Boris Johnson's outspoken defence of Gary McKinnon in his extradition fight has been criticised by a former security consultant, who complains he was denied such support when he himself was charged with hacking offences. Daniel Cuthbert was convicted in October 2005 of breaking the Computer Misuse Act by "hacking" into a tsunami …
He wants to know
"why he wasn't shown any support from politicians of the kind lent to McKinnon by Johnson"
Er, because Cuthbert wasn't being carted off to a foreign country where he's unlikely to get a fair trial and to be used as a scapegoat to hide the red faces at the Pentagon on the flimsy pretext that he's some kind of terrorist?
Dude A: Is stupid, gets £1000 fine and a change in career
Dude B: Is slightly more stupid, and faces Eight Billion years in an American prison.
Yup. cannot see why one gets more support than the other.
He wasn't under threat of extradition to a foreign country?
He's missing the point
Boris is criticising the one-way nature of uk-us extradition, and objecting to the charactarisation of the attack as a terrorist incident. Not really the same, although Daniel Cuthbert's a helluva lot more deserving of sympathy than mckinnon is.
But, essentially, what he's saying is "you can't try to solve a problem, because in the past you didn't completely solve this problem, so it would be unfair on the people that had to endure this problem if you were to remove it now" That's an argument that comes up a lot, especially around computing folk. ("I'm cloning this hard drive because I suddenly realised we don't have any backups" "But that's not a good backup procedure! Don't do it!" "Agreed, but isn't it better than what we've got, and will do until we get a proper procedure in place?" "But that's not a good backup procedure!" ad infinitum)
He got overlooked. That's a shame, but that's no reason not to try harder now.
Yes he committed a crime...
just not the one he'd be tried for.
"ignore the facts of the situation" "caused real damage"
Well, the facts seem to be that the systems were "protected" by default passwords and that he didn't delete anything or use any noticeable amount of resources.
Yes it was a crime, committed in the UK, but assuming there is no proof of other "hacking" activity then a slap on the wrist in the UK seems in order.
As for the other guy: He deserves a public pardon.
The to cases ain't exactly similar are they?
"Cuthbert now wants to know why he wasn't shown any support from politicians of the kind lent to McKinnon by Johnson."
Because a £1000 fine and a change of job is not the same as a show trial* in a US court followed by a few years in a US prison. Also, maybe, people don't find 'hacking' the US government quite as disreputable as hacking a charity website.
*Anyone who honestly believes McKinnon will get anything like a fair trial in the US lives in cloud cuckoo land.
Yawn... this is my standard response to anything "McKinnon"
Mckinnon = naughty. Yes we know that.
Try him in the UK for being naughty. End of. And please, can HMG grow a pair on the whole "US-UK extradition" thing being a big bunch of bollocks, and tell the Americans to fuck off.
End of. Again.
And as for this Daniel fella bitchin'... cry me a river. Boris and all the rest can't comment on everything, so don't bust him up for commenting on this but not your case. Boo-hoo.
So? Was the persecution as bad? No.
That there is your problem, kid.
Nobody hated you enough. The weight of a foreign government with egg on their faces and the possibility of the security theater being seen for what it is didn't oour on you. And so you didn't NEED the help.
In much the same way, although I was quite hungry a few weeks ago, international aid didn't come to pay for a chicken sandwich for me to assuage my hunger.
"and fined £400 plus £600 in costs."
Well, that's not 70 years and millions in costs is it.
a) Cuthie didn't do anything as serious by any stretch of the imagination and therefore the comparison is irrelevant
b) Cuthie was appropriately damaged for the work and McKinnon's possible fate is a huge overreaction in which case why isn't Cuthie (and the author) telling the US that their claim for redress is ridiculous?
Wait what? So what Cuthbert is saying is that if Mckinnon is innocent, so's he, but at the same time he's saying McKinnon is guilty? I'm confused. Incidentally, why on earth would you think it was a good idea to security test someone else site without telling them?
The USA continues to trample on human rights.
