical example: Rachid Ramda

[Nicolas MONNET (4727)]

Rachid Ramda [wikipedia.org] was responsible for the series of terrorist attacks in France around 1995. Yet it took 10 fscking years to get him extradited over the channel. This guy is responsible for the death of dozens of people! And he wasn't even a subject of Her Majesty.
But when the Bush admin snaps its fingers, lapdog Brown's government is ready to comply.
So yeah, the UK is the US's bitch.

Re:one-way treaty

[the eric conspiracy (20178)]

"an agency"???

Give me a break. I thought the brits had a reasonable understanding of how the courts in the US work. This moron committed a quite serious crime; it is not at all unreasonable that he should suffer significant consequences.

Here is a bit of writeup on the topic in the Washington Post:

McKinnon's lawyers alleged that an American official had told him he would be forced to serve a lengthy sentence in the United States if he fought against his extradition, something they say amounted to an unlawful threat.

The five Law Lords were unanimous in deciding McKinnon had failed to prove his case.

So the brits had their chance to decide if these claims of unfair treatment were credible or not and decided NOT. So WTF is all the whining about? At the absolute highest level this was decided internally in England - the signing of the original treaty PLUS an appeals process. I don't see how this could have been more fair.

Re:one-way treaty

[ObsessiveMathsFreak (773371)]

I thought the brits had a reasonable understanding of how the courts in the US work. This moron committed a quite serious crime;

Outside of US jurisdiction. McKinnon accessed the US servers from the UK, from his home in London in fact. I remind everyone that though he was arrested in the UK, to date, no charges have ever been brought against him by the UK government. His own county does not consider his actions criminal, yet he is being extradited to the US for actions committed outside of its borders.

But you're right. This is exactly how US courts work. Underhandedly and extrajudicially. It is no accident that the US set up the camp in Guantanamo, as historically the rule of law does not have a strong foundation in America. Segregation, McCarthyism, Wiretaps, etc. The United States is not known for its strict adherence to enlightenment principles.

America emerged as a result of colonists griping about paying taxes. To their credit, the Founding Fathers did try to legitimize the whole affair by implementing a progressive democratic constitution. And to be fair, this document was hugely influential. But ultimately, America as a country was born from and lives by the Almighty Buck. Your country does have a liberal democratic streak, but the basic principles of western society are not as strong in America as they are in Europe, where events from the French Revolution to World War 2 have really solidified respect for things like the rule of law.

In short, McKinnon's extradition was a bad idea. He is being sent to a country with a poor record of judicial fairness, and for something that was not illegal in his native land. It is a sharp litmus test of the UK's current relationship with the US, which has made clear that the UK is now little more than a vassal state in a larger Anglosphere.

McKinnon had the misfortune of being born and raised in an English speaking country. If he was French, or German, or just about any other western european nationality, this would never have gotten this far. If he takes it to the european court, which probably will refuse to hear the case, I cannot see them allowing his extradition. For reasons mentioned above, these countries do tend to hold truer to more basic principles.

Re:

[g0bshiTe (596213)]

I agree, European Court is the only way he would get a fair trial. In the US if you commit a crime in one city, depending on the crime you have a right to be tried in another "impartial city" in order you may get a fair trial.

Re:one-way treaty

[SimonGhent (57578)]

However, if plays nice and owns up to all the stuff he says he didn't do but they claim he did

Not quite true.

From http://www.guardian.co.uk/theguardian/2005/jul/09/weekend7.weekend2 [guardian.co.uk]:

Gary was kept in a police station overnight. Then the Americans offered him a deal, via his British solicitor. "They said, 'If you incur the cost of the whole extradition process, be a good boy, come over here, we'll give you three or four years, rather than the whole sentence.' I said, 'OK, give me that in writing.' They said, 'Oh no, we can't do that.' So they were offering a secret trial, no right of appeal on the outcome, no comment to the newspapers, and nothing in writing. My solicitor, doing her job, advised me to take it, and when I said no, she was very, 'Ooh, they're going to come down heavy.'"

Also, from http://www.guardian.co.uk/world/2008/jul/27/internationalcrime.hacking [guardian.co.uk]...

