Supporters of Gary McKinnon may wish to sign this Petition on the the Prime Minister's Number 10 Downing Street website:
http://petitions.number10.gov.uk/mckinnon09/
We the undersigned petition the Prime Minister to lead his Government in providing protection against extradition for people with autism and Asperger syndrome in the criminal justice system, particularly in the case of Gary McKinnon.
Submitted by Lisa James of The National Autistic Society - Deadline to sign up by: 25 May 2009 - Signatures: 1,793
Hopefully there should soon be some news about the music CD in support of Gary and other Asperger's Syndrome suffers, which has the backing of several very famous musicians.
UPDATE 25th May 2009
Deadline to sign up by: 15 June 2009 - Signatures: 2,965
[hat tip to n anonymous]
UPDATE 15th June 2009
Deadline to sign up by: 22 June 2009 - Signatures: 4,188
[hat tip to n anonymous again]
MYKAL ESPARZA
FREE GARY. YOU DON"T DESERVE THIS MAN. I SUPPORT YOU.
Elle Hart,Elec.Eng.Tech.
" Incidents create a whirlwind of panic and activity, and of there is one big mistake, it is the failure to document adequately. Incident responseis a tedious, methodical process that redquires documentation. Technical prowess combined with a failure to document is not helpful during an incident. The failure to document may lead to faulty conclusions and an inadequate response. "
Incident Response, Investigating Computer Crime
by Kevin Mandiaand Chris Prosise
pp.31
Note that in my experience, just like many other staff, IT Personnel quite often are friends or family members and are not necessarily hired on their actual merits. Given this, they make critical mistakes when securing the company network or resources - but sound professional to the untrained eye. Therefore it is doubly important to have a complete copy of the 'original state of security' on a system prior to an incident to prove or disprove in a court of law the facts. Was an intrusion a result of a configuration mistake or was it really an unauthorized access?
Elle
Matt T
the person who decided that Gary should be sent to the USA is the biggest criminal *cough EXPENSES, splutter*
We cannot trust our politicians.
Elle Hart,Elec.Eng.Tech.
Responding to a Brute Force SSH Attack
http://www.securityfocus.com/infocus/1903/1
"We had a false sense of security about Linux machines on our site. None have ever been compromised due to security vulnerabilities within the software, but several have as a result of misconfiguration on the part of the administrators."
Living proof...half of all security breaches are the result of misconfigured systems.
Elle
ralph
For a talented hacker in this terrorist-aware day and age, one hacker that genuinely did not mean any harm to the public (having a mere obsession with UFOs and aliens) we should NOT be exporting him to be punished. It is all completely ridiculous. The government should be using his skills to their own advantage, not locking him up in america as a last resort, especially as now he has also been diagnosed as having Asperger's Syndrome.
http://en.wikipedia.org/wiki/Asperger_syndrome
As for his obsession with UFOs, I cant say I really blame him, news on their possible existence do crop up from time to time, eg new aircraft being worked upon by other governments. I just clicked on google news, yahoo news, AND BBC news TODAY, and their first articles mention sightings of unusual aircraft over brazil!
Check it out here now from the bbc news, and decide for yourself - whos crazy now?
http://news.bbc.co.uk/1/hi/world/americas/8066061.stm
n anonymous
Fg: Changed date on the website?
"Deadline to sign up by: 15 June 2009 – ..."
http://petitions.number10.gov.uk/mckinnon09
Matt T
Jacqui Smith is the biggest criminal of the lot! Claiming expenses from taxpayers money to supplement a cosy lifestyle.
UK politicians have no right to grant this extradtion considering their own lack of morals. Double standards indeed.
Elle Hart,Elec.Eng.Tech.
http://it.slashdot.org/submission/1005685/FBI-and-US-Marshalls-Hit-By-Virus?art_pos=13
"Law enforcement computers were struck by a mystery computer virus Thursday, forcing the FBI and the U.S. Marshals to shut down part of their networks as a precaution.
Apparently the case files are kept on an isolated system and critical data was not impacted. Though it did force them to shut down their email and internet connections for a short time."
Here we go again - whats up with the US cyber security anyways? They too cheap to hire real techies for the job?
Elle
Simon
Gary should be congratulated, not punished by the US authorities for highlighting weaknesses in their security systems. He should not have to pay for their embarassment. Our government has a poor track record in supporting people like Gary and will not want to offend our US friends. The proposed punishment is way over the top, especially for someone with Aspergers. I have tried to sign the Downing Street petition without success.
H.B.Z.R.4
I watched President Obama's recent speech announcing the new Cyber Security Czar. The U.S. government (not the people - though explaining the difference is impossible) will pander to the voters by being politically correct and continuing to waste money demanding Gary's extradition.
The good thing is that Gary is not behind bars awaiting the outcome of this long show trial.
Another good thing is that the extradition attempt has dragged on for so long that actually putting Gary on trial, let alone sending him to America, has reached its expiration date. It can't possibly happen.
By the way, "Unsolved Mysteries," hosted by Dennis Farina, has been taken off the air or at least Spike TV (Channel 39), after I posted here about the motion picture frame of a U.F.O. containing the number 4 (Zeta Reticulum Four). The Men in Black or if you prefer, the Military Industrial Complex, does NOT fool around. They or it are after Gary for having tried to download that mother ship. Gary's persecution is not about computer security in my opinion.
Jimmy
Garry i wish you the best of luck with all this mate.
Extradion treaty is aload of ass and makes are country even more like americas bitch.
The fact this can be done without evidence is what deeply disturbs me and if you are sent to the US you face more than you would for murder in the UK.
Absoloute disgrace that they are even considering this.
I think though that this is no longer about computers. The fact they are trying so hard may not be to make a public example, but fear for what you may have seen on these computers.
Best of luck.
Matt T
Jacqui Smith has gone. The bitch couldnt do her job anyway.
fg
@ Matt T - not yet she hasn't - she is still in office as Secretary of State for Home Affairs (Home Secretary) at the moment.
Next week, perhaps...
Elle Hart,Elec.Eng.Tech.