Could it be because Cuthbert's proposed punishment didn't include an unpredictable, dangerous and politically motivated spell in the jail of a country presided over by a maniacal, illegitimate and cretinous redneck?
You know, I think it might.
I wrote to the DEC about this at the time, but they fobbed me off saying it's all to do with BT as they handle the security and make the decisions, and they wouldn't comment on any specific case.
Ok. So you donate to a charity but don't get an email back.
a) Report the matter to the admins of the site in question, thus enabling them to check what has happened and maybe send you the confirmation?
b) Run two "Security tests" on the site in question because obviously the fact that you haven't recieved an email obviously means that the site has been hacked and the email isn't being delayed due to something more mundane such as a malfunctioning mail server or the volume of emails being sent.. Finally you must complain when MPs don't intervene when you are charged in England under an English law designed to protect companies against the kind of things you are attempting.
What was the "real damage"?
The only real damage McKinnon did was to the reputations and careers of those incompetent US sysadmins and their managers in the DoD.
If the truth ever comes out (which is extremely unlikely now) it will show that most of the damage was probably caused by their panicky attempts to retrofit a security policy onto the collander they thought of as their "secure network".
Please Mr Obama, bring in mandatory 5 year sentences in Gitmo for US DoD sysadmins who leave default passwords and unpatched M$ servers on the internet, and 10 year sentences for their managers for letting them. Oh and a nice letter to Gary, for showing up the holes in your security before someone nasty found them, wouldn't go amiss.
Dude A: Man with a chip on his shoulder
Dude B: Man with the the entire US of A on his shoulder
Dude A: Supposed security professional that should know the law as part of his job.
Dude B: Hacker who probably hasn't read the law.
Dude A: Falls flat on face with no 0wnage, gets processed and freed, whinges for the rest of life.
Dude B: Big 0wnage, US gets pissed, tries not to get 'interrogated' in jump suit for the rest of life.
This is about extradition not guilt. Cuthbert should, like the US, suck it up and get on with life. Nobody supported him because of his own stupidity.
What is he actually complaining about?
"I personally think he should be tried in the UK. The UK is wrong to bow down to the whims of the US, especially since the extradition treaty between the two countries is hardly fair and equal."
So, he agrees with McKinnon and his supporters, just doesn't think they should get any support?!?!
McKinnon is a bloody liar
If you watch his interview with Click!'s totally IT clueless host (on youtube) and you'll see his explanation is totally bogus about how he did it. Apart from very sus pausing and stammering he sez he scanned for PC IP's inside the networks that didn't have passwords. Sorry carrot-head; PC's DON'T HAVE public IP's, you can't scan for them. Only the servers that act as internet/WAN gateways do, and they WILL NOT even let you finish loading the server install if you don't put in a password. Sounded to me like he didn't know WTF he was talking about rather than covering up his "elite" skills. He's just a know-nothing hanger-on fronting for his sniggering online buddies who've abandoned him.
It's a bit two-faced around here...
Q: What's the difference between a Ukrainian shitwit script kiddie fucking around with your computers and a Sweaty shitwit script kiddie fucking around with some Yank ones?
Looking at some comments sections around here, the answer appears to be that the first should be assassinated by the CIA so you can nail his worthless hide above the door and the second should be protected from the Evil Yankees who want to, er, put him on trial and quite probably send him to prison.
The comments about fair trials in the 'States make me laugh too. Reading this article, the obvious miscarriage of justice (assuming the facts reported are correct) in a related case happened in a British court. 1-0 to the Septics here as I've yet to see an article reporting on a stateside conviction for computer crime which was such a blatant pig's ear.
The mistake Cuthbert made was in forgetting to hire a publicist as well as lawyers.
I close with the word "Aspergers" used in conjunction with the words "Guinness", "Saunders" and "Alzheimers"...........
PC's DON'T HAVE public IP's.... Really?
@ Darryl Parvin wrote "Sorry carrot-head; PC's DON'T HAVE public IP's, you can't scan for them. Only the servers that act as internet/WAN gateways do"...