In a further twist, it has emerged that a crucial file containing details of the early meetings with the US prosecutors, at which the offers were apparently made, has gone missing from the office of McKinnon's solicitor. A laptop holding details of the same meetings was stolen from the car of one of his barristers.

Re:one-way treaty

[Richard W.M. Jones (591125)]

Just when has the US refused to extradite a suspect to the UK say in the last ten years?

Very recently actually. When British journalist Terry Lloyd [bbc.co.uk] was shot by US forces in Iraq, the US refused to cooperate or extradite any troops to face trial here. The case had to dropped entirely (just this week [bbc.co.uk]).

Rich.

Re:one-way treaty

[MagdJTK (1275470)]

Why would US troops operating in Iraq, goto trial in the UK?Civilian court no less?

They weren't punished in the US.

There's still the EU

[serviscope_minor (664417)]

Hopefully the EU court will have something else to say about this. But anyway, thanks, Blair + new labour for completely fucking up a country.

Re:There's still the EU

[UdoKeir (239957)]

more people voted conservative than Labour at the last general election

The facts would indicate otherwise (from here [wikipedia.org]):
Labour 9,562,122
Conservative 8,772,598

Re:

[serviscope_minor (664417)]

more people voted conservative than Labour at the last general election. However thanks to the boundries of each region being adjusted to favour Labour (by Labour) and our first past the post system Labour stayed in power with a majority.

You are mistaken. I believe Labour got the larger minority by 2 points.

It says something about how shit our country has become that more liberal young people want to vote for the 'right leaning' party. That said they're also voting Lib Dems but no one ever expects them to g

Not a death penalty case

[elrous0 (869638)]

The "intolerable" argument seems like a stretch to me (to say the least). The guy isn't facing the death penalty and U.S. prisons (especially the minimum security ones, where this guy will probably end up) are at least as good as UK ones.

The guy's lawyers are acting like we're going to flog him and throw him in a dungeon or something.

Re:Not a death penalty case

[betterunixthanunix (980855)]

"The guy's lawyers are acting like we're going to flog him and throw him in a dungeon or something."

He gained unauthorized access to defense department computers in the months following the September 11 attacks, and he is not a US citizen. Where did we toss other people who pissed off the DoD? He has a semi-legitimate reason to be afraid.

Re:Not a death penalty case

[sunking2 (521698)]

Guess he should have thought about that a little earlier. People are responsible for their own actions. What did he think would happen? Nobody's fault but his own that he didn't think things through well enough.

Re:Not a death penalty case

[sunking2 (521698)]

Personally, I take the opposite view on this. DoD shouldn't have to. Typically the victim in a rape is not blamed, yet for some reason that logic doesn't apply here? This isn't even a case where you can claim the DoD deserved it by leading the guy on by wearing a skimpy outfit. These systems were just sitting there and he went out of his way to do harm. Not much else to say past that.

Re:Not a death penalty case

[darien (180561)]

The linked story doesn't mention it, but he says he was told by US government officials that if he didn't plead guilty and agree to be extradited, he could be facing sixty years in prison.

Re:

[Cauchy (61097)]

What a $#&%ing whiner. He did the crime. "I was just looking for evidence of an alien conspiracy." He was man enough (or stupid enough) to do the crime, he should be man enough to face up to the consequences. He is like 40 years old or something. He isn't some teenager, wanking off in his parents basement. He did wrong, but he doesn't want to accept the consequences of his actions.

"Consequences"

[Nicolas MONNET (4727)]

So he was violating US laws, but he wasn't there.

Guess what, I'm routinely violating Saudi laws -- I tend to enjoy a glass of red wine with my pork chops. Should I be deported?

The problem here is that the Tony Blair government sold out their countrymen, AKA "subjects", to the Bush gang.

Re:"Consequences"

[gnick (1211984)]

So he was violating US laws, but he wasn't there.

Guess what, I'm routinely violating Saudi laws -- I tend to enjoy a glass of red wine with my pork chops. Should I be deported?

No. But you're really twisting the details there. If you want a glass of red wine, have one. If you want to travel a little and smoke some reefer in a legal hash bar, smoke some. But, if you mail reefer to the US or ship wine to Saudi, prepare to face the consequences. Even though you're not in the country where you're breaking the law, your actions crossed the line. He may have been in the UK at the time, but he was breaking the law in the US. [For the record, laws banning alcohol/pot bug the hell out of me, but that's beside the point.]