FBI e-mail clobbered after virus
"The FBI did not provide details on the security incident, but it looks as though hackers may have used maliciously encoded file attachments to hack into the network.
Microsoft warned Thursday that attackers are sending malicious QuickTime media files to victims, exploiting an unpatched flaw in Apple's media format, in order to install malicious software on Windows systems."
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9133678&source=CWNLE_nlt_virusv_2009-06-04
Ahaa! And so - Gary - being a good man - did not indulge in such activities - like planting viruses - like bAdd hackers do!!! FREE GARY!!!
Elle
H.B.Z.R.4
If Gary is extradited, what are our plans for supporting him? We can discuss this publicly.
Right now, Gary and the Americans seem to be playing a game of who blinks first as far as a plea agreement is concerned. I think Gary knows that the U.S. will blink first and accept a deal and the U.S. is playing the game as long as possible before admitting defeat.
Gary took a stand on principle concerning the signature to the first plea agreement. It was also bloody smart as far as avoiding an adjustment of the agreement by the Americans after Gary was in their hands. Jimmy's right about Gary knowing more than he's told us.
ian
why should gary afto go to the usa for hacking nasa computers, what about other hackers like the ones in china why dont the usa go after them to, FREE GARRY
John Porter
Gary could be given a job as a consultant by the US and UK Governments to help them improve cyber security?
Any new system could be tested by him to see how hacker proof it is before large amounts of cash are spent implementing it and sensitive data loaded onto it.
We need to get up to speed with cyber security by employing the best. It will be a terrible shame & waste of life if Terrorists hack our systems and the only man who could have stopped them is locked up in the USA for 70 years. I thought prison was supposed to be about reform, how does a 70 year sentance allow reform? Aside from that the guys got Autism which science does not fully understand, he needs medical help not Nazi style justice.
Steve replied to comment from MYKAL ESPARZA
Did Gary break an American Law -> Yes
Should Gary thus answer to American law -> Yes
Did Gary know he was breaking an American law -> Yes
So shouldn't Gary face charges in America... errrr ->YES!!!
GRUMPY OLD MAN
LOCK THE TOSSER UP. HE IS NO MORE THAN A CYBER TERRORIST
fg
@ Steve - this case is as much about British sovereignty and US political and bureaucratic embarrassment and proportionate justice, as it is about any actual damage or harm which Gary might have done.
Did Gary break the UK Computer Misuse Act 1990 -> Yes
Should Gary thus answer to United Kingdom justice -> Yes
Did Gary know he was breaking UK and US law -> Yes
So shouldn't Gary face charges in the United Kingdom... errrr ->YES!!!
Joanne Gardner replied to comment from GRUMPY OLD MAN
I sincere hope you never produce offspring. My son has Asperger's also and it's people like you who make his life hell.
Matt T
Is gary a human being who just believed he was on a moral crusade? : YES
Should people with such a high moral code be respected? : YES!
Elle Hart,Elec.Eng.Tech.
SMEs routinely breach the Data Protection Act
http://www.securitypark.co.uk/security_article263145.html
"According to a survey of over 500 small and medium businesses conducted by BSI, almost ne in five businesses has unwittingly breached the Data Protection Act (DPA) at least once. Of these, nearly half said they had breached the Act on several occasions and an additional 18% said they were not sure whether they had or not. A breach could refer to the illegal
transfer of information to a third party, failure to hold information securely or neglect of other legal obligations."
Indeed, it is a FACT that MOST operations - be they government administered or business administered are placing the safety and security of every citizen in question. How? By simply not administering their networks or servers properly. The worst possible case of access to private systems is one involving a default administrator password that is left unchecked - like the exclusive access point to the US military systems that Gary McKinnon and many other international hackers have discovered.
Who should be laid to blame for this and the nearly 50% of all business owners who have your personal information on their unsecured systems? The lynch mob attitude of some of the people who post here making unkind comments towards Gary are non the less idiots as the backyard administrators are.
Solution :: Hire people on your team that are really in the know - and stop cutting back on your IT Staff to save money.
Elle
Ashley
what gary did was very wrong and yes he needs to go to prison, but lets not blow the whole thing out of proportion let him serve his sentence in the UK and then make him help make cyber security better in both the US and the UK.
i think the people in the US who are pushing so hard for this are nothing more then a bunch of school yard bullies pickin on someone cause they can. lets go after the real hackers
SHAME ON US !!!!!!
LOL thank you gary for showing us we are to cheap lazy and self-righteous to defend ourselves online.
regards
Ashley~Cary NC USA
john
basically the decision made tomorrow with determine if gary had another normall happy day in his life again which i think is wrong, how could somebody decide this!1.
they are just blowing the whole thing out of proportion and wasting lots of money when they could be working together
Jason
Why should he be tried in Britain when his crime was against the United States? This guy knew what he was doing, he admitted guilt. He's all over YouTube basically boasting about what he claims he found.
This Aspergers stuff is nothing more but a cop out. He's going to have to drop the Asperger, vegetarian, softy musician stuff pretty quick when he's bunked up with his new cellmate.
You do the crime, you do the time Gary. Maybe you'll get lucky and the Air Force will let some Greys examine you.
David replied to comment from MYKAL ESPARZA
how dare this nation treat one of its citizens like this.....transporting a Briton to be tortured by a foreighn power...a well known nation that supports torture its a discrace and should not be allowed to happed
Irene Allum replied to comment from GRUMPY OLD MAN
My grandson has Aspergers Syndrome, and he is not a tosser. He is an intelligent person, who is very curious about computers, and their uses. Perhaps the idiots who refer to unfortunate people who have Aspergers Syndrome as tossers etc. would care to come and live for a while with someone with this condition, and see how they cope on a daily basis. You wouldn't have the patience. In some cases you need to be a saint, and by the sound of these ignorant people, they are certainly not that.
Elle Hart,Elec.Eng.Tech. replied to comment from Jason
Jason @ bogus www.shiphimtryhimlockhimup.com
"Why should he be tried in Britain when his crime was against the United States?"
If you care to pick up a book, the extradition treaty is new and it was meant for serious offenders like terrorists...
"This guy knew what he was doing, he admitted guilt. He's all over YouTube basically boasting about what he claims he found."
