lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20080928180351.CA34924F@lists.grok.org.uk>
Date: Sun, 28 Sep 2008 14:03:21 -0400
From: "Exibar" <exibar@...lair.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Re: [inbox] Re: Supporters urge halt to hacker's,
	extradition to US

 McKinnon did cause damage:

"The charges include one incident - shortly after the attacks on September
11 2001 - which brought down a network of 300 computers at the Earle naval
weapons station. Another raid apparently left 2,000 government machines in
Washington inoperable."
http://www.guardian.co.uk/technology/2006/apr/28/hacking.