"Pentagon's pursuit of 'scapegoat' hacker hides real threat from the webCriminal gangs taking over from amateur hobbyists
Owen Bowcott
Saturday June 11, 2005
The GuardianGary McKinnon is deemed to be so deviously manipulative at the keyboard that he has been banned from using the internet. He is not even allowed a passport. The peculiar bail conditions imposed this week on the 39-year-old computer systems administrator from Wood Green, north London, suggest that the law enforcement community stands in awe of his technological prowess.
Until his next court appearance, due on July 27, the tousle-haired programmer, who is fighting extradition to the United States, has been ordered to stay away from any computer connected to the web.
Mr McKinnon has gained international notoriety for his alleged ability to break into scores of sensitive US defence computers, steal secret passwords, sabotage email systems and delete military files. In the hi-tech world of online hacking, however, he is perceived as one of a dying breed of amateur hobbyists - those the Americans deride as "script-kiddies".Despite US prosecution claims that he perpetrated "the biggest military computer hack of all time", Mr McKinnon's supposed achievements are by no means unique. The attempt to extradite him to answer charges in Virginia and New Jersey is far more unusual. Systems run by Nasa, the Pentagon and the Department of Defence have long been hackers' trophy targets. His misfortune, apparently, was to get caught, and to have carried out his explorations shortly after September 11.
According to security experts, US military sites are not the most heavily protected on the internet. They rely on the deterrent threat of legal action rather than deploying highly sophisticated software or enforcing best practice among military personnel.
Mathew Bevan, another British hacker arrested for breaches of security at Nasa and US Air Force sites, found himself similarly demonised by US lawyers as "the single biggest threat to world security since Adolf Hitler" back in 1994. The case against him eventually collapsed. Like Mr McKinnon, he was also hunting for evidence about UFOs hidden on military installations.
Mr Bevan, now 30, is an IT consultant and living in Wiltshire. "The security on US military machines is probably not much better than it was back then," he said. "There were plenty of military machines with sensitive information that had account names with no passwords. Others had been left with the standard default passwords used by the manufacturers.
"University systems and corporations are much harder to break into than military machines: universities because there are always students testing their skills, and companies because they have shareholders demanding better security."
In Britain, the hacking subculture that nurtured Mr McKinnon's talents has been driven underground by diligent enforcement of the Computer Misuse Act, which since 1990 has criminalised those who gain unauthorised access to computer systems.
Mr Bevan typifies the career trajectory once pursued by teenage hackers. After years hunched alone over a computer screen, and an infamous brush with the law, he has graduated to running his own company, the Kuji Media Corporation, which offers security and technology advice.
"Hackers are a dying breed," said Mr Bevan. "Organised criminals have cottoned on to the potential rewards. There's viruses and trojan programs flooding out of places like Russia and Bulgaria these days.
"I get people asking, 'Why is my machine running slowly?' And when you look, there are 300 viruses, bits of adware [advertising programs] and trojans mucking up the system. Internet service providers should really be doing deals with security firms to provide virus-free connections."
Mr Bevan said he spoke to Mr McKinnon in 2002, "after he was first busted".
"He's only been selected by US prosecutors because he's an excellent scapegoat. Maybe the amount of recreational hacking is the same, but the volume of people on the net means far more areinvolved in genuinely nefarious activities."
Mauricem
Thought you might find this useful in your efforts.
Interpol's "Extradition Benchmarks"
http://www.interpol.int/Public/ICPO/LegalMaterials/FactSheets/FS11.asp
fg
Thanks for the link to the Interpol extradition advice.
"The principle of speciality means that an individual may only be tried for the offences cited in the extradition request, on the basis of the definition of the offences applicable at that time" is also quite important in this case especially as, in the three and a half years since September 2001, some of the data which was available even on public internet websites, as well as unclassified low level US Military systems, has been removed or re-classified more strictly requiring a US Government security clearance.
Gary could in theory be charged with espionage etc. if he is extradited, on the basis that material or data is a military secret today, even though it was not so at the time of the alleged offences.
If the controversial "enemy combatant status" is invoked, then all the internatial law on extradition is ignored - this really is damaging the United States internatinal reputation, even amongst its friends and allies.