Boasting no - if you cared to actually watch the videos you would see that Gary Mckinnon made many attempts to draw attention to the serious security flaw that he (a systems administrator by trade himself) and hundreds of international hackers have known for literally years that possibly had resulted in 911....
"This Aspergers stuff is nothing more but a cop out. He's going to have to drop the Asperger, vegetarian, softy musician stuff pretty quick"
Conditions such as what Gary suffers from are real life altering elements that for the owner causes normal life to be something that can never be attained - and your lack of compassion for people who suffer from this shows me that same american attitude that makes people globally hate you so passionately...
"when he's bunked up with his new cellmate.
You do the crime, you do the time Gary. Maybe you'll get lucky and the Air Force will let some Greys examine you."
Again, attutude, and threats. Americans really offend me...of all the countries and cultures and races of people on this planet - americans have got to be the most uneducated, uncultured, unpleasant, unreasonable, uncompassionate and unwarrented.
Elle
Kevin Jersey
higher moral code? seriously? looking up UFOs has NOTHING to do with a moral code. hacking into government databases for one's personal gain is the complete opposite of having a moral code. he broke the law, he should face the consequences. if he was such a good hacker, how come he got caught?
in all actuality, regardless of what kind of "stress" he'll endure being extradited to the US, he should not have done the crime if he doesn't want to face the possibility of time. the BBC article says:
"Mr McKinnon told the BBC that he recognises that he committed a crime and said: 'I am sorry for that.'"
basically, if i commit a crime, i don't have to face trial because i could hide behind a syndrome that wasn't even recognized until recently and a half-assed apology?
if he is smart enough to cause all this damage, he knows well enough that he can go to the US and face his fate.
MORAL CODES... HAHA!
fg
@ Kevin Jersey - do try to read up on the background of this complicated case, before embarrassing yourself here, and in future search engine queries.
"hacking into government databases for one's personal gain" - the US prosecutors specifically said that there was no evidence of that, and he is not charged with any such offences, so you are simply wrong.
"he broke the law, he should face the consequences" - agreed - but he broke the law here in the United Kingdom, which is where he was physically located, and arrested. He should face the consequences here in the United Kingdom.
"if he was such a good hacker, how come he got caught?" - he did not have to be a brilliant technical hacker, although he was obsessed and persistent, since the systems were left totally unprotected (no systems administrator password, no internet firewall) for several years.
The incompetent, corrupt or treasonous senior US Military officers, civilian contractors and Department of Defense officials and politicians, who let this happen, for years on end, should be personally cross examined under oath at any proper trial, and then, hopefully, they will be punished.
fg
@ Elle - "americans have got to be the most uneducated, uncultured, unpleasant, unreasonable, uncompassionate and unwarrented." - there are a minority of such people in every country, but it is true that, over the years, several of them have, to their shame, embarrassed their fellow Americans, many of whom do support Gary.
Matt T replied to comment from Kevin Jersey
Actually trying to find out about supressed energy is down to a moral code, if there is cheap energy available that is not being used because it would put oil companies out of business then I think morals are invovled
Elle Hart,Elec.Eng.Tech. replied to comment from Kevin Jersey
Kevin Jersey
"higher moral code? seriously? looking up UFOs has NOTHING to do with a moral code. hacking into government databases for one's personal gain is the complete opposite of having a moral code. he broke the law, he should face the consequences. if he was such a good hacker, how come he got caught?"
Moral code is meant to suggest that of all the 'hackers' out there in cyberspace, some are 'good' and would never do something that would cause damage or injuries - there is, however, 'evil' hackers out there that would think nothing about selling military war games to the enemy, or setting off a missel to cause a war and such.
And yes - you are right - the elite hackers do not get caught;). But before you judge Gary again, consider that he voluntarily left a note alerting the admins of their security problem. And that this note is most likely posessing the only ip identifying his connection. And given that he 'is in the know ', this was not a mistake, but a humanitarian act.
But instead of being grateful that someone came forward about the incredible hole in the US military networks, you treat him like he is a terrorist. If you ask me - the US should go after the real terrorists - the ones that orchestrated 911 - and that probably have a much larger target next time. And commend Gary for risking his whole life and reputation for doing the right thing. I know I wouldn't.
Elle
HBZR4
I agree with Elle Hart:
"Again, attutude, and threats. Americans really offend me...of all the countries and cultures and races of people on this planet - americans have got to be the most uneducated..."
fg, I know, I live here. America is a democracy -the will of the majority.
For one thing, when the rest of the Western world had banned slavery - America continued to enslave human beings based upon their race. Why was slavery ended in America? Because it was no longer profitable for the ruling elite.
It's all about money. Not to single out any particular religion, but, America is a religious country. Just go to any house of worship on their holy day and their leaders will talk about anything and everything in the books after the five or the books before the five, but they won't talk about what the most important figure is quoted to have said in the five, about the new message of love.
Because if they did, then they would have to share the wealth instead of not caring about starving, sick, and criminally under-educated children in their own country who haven't even had a chance to compete and lose in the Great society.
When you go to worship you hear that we're all losers who're going to hell and there's nothing we can do about it, it's only by the grace of you-know-who who can send us to everlasting consumerism. So, stop thinking, overlook the inexcusible flaws our leaders, and just do what they tell us.
That applies to Gary being handed over to the world's leader, just stop thinking, just ask the majority of Americans. Holding onto their wealth by mentally crippling the majority is nothing new for the leaders of empire.
I love my country and it does suck for sure.
Hernan de Argentina!!
Es un capo!!! mas que juzgarlo, tendrian que darle laburo en el pentagono mentes tan brillante no hay dando vuelta por estas tierras
Eyes4Lies
Elle Hart Wrote
Oh, I get it Elle, you consider your self some kind of elite hacker now...right? Well a failed computer consultant has to manufacture some sense of self worth.
So, tell me, do you truly believe that a note left on a computer contains an IP address? You are as phony as they come. What was it that one guy called you??? Oh yeah..."Canadian Crackpot"
I am positive that deleting operating system files and leaving a note saying " I am Solo and I will continue to disrupt at the highest level" was totally intended to be a "humanitarian act"
You can label Americans anything you want, but you definitely earned the label of Gullible.