Sure it was a trivial effort to breach those systems. Sure the damages are grossly inflated. But that doesn't imply a green light for somebody to sit in the UK and break laws all over the world hoping that they won't have to pay the piper.

Re:Not a death penalty case

[by Anonymous Coward]

compared to the sentences handed down by British courts, you are.

Nobody gets 97 years in the UK. Beside the obvious point that a person would die in jail before reaching 97 years, the number of people in the UK on a prison sentence designed to ensure that they spent the rest of their natural life in jail is (iirc) about 35. You have to have done something unbelievably sick to warrant such a sentence (see here [wikipedia.org]). Where there's talk of treating him as a terrorist if he doesn't plead guilty (wtf?) and giving him a sentence stratospherically higher than he'd ever be likely to get in a British court sounds 'intolerable' to me.

Duh

[Wiarumas (919682)]

From TFA: "Prosecutors allege that McKinnon hacked into than 90 computer systems belonging to the U.S. Army, Navy, Air Force, Department of Defense and NASA between February 2001 and March 2002, causing $900,000 worth of damage.

McKinnon has acknowledged accessing the computers, but he disputes the reported damage and said he did it because he wanted to find evidence that America was concealing the existence of aliens."

Duh. The only reason this topic may recieve negative attention is because its the United States. Truth be told, that if this was ANY country, the same thing would have happened. What did he expect? We are talking about highly classified stuff. He may have not caused as much as the claimed damage, but he DID access them. In some countries, he would be executed...

Re:Duh

[$RANDOMLUSER (804576)]

I think the sysadmins who set up a "secure military system" that could be breached by an amateur on the internet should be executed.

Re:Duh

[GauteL (29207)]

"Duh. The only reason this topic may recieve negative attention is because its the United States"

No, the reason is that the UK extradites its own citizens to a foreign country for crimes commited in the UK, when it can't be completely sure of its citizen being given a fair trial.

As it stands he is a foreigner in the US in a harsh political climate which makes it quite likely he could get convicted a terrorist even if he is just a "good old" computer criminal. At the very least he will feel forced to plea bargain for a very bad deal.

The extradition treaty is also completely one-sided, in that the US does not need to extradite its own citizens to the UK. The deal is shameful.

Re:Duh

[Tim C (15259)]

I were stood on the Mexico side of the border and you on the US side and I shot you, I would have committed my crime in Mexico, no? Same thing, greater distance involved.

Re:Duh

[GauteL (29207)]

"Bullpuckey. The crimes were committed in the US, against US property."

Bollocks. He was sitting in Britain using his computer. Because of this Britain should have balls enough to tell the US to sod it and try him in his home country instead of shipping him overseas to a country where he has very limited rights as a non-citizen.

default & anynymous ftp servers

[tinkerghost (944862)]

IIRC, most of the 'secure' systems he accessed were FTP servers set to allow anonymous access & default access w/ 'password'. The damage he did was to the ego of the military - it's OK to point out the Emperor has no clothes, but be darned sure that the general can't hear you when you comment on his missing pants. After all, he's the one with the guns.

In general, he's willing to be tried as a hacker, but the US govt is waving the terrorist flag around & that's a charge he's not willing to face. Also, the damage claim is fairly ridiculous, these were unsecured servers - anything on them was long ago compromised. Charging him for the price of cleanup that would have had to be done if a new admin had pointed out that someone had set the FTP server to anonymous is stupid.

Interview

[SimonGhent (57578)]

There's a rather good interview with Gary McKinnon [guardian.co.uk] on the Guardian's web site from earlier this month.

Provides quite an insight into what he did, why he says he did it and his mental state.

Wonder if he was a /. poster. Wouldn't surprise me.

Slippery Slope

[Ukab the Great (87152)]

In some foreign countries, using the Internet to say something less than flattering about their religious figures or their government is considered to be an Internet crime.

If the practice of extradition for Internet crimes is allowed to continue, what safeguards will there be in place stop citizens of free countries who practice free expression on their side of the ocean from being extradited to places where they'll get their heads cut off or be sent to gulags?