Wrong actually. What you're describing is IP masquerading or NAT (network address translation), where computers inside the network are assigned a non-public IP address (typically in the 10.x.x.x. range), which is translated to the public IP address by the internet gateway.
That's not the way it used to be done, especially if your organisation has a class C or larger internet address (meaning the organisation can have 256 or more public IP addresses). Here, each PC inside the network can have a public IP address, and if the internet gateway/firewall doesn't block it (that is if there is a firewall), they can easily be scanned. This is precisely what's called lax security :-)
re: McKinnon is a bloody liar
So he's lying because he has a stutter???
And you're a lying sack of shit because the more someone says "sez" the less they said what they sez they said.
Nope, not two-faced
The Script kiddie did damage, intended to do damage and really did hack. They aren't called a terrorist.
McKinnon didn't do damage, didn't intend to do damage and really didn't hack. And is called a terrorist.
Since the only common thread is "someone complained about access to their compter", there's not a lot of reason to expect us to treat them the same. Just as taking a school photo isn't treated as viciously as kiddie porn, despite "photos" and "children" being a small common thread.
Er dude, sorry to break it to you but quite often you can access PC's on private IP's through public IP's. McKinnon was scanning for natted VNC servers and he found loads of em. This is the result of SERIOUSLY incompetent IT staff.
Oh and er around 2001 it was still very possible to find entire networks of machines that were connected to the net on public IP's with no firewalling. I wont name any names but I have actually seen this scale of network idiocy in the real world... around 2001 in fact!
As for the bloke who hacked the Tsunami appeal site, yay well done dude you are a super l33t and definately deserve to be picked up from your house in a black helicopter and taken to your own private cell for your amazing discovery of an unpatched IIS machine! Well done!
GREY coz thats what got Gary into this mess.
"Sorry carrot-head; PC's DON'T HAVE public IP's, you can't scan for them."
Can you attest to that? I distinctly remember my college having public IPs for every single PC, workstation and whatnot on campus up until 2003. "Private" IPs found increasing use only because most orgs couldn't keep up with the expense of maintaining large blocks of IP addys which basically served only one useless PC; couple that with the IPv4 shortages and you can see why most orgs have switched to private IPs.
However, I do think the US military might have public IPs on their systems; however, the most you *might* get into would be NIPRNet boxen, which won't contain "sooper seekrit" stuff like McKinnon claims to have found. And if he did find it, well, some heads would roll, as it would be a violation of security protocols.
I'd be more concerned about McKinnon being able to get there without a firewall blocking him out. Meh.
Wow man you just got owned 4 times in a row! Better get back to your Windows Networks for Dummies.
McKinnon really /did/ find evidence of aliens and that's why the US wants him back so bad!
Nah, that's just stupid.
Well someone had to say it!
Is this the same Scott Christie lying again! Gary McKinnon has never beeen charged with a DOS attack, so why the lies in recent computer magazine interviews Mr. Christie? or have you no clue as to what a DOS attack actually is?
Re-the alleged damage: The American prosecutors told British courts and the House of Lords that the alleged damage was fact yet within approx, one month afterwards in interviews given to several computer magazines, Scott Christie said: "the most difficult thing to prove once McKinnon was extradited would be the damage".
In other words, they have no proof of the damage Gary McKinnon has always denied
Was Scott Christie one of the prosecutors that had to leave his job after a scandal involving lying to congress? I know McNulty had a problem in that area, and Democratic American Judges were apparently being intimidated and in many cases sacked for not towing the line. McNulty was said to have lied to congress but said it was because he was misinformed.
I think they ought to be doing some damage limitation instead of Christie spouting off his lies again. They're not exactly innocents and their credibility is dubious.
97% of cases never get to trial in the U.S and people are often left imprisoned for years until they accept a plea bargain whether guilty or not. Is that Justice?
Now if you're rich that's another story, then you just might get a fair trial.