Han
@FG:
@ Kevin Jersey - do try to read up on the background of this complicated case, before embarrassing yourself here, and in future search engine queries.
Just because people see facts differently does not mean that they are ignorant of those facts. While you feel this case is very complicated, to many people it is not complicated at all.
"hacking into government databases for one's personal gain" - the US prosecutors specifically said that there was no evidence of that, and he is not charged with any such offences, so you are simply wrong.
Well, no, actually he is probably right and you are probably wrong. "Personal gain" does not necessarily mean pecuniary gain. McKinnon has claimed that he broke into US government computers in order to find evidence of extraterrestrials (he says UFOs, but I will give him the benefit of the doubt that he understands the difference between the two). He also claims that he found such information, including the infamous "non-terrestrial officers" and pre-wiped pictures of spacecraft. Therefore, he gained/took valuable information. Thus he personally gained, as was his intention.
"he broke the law, he should face the consequences" - agreed - but he broke the law here in the United Kingdom, which is where he was physically located, and arrested. He should face the consequences here in the United Kingdom.
No. He broke the law in both the US and the UK. He broke the law while he was physically in the UK, but that does not change the fact that he also broke the law in the US. There is such a thing as concurrent jurisdiction in which multiple sovereigns have jurisdiction over an act. In this case the UK has jurisdiction through Nationality and Territoriality and the US has jurisdiction through the Effects Principle and the Protective Principle. Generally, the sovereign with either the stronger interest (e.g. victims) or the one in whose territory the defendant is found, will prosecute first. McKinnon can be prosecuted in both, it is simply that the UK has declined (repeatedly) to prosecute, which only really leaves the US. It is amusing that people on this site are incapable of grasping this with respect to McKinnon, and then rail against the US for not turning over people to UK courts . . . people who are not UK citizens and whose crimes were not committed on UK soil.
"if he was such a good hacker, how come he got caught?" - he did not have to be a brilliant technical hacker, although he was obsessed and persistent, since the systems were left totally unprotected (no systems administrator password, no internet firewall) for several years.
I believe (although Kevin can correct me) that this comment was in reference to the ungoing and wholly unrealistic assertions that the US should have hired McKinnon as a security expert rather than seeking to prosecute him. The point being that he has no real skills to provide. As an aside, how do you know that there were no firewalls? One of the purposes of his attack method was to circumvent firewalls, use trust relationships to get through them, install remotely anywhere to disguise his intrusions as web traffic. And the facts only say that he was able to gain access to a local administrator account without a password, meaning that potentialy all of the other administrator accounts did have proper passwords.
The incompetent, corrupt or treasonous senior US Military officers, civilian contractors and Department of Defense officials and politicians, who let this happen, for years on end, should be personally cross examined under oath at any proper trial, and then, hopefully, they will be punished.
First, how do you know that those responsible were not disciplined, fired, or charged? Second, if you think that people who made a simple mistake or misconfiguration should be charged with a Capital offense, then surely you would support a far harsher sentence for someone who intentionally breached security on almost one hundred computers, installed a trojan, deleted log files, and allegedly downloaded information and deleted thousands of user IDs. Right? Hello? Still there? I am not sure how you would support charging someone for treason for not properly securing an unclassified computer, but then there are lots of bizarre theories floating around here.
@ David:
Funny you should decry the actions of the US at about the same time allegations came to light concerning half a dozen officers from Scotland Yard waterboarding drug suspects. Not to mention the ongoing probe into UK soldiers torturing people in Iraq. You just keep trying to stay on top of that fast-eroding high ground.
@ Elle
And that this note is most likely posessing the only ip identifying his connection.
Where do you come up with this stuff? Why don't you pop over to England and marry him if you are so besotted? I don't think the facts support any theory in which his goal was to help make systems stronger . . . after all, if they were stronger, he would not be able to get in and of course, by installing a trojan on the systems changing the admin password would not improve security much. Humanitarian? Yeah, right. I am also pretty sure that his capture had nothing to do with any such note. Feel free to keep dreaming your happy dreams though.
And "risk his whole life and reputation?" What are you talking about? He isn't the second coming, he's just a guy. Perhaps remarkable in some aspects and perhaps subpar in others. Everything isn't black and white or good and evil. Usually people outgrow those concepts when they are about 10.
And exactly why is it that you assume that everyone who does not support McKinnon must be from the US? Certainly there are people from countries other than the UK who support him, so why is it impossible that only people from the US do not?
- Han
fg
@ Han - your arguments are not very convincing.
Nonsense.
In order to install Remotely Anywhere remotely via the internet, there must have either been no firewall at all, or the default Windows File Sharing ports 135, 139 and 445 (used from Windows 2000 onwards), must have been allowed, something which even most home computers connected to the internet, do not allow by default these days.
Remotely Anywhere is one of several genuine Remote Desktop / Remote Server administration tools which were popular on Windows NT systems, which, unlike *nix based systems, are impossible to administer fully, without remote Windows / Icon / Mouse support.
Such software is less popular with later Microsoft operating systems, which now come come with Windows Remote Desktop support by default.
You cannot install Remotely Anywhere, or similar programs, without already having full Systems Administrator access to the system.
They are not the equivalent of modern Botnet Trojan Horse software, which attempts to hide its presence somewhat.
Very probably all of them had a privileged NT Domain administrator Account and Password set, used by the legitimate systems administrators.
However that was irrelevant, since the default Local Administrator account, also giving full access to the system, was not renamed or disabled and still had the default "null" password i.e. "just hit the Enter key when asked for the password", still set.
Such steps to secure the default Local Administrator account are clearly written in the Microsoft documentation, explained on Microsoft Systems Administrator training courses, written into the standard Security Operating Procedures, and the instructions for creating "locked down" workstation and server software builds, and are regularly checked and audited with security vulnerability scanning software by auditors and penetration testers. New or amended versions of standard software configuration builds are tested for such basic configuration errors before being deployed to thousands of production systems.
At least they were, even circa 2000 - 2002, in most large organisations, except, it seems, for the US military.
Name one such person then !
Given the number of espionage scandals revealed since Gary's arrest back in 2002, with alleged Russian, Chinese, Cuban and Israeli etc. spies working within US military contractors and the Washington bureaucracy, one way for the US Government to save face might be to blame "ordinary" incompetence or corruption, on Foreign Spies.
Either there were no basic computer security vulnerability audits at all, or more likely there were plenty of them, but the embarrassing results were kept secret, and no action was taken by senior managers.
This was not just for a week or a month, but for several years on end, both before and after the supposed maximum alert state of readiness after September 11th 2001, when, presumably, some of these senior managers must have been ignorant or were lying about the security of the systems which they were paid to take responsibility for.
If Gary had been tried in the UK back in 2002, the UK legal authorities would undoubtedly have held part of the trial in secret, on the grounds of "national security" citing the relationship with the US military and intelligence community, and no word of either the vulnerability which was exploited, or any mention of the individual senior managers responsible, would have been reported.
Gary did not make any of this information public until the extradition proceedings started against him over 3 years after his arrest.
Elle Hart, Elec.Eng.Tech.
GARY IS NOT A TERRORIST.
He may be a person guilty of computer missuse, but he is NOT a terrorist and should not be tried as one.
http://en.wikipedia.org/wiki/Definition_of_terrorism
----------SNIP---------
Definition of terrorism
The word "terrorism" is politically and emotionally charged,[1] and this greatly compounds the difficulty of providing a precise definition. A 2003 study by Jeffrey Record for the US Army quoted a source (Schmid and Jongman 1988) that counted 109 definitions of terrorism that covered a total of 22 different definitional elements.[2] Record continues "Terrorism expert Walter Laqueur also has counted over 100 definitions and concludes that the 'only general characteristic generally agreed upon is that terrorism involves violence and the threat of violence.' Yet terrorism is hardly the only enterprise involving violence and the threat of violence. So does war, coercive diplomacy, and bar room brawls."[3] Angus Martyn in a briefing paper for the Australian Parliament states that "The international community has never succeeded in developing an accepted comprehensive definition of terrorism. During the 1970s and 1980s, the United Nations attempts to define the term foundered mainly due to differences of opinion between various members about the use of violence in the context of conflicts over national liberation and self-determination."[4] For this and for political reasons, many news sources (such as Reuters) avoid using this term, opting instead for less accusatory words like "bombers," "militants," etc.
----------SNIP---------
Reasons for controversy
The modern definition of terrorism is inherently controversial. The use of violence for the achievement of political ends is common to state and non-state groups. The difficulty is in agreeing on a basis for determining when the use of violence (directed at whom, by whom, for what ends) is legitimate. The majority of definitions in use have been written by agencies directly associated with a government, and are systematically biased to exclude governments from the definition. Some such definitions are so broad, like the Terrorism Act 2000, as to include the disruption of a computer system wherein no violence is intended or results.
----------SNIP---------
The computer missuse that Gary is guilty of did not involve any form or threat of violence. My theory is that the US networks were so unprotected that a terrorist hacker did get in and accessed data that was then used in 911 - and the US never caught the real hacker(s) so they formed a lynch mob against Gary. Sound right?
Elle
Eyes4Lies
Nice Elle. I am sure your theory is based on all kinds of facts.
I noticed that a statement from the Alison Saunders, head of the CPS organized crime division was greatly ignored by your readers. Allow me to point something out.
And the Computer Misuse Act Section 2 states...
So let's see...using your logic that he faces 70 years in the US when you only consider the maximum punishment. He would be facing 45 years in the UK. What is the difference to someone over 40?
So nine incidents of well documented damage, tells me that Alison has seen the evidence. You guys really need to quite making excuses and creating personal theories that are not based on evidence or fact.
Anyway, I guess it all rests on the judicial review. Should be interesting to see what legal maneuver, syndrome or other act of desperation we can witness next.
n anonymous
- The US claimed 'to care good' of Gary..
Is ONE of the lies.
Giving him '70 years' IS NOT A GOOD CARE, thus a clear lie, plus torture (worser than torture) is (still) going on in Guantanamo and elsewhere if you didn't know.
Since they changed the law that there is no proove of damage needed is another proove of it been a lie. They do not stand on their words/actions...
This sums it up: lies, no human rights, illegal activities and no care.
Nothing less than government sponsored evil/criminal activities, is what i call this.
n anonymous
Tell her that she's violating human rights,etc
Alison Saunders
020 7796 8363
alison.saunders@cps.gsi.gov.uk
Eyes4Lies
Nice!!
A government official gives an honest assessment of the facts and you want to harass her with phone calls and emails to make her shut up.
Absolutely pathetic!!
n anonymous
Evil is the only thing to shut off.
Nothing bad meant here.
Gary is not a terrorist.
Sending him to a US prison is the worst and evil choice that exists.
The world is full of lies and propaganda material, it could only be sponsored by the Govt itself.
So thanks for your kind of oppinion.
Elle Hart, Elec.Eng.Tech.
Fact is ::Eyes4Lies::
You forgot to specify how -
"which caused well-documented damage"
results in 'violence and the threat of violence'
and if you are unable to prove this point
then you agree by ommission that
Gary McKinnon is NOT A TERRORIST
Elle;)
Eyes4Lies
Sorry Elle,
You first. You must concede that Gary intentionally caused malicious damage which he knew would result in a denial of service to the networks he attacked.
If you concede that I will consider conceding that he did not intend violence.
fg
@ Eyes4Lies - Your "thesis" research "skillz" seem to have let you down again - you are barking up the wrong tree:
It is the Computer Misuse Act 1990 Section 3 Unauthorised modification of computer material which is the one which deals with modification or deletion of computer files i.e. "damage", NOT
Section 2 Unauthorised access with intent to commit or facilitate commission of further offences
which you either maliciously, or stupidly, misinterpret from the Crown Prosecution Service document quotation.
You also fail to quote the reason given by the CPS for not prosecuting Gary, namely that they felt that there was a less than 50% chance of obtaining a conviction.