(I believe Kevin Mitnick was imprisoned for years before accepting a plea bargain)
Gary McKinnon left notes on computers over a long period telling them their security was crap, telling them "this is ridiculous" and it still took them forever to trace him on his dial up computer seven years ago at the flat he shared with his then girlfriend. He apparently saw people from all over the world including China, Russia and Korea wandering through Pentagon computer space as THERE WERE NO PASSWORDS AND NO FIREWALLS ON THOUSANDS OF MACHINES EVEN BEFORE AND AFTER 9/11
In March 2002 Gary was naive enough to admit to computer misuse without having engaged a lawyer because he trusted the British High-Tech crime unit who told him that they had been monitoring his computer activity for x amount of months and that as he had caused NO DAMAGE, he was looking at six months community service.
Then in September 2002 the U.S indicted Gary and simultaneously issued an arrest warrant but then waited until the U.K started using the one sided extradition treaty with America before re-arresting Gary in 2005 (Three Years Later)
In other words they waited until they no longer had to prove the damage Gary had always denied.
Cuthbert has no idea how it feels to be facing the prospect of being torn from your home to face the possible of sixty years in a U.S prison and even if it was half that Gary could well die in a U.S prison.
Gary wishes more than anything that he'd never poked his nose into any systems looking for UFO's and all he wants is the right to be prosecuted in his own country, a right which Cuthbert was afforded, so I can't understand what Cuthbert is actually complaining about.
Gary never wants to do interviews and rarely does them anymore; he did them in the past only because his legal team thought it might help his case.
Gary would rather be anonymous and hand the fame to Cuthbert that Cuthbert appears to want and if Gary could be fined £400 he and his family would be celebrating as they'd have their lives back again.
They have had seven years of absolute hell.
Boris Johnson was brilliant to speak up and say it like it is, as were the Liberal Party and many Labour MP's and lots of the amazing people who responded on this website..
Since this one sided extradition treaty was signed by the U.K, the Americans have been using it frivolously and maliciously to extradite British citizens for low level non violent crime that should not be an extraditable offence. The U.S are taking th p..ss and our government sold us out.
In addition to computer geeks British business men and women are no longer safe from extradition, unless of course they can pay millions of pounds in fines to the American government.
This one sided treaty has to go.
This happened seven years ago for Gods Sake and the U.S waited three years (until this one sided extradition treaty was being used) before applying to the u.k for an arrest warrant for Gary,;Thus giving them a legal advantage.
In other words, the U.S waited until they no longer had to provide evidence of damage but needed only to make an allegation.
Says it all really!
US government security
When I was only a youngster, I clearly remember telnetting out of the Janet network into a compromised account at a university in Israel.
...and spotting an unusually named file that had just been uploaded. It was a list of networks, along with IP addresses (for the gateway machine) and the usernames and passwords required to access them.
The fact that well over half of the machines belonged to the US government amazed me.
When I realised that the accounts were all active *real* users who had left their account details lying around (or who had easily guessable passwords) I was amazed. When I found that I could access drafts of next year's CIA world factbook, I logged out asap. I didn't want to be anywhere "top-secret", just in case.
Now, all it would take is for the US government to obtain proof that I logged in and they could allege that I had deleted files and worse, that I was somehow a terrorist too. I'd then be looking at a lifetime in prison if found guilty.
I *would* be guilty of illegally accessing a computer system but that's not what would make the bulk of their conviction, is it? It's the only bit they have any evidence for though! I totally empathise with McKinnon. It could easily have been me.
Which sounds worse: "I am a terrorist" or "I try to prove that UFOs exist"?
Cutherbert full of c**p
Firstly, he didn't change career he went to work for Corsaire (whilst they're not very good they are still technically a security consultancy).
Second, the reason Cuthbert was treated harshly (thought not THAT harshly) was because he lied from day one to the police and courts about what really happened. The whole 'i made a donation with a lynx browser and that triggered the IDS' thing, anyone remember that?
Thirdly, Cuthbert was never under threat of extradition which if you've ever met the guy will immediately strike you as a great shame.