The Computer Misuse Act 1990 has been amended by the Police and Justice Act 2006. These amendments only came into force on 1st October 2008, e.g.
However, none of these new, as yet untested. amendments should apply retrospectively to Gary's case.
Eyes4Lies
LOL @fg!!
I am really touched by this websites concern over my thesis. You would really be surprised at the grade I received.
I do find it comforting to see that the UK government recognized the inadequacy of their computer crime laws and the enactment of the 2006 amendment will definitely help. I am not surprised that your legal system still only stands a %50 chance of conviction with a confession and multiple public statement and interviews to support those confessions.
But then again...it doesn't really matter now does it. They will not go through an expensive trial when they are not the victim. So let us focus on the law that was violated. 18 USC 1030.
I personally do believe that proving sections 1, 3 and 5A i thru iii is going to be no problem.
fg replied to comment from Eyes4Lies
@ Eyes4Lies - you appear to be ignorant of the difficulties which prosecutors in normal civil courts, worldwide, have in proving mens rea i.e. criminal intent, beyond reasonable doubt, for any computer related offences.
Publish a copy of your "thesis" online, so that we can all have a good laugh !
Eyes4Lies
You are right, it is very difficult to prove intent. Luckily, Gary was "intelligent" enough to provide his intention in the note he left behind.
Instead of publishing my thesis, you guys can wait for the book. Gary's story is but a mildly interesting chapter that obviously is still being written.
n anonymous
UFO/aliens is another false flag, just like 9/11 (Nano Thermite is one of the prooves), Hitler,etc
[Its the world/moneypower leaders plan, to bring in a 'one world government', also called the N.W.O.].
See the video and also read the text on there:
www.vloggingtheapocalypse.com/viewVideo.php?video_id=551&title=FAKE_ALIEN_UFO_ATTACK_FALSE_FLAG_PLAN___IMPORTANT
Decide for yourselve.
Thanks
n anonymous
Petition date changed
"Deadline to sign up by: 22 June 2009 – ..."
http://petitions.number10.gov.uk/mckinnon09
Han replied to comment from fg
@ Han - your arguments are not very convincing.
Uh, for the most part they were questions to you, which you did not answer.
[SNIP]
Nonsense.
In order to install Remotely Anywhere remotely via the internet . . . blah, blah, blah.
* * *I disagree.
- Firewalls, like PCs and Servers can be misconfigured or fail to protect against all possible attacks. It is possible that the ports you mention were open and there was a firewall. I am not saying this is likely or unlikely, I am simply noting the possibility.
- It is also possible that some, most, or all of the computers attacked were outside of firewalls. Even if only some machines were outside, it is possible that an outside machine had a trust relationship with internal machines and thus once compromised allowed access to machines inside the firewall.
- Those ports do NOT have to be open in a firewall in order to install Remotely Anywhere on a computer. You need to gain Admin access and then you can ftp to a computer with the executable and telnet to the infected computer, install the software, and then access it using HTTP. Ports 21, 23, 25, and 80 are normally open on firewalls. [Although I would block inbound FTP, Telnet, and HTTP traffic.]
My point is that you (and McKinnon) say emphatically that there were no firewalls, and I would like to know how you know that?Very probably all of them had a privileged NT Domain administrator Account and Password set, used by the legitimate systems administrators.
However that was irrelevant, since the default Local Administrator account, also giving full access to the system, was not renamed or disabled and still had the default "null" password i.e. "just hit the Enter key when asked for the password", still set.
Such steps to secure the default Local Administrator account are clearly written in the Microsoft documentation, explained on Microsoft Systems Administrator training courses, written into the standard Security Operating Procedures, and the instructions for creating "locked down" workstation and server software builds, and are regularly checked and audited with security vulnerability scanning software by auditors and penetration testers. New or amended versions of standard software configuration builds are tested for such basic configuration errors before being deployed to thousands of production systems.
At least they were, even circa 2000 - 2002, in most large organisations, except, it seems, for the US military.
OK. First, this is not the only vulnerability out there. It is not like Administrators had just one thing to do and they failed. Granted, this is something that should have been done properly, but simply failing to do so is not necessarily a criminal offense. In addition, I believe that in some cases it was not the generic Administator account that was necessarily hacked. Unless I am mistaken, McKinnon said that he downloaded and attacked all Administrator accounts, not just the built-in one. So even if the person who configured the machines renamed and password-protected a machine, it is possible that another lazy admin later added an account with a blank password.
* * *Second, let’s run some numbers. I believe that McKinnon has stated and the Indictments indicate that McKinnon was attacking computers for at least one year. Also, that he was doing this for hours everyday. Granted, this was on a reasonably slow dial-up, but still, we are talking thousands of hours. In that time, he scanned tens or even hundreds of thousands of computers. I believe the number 70,000 or 73,000 was bandied about, although I am not sure if that was an overall number of scanned machines or a single attack. Even assuming that was the total number, he only successfully logged into 100 or so (less than two a week). So one computer in 700 was misconfigured? It is not like every one of the millions of military computers were misconfigured. In fact, that is a pretty good ratio, especially given that quite a few of those 100 were grouped in specific locations, which limits the real scope of the problem. Given my own experience, that is not at all bad.
Third, you talk about scanning/auditing for bad passwords, but that was NOT regularly done on local machine accounts, only on network accounts. Where I worked we tested network passwords monthly, and that took a fair amount of effort. I don’t know what the military does/did, but we certainly never checked local machine passwords. To do so would require accessing each machine individually and downloading the encrypted hash values, then running l0phtcrack against it. With thousands of machines in a small network that would simply not be worth the time and effort.
Again, my point, this seems to be a somewhat isolated incidence of misconfiguration, not a case of millions of misconfigured computers, which is what you imply.
First, how do you know that those responsible were not disciplined, fired, or charged?
Name one such person then !
I am not the one who is saying that they were or were not disciplined. You are saying that they were not and I would like to know how you know that. There are four possibilities. 1) They were not disciplined, in which case there would probably be no reports, articles, or court documents. 2) They were disciplined internally, in which case there would probably be no reports, articles, or court documents. 3) They were fired, in which case there would probably be no reports, articles, or court documents. 4) They were prosecuted, in which case there would likely be court documents available if you bothered to look for them and knew who the administrators/officials were and where they were prosecuted. You would not find any written court opinions unless the defendant appealed the case and the Court of Appeals wrote an opinion. Given that McKinnon’s case barely gets any press in the U.S., it should come as no surprise that an administrator’s failure to properly secure a few unclassified computers would draw any attention at all. This stuff is simply not all that newsworthy as compared to attractive missing white girls, shark attacks, potential pandemics, and what is going on with the children of celebrities.
And of course, as usual, you have not answered any of my question. Not a big surprise I guess.
* * *@ Eyes4Lies - you appear to be ignorant of the difficulties which prosecutors in normal civil courts, worldwide, have in proving mens rea i.e. criminal intent, beyond reasonable doubt, for any computer related offences.
Publish a copy of your "thesis" online, so that we can all have a good laugh !
Can you cite any cases in which the prosecution has had difficulty in proving mens rea? It is often ridiculously easy to prove. If for instance, as in this case, files from the victim computers were found on the defendant’s computer, than it is easy to show that he knowingly and willfully intended to gain unauthorized access for the purpose of obtaining information on the computer. The mens rea generally requires only that the person not commit the actions by mistake. Good luck in trying to convince a jury that breaking into 97 computers over the course of a year was a mistake! I believe that there was the case of another UK citizen who was tried in the UK (it may have been the US) and the charges stemmed from a DDoS attack. In that case it was not clear that the defendant knew that he was knocking down a military computer with his attack, so no mens rea. It has been a while since I looked at the case (it was mentioned here I believe), but I seem to recall thinking it was stupid to have brought the charges in that case. But when you actually log into someone else’s computer and install trojan software on it? Yeah, not so very difficult to prove mens rea.
- Han
p.s. Hey Elle, the only person who has ever said that McKinnon was a terrorist is McKinnon. If the U.S. government thought that he was a terrorist he would have been charged as one. Instead, he is charged with computer fraud.
Elle Hart,Elec.Eng.Tech.
Han
"p.s. Hey Elle, the only person who has ever said that McKinnon was a terrorist is McKinnon. If the U.S. government thought that he was a terrorist he would have been charged as one. Instead, he is charged with computer fraud."
No - that is an assumption - like heresay. I never made such a statement - I am refering to the Extradition Treaty and the original unratified version designed for dealing with terrorists.
http://www.law-ref.org/RECRUITMENT/kw-legal_basis_for_extradition.html
legal basis for extradition [Global Index]
ARTICLE-15
... 2. If a State Party which makes extradition conditional on the existence of a treaty receives a request for extradition from another State Party with which it has no extradition treaty, it may at its option consider the present Convention as the legal basis for extradition in respect of those offences. Extradition shall be subject to the other conditions provided by the law of the requested State. ...
http://www.law-ref.org/EU/articleI-43.html
ARTICLE I-43: Solidarity clause
1.
The Union and its Member States shall act jointly in a spirit of solidarity if a Member State is the object of a terrorist attack or the victim of a natural or man-made disaster. The Union shall mobilise all the instruments at its disposal, including the military resources made available by the Member States, to:
(a)
* prevent the terrorist threat in the territory of the Member States;
* protect democratic institutions and the civilian population from any terrorist attack;
* assist a Member State in its territory, at the request of its political authorities, in the event of a terrorist attack;
(b) assist a Member State in its territory, at the request of its political authorities, in the event of a natural or man-made disaster.
2. The detailed arrangements for implementing this Article are set out in Article III-329.
***
Eyes4Lies
"You first. You must concede that Gary intentionally caused malicious damage which he knew would result in a denial of service to the networks he attacked.
If you concede that I will consider conceding that he did not intend violence"
And so - what you meant to say is - causing a DOS is an act of violence - if so then applying that logic - my ISP is a terrorist !!!
Elle
fg
@ Han - I would not employ you to secure my computer networks !
" Where I worked we tested network passwords monthly, and that took a fair amount of effort. I don’t know what the military does/did, but we certainly never checked local machine passwords."
By not checking for the default Admin account "null" password, something which only takes a few seconds to check, you would have failed any competent security vulnerability audit.
"And of course, as usual, you have not answered any of my question. Not a big surprise I guess."
Who cares ? That is the moan of a typical internet troll.
Elle Hart,Elec.Eng.Tech.
List of convicted computer criminals
http://en.wikipedia.org/wiki/List_of_convicted_computer_criminals
"In the infancy of the hacker subculture, the computer underground,[3] criminal convictions were rare because there was an informal code of ethics.[4] Proponents of hacking claim to be motivated by artistic and political ends, but are often unconcerned about the use of criminal means to achieve them.[5] White hat hackers break past computer security for non-malicious reasons and do no damage, akin to breaking into a house and looking around.[6] They enjoy learning and working with computer systems, and by this experience gain a deeper understanding of electronic security.[6] As the computer industry matured, individuals with malicious intentions (black hats) would emerge to exploit computer systems for their own personal profit.[6]"
There is a big difference between good and bad hackers, just like there is a huge difference between good and bad politics. Its called 'ethics'. And that is something that should be a manditory course in high school, as the word often caauses a blank stare.
The sentence that is being impossed on Gary McKinnon is completely absurd. 70 years and the threat of Guantanamo and sexual abuse. Never have I ever heard of a case like this. Perhaps that is why I feel so passionate about this case. Gary McKinnon is being treated unfairly. He does not deserve 70- years. In fact, the longest sentense on record is only five( 5 ) years.
"Convictions of computer crimes, or hacking, began as early as 1983 with the case of The 414s from the 414 area code in Milwaukee. In that case, six teenagers broke into a number of high-profile computer systems, including Los Alamos National Laboratory, Sloan-Kettering Cancer Center and Security Pacific Bank. On May 1, 1983, one of the 414s, Gerald Wondra, was sentenced to two years of probation.[7] As of 2009[update], the longest prison term for computer crimes was handed down to Jeanson James Ancheta, who created hundreds of zombie computers to do his bidding via giant botnets.[8]"
Elle
Nefertiti
@Han :
"... the only person who has ever said that McKinnon was a terrorist is McKinnon. If the U.S. government thought that he was a terrorist he would have been charged as one. Instead, he is charged with computer fraud."
Well Han, again your research is faulty, as the US Army would seem to disagree with you, as they included McKinnon in an official manual entitled Military Guide to Terrorism in the Twenty-First Century (US Army TRADOC, TRADOC G2Handbook No. 1.01), supplement 2, Cyber Operations and Cyber Terrorism) :
http://www.au.af.mil/au/awc/awcgate/army/guidterr/sup2.pdf
@Eyes4Lies
McKinnon's family are currently in communication with the CPS press office regarding Alison Saunders' statement in which she said "which caused well documented damage" in order to have the statement revised.
HBZR4
For God's (F.G.) Sake, what's happening concerning Gary's hearing that occured on Tuesday 9 June 2009 concerning his medical malady? I went to Janis Sharp's Twitter page and looked over your home page and have found nothing. I certainly don't want to get involved with Her Majesty's government by contacting the Washington embassy to find out. After reading the anti Jacque Smith posts on this site and watching Brown's troubles concerning his ministers' misuse of government money, I think that the individuals concerned are flawed, not the system.
By the way, I heard that Tony Brown is a Right Honourable. Maybe the above paragraph is wrong.
Elle Hart,Elec.Eng.Tech.
Feds admit error in hacking conviction
http://news.zdnet.com/2100-1009_22-132259.html
"This prosecution rode on the government's contention that McDanel was a 'hacker' with a criminal mind and a bone to pick against his former employer," Granick stated. "That bone was Tornado's refusal to fix identified security problems, and McDanel dealt with it by telling customers so that they could help themselves. This is not a crime."
"Rather than a criminal hacker bent on revenge, McDanel was an employee who voluntarily left Tornado to join another company, partially because the now-defunct company wouldn't deal with a security problem that he had flagged, Granick argued in the appeals-court filing. More than half a year after he left the company, McDanel used his valid account on the system to send a mass mailing to the company's customers, warning them of the flaw, she argued."
Ahhaaha Oh this is so ammusing - so perfectly insane. So paranoid about security that they are turning the very people who can save their precious security into criminals !!! I hope ALL in the know never - ever - ever - step forward again - and all the security of the planet can go straight to hell.
It would be wonderful...
Elle
Elle Hart,Elec.Eng.Tech.
Just recieved an update curtesy ::Sun W::
Posted on 9 June 2009 12:54
Http://www.theregister.co.uk/2009/06/09/mckinnon_legal_fight_latest
Posted on 16 June 2009 17:47
http://www.zdnet.co.uk/misc/print/0,1000000169,39664238-39001093c,00.htm
Thanks Sun
Elle
Elle Hart,Elec.Eng.Tech.
Things to do before vulnerability disclosure
http://www.securityfocus.com/archive/101/504338/30/0/threaded
Hahahhaaha - You gotta see this...
"Print out the note to them from a library, pick up note using gloves, put note in self sealing envelope (minus return address), put on self adhesive stamp, then mail note from a public box in another town. Or you could email them and find out the hard way how much of a sense of humor their corporate security department has (read: lawsuit).
Sent from my iPhone"
This is a classic example of the seriousness of sighting those in the know as criminals. Some are so apprehensive to come forward as to just leave the critical security issues unreported and unpatched. But the downside is as soon as the vulnerability is discovered by an evil hacker game over.
Elle
James Taylforth
Why are sooo many people defending a cyber terrorist whose actions compromised the security of a nation? If he is sooo ill, why did he leave countless notes taunting the authorities in the US?
Please please extradite this scumbag, he is nothing but an embarrassment to the UK and to himself, hiding behind psychoanalytic bull in order to save his butt.
fg
@ James Taylforth - you have no evidence of "cyber terrorism", have you ?
The US Federal Prosecutors , back in 2002, reassured the public that there was no breach of national security, no terrorism and no organised crime involvement in the Gary McKinnon case.
If they had any evidence of this, they would surely have pursued the matter much more quickly and with appropriate charges, but they obviously did not.
Gary is not being prosecuted for any alleged "threats", which are rather milder than than many which can be seen on tshirts worn by many people in the USA.
He did not even "deface" a public .mil website (as so many others, including US citizens have done), spreading his alleged message to thousands of people.
The language you have just used in your comment is far more threatening and potentially libelous than that in any of the reported alleged "notes".
Ray McCrohon
This man should NOT face extradition to the US.
He should face a trial in this country, HIS country.
I am so saddened that our country is always playing "patsy" to the United States. We do not vote-in governments in order to jump through hoops every time that nation decrees.
Let,s develop again, a backbone!
Anonymous replied to comment from Irene Allum
I do believe Grumpy Old Man was referring to Mr McKinnon as a tosser because of the fact that he committed a crime and won't accept the level of responsibility required, NOT because he has asperger's syndrome. He didn't mention anything about it, in fact. I'm sure your grandson doesn't appreciate you making such ridiculous assumptions.
Irene Allum replied to comment from Anonymous
My grandson does stupid things, and he could be referred to as a tosser, and far worse, but most of his actions are usually connected with his Aspergers. Whereas people without this condition stop and think, he does not, he just goes with the flow.The fact that Mr.McKinnon committed this crime, and that he is not accepting the level of responsibility, shows that he really doesn't think he's done anything to warrant this severe punishment. He was just 'going with the flow' so to speak, because he could.
scott
This uk goverment have done nothing in favour for garry ! Again the spoilt corrupt american goverment get what they want This is a civilised country This uk goverment needs to stand its ground and take action on stopping garrys extradition other country are getting harsher this country is getting to soft!!!!!
T Birks
the US left their systems open for the purpose of enticing people inside in order to track them back, the system could have been secure but deliberately wasn't. If you leave your keys in the ignition when you park up the insurance won't pay. anyone who believes damage was done to the US systems is probably a little naive. the people say NO EXTRADITION FOR GARY McKINNON .. It would be wise to listen to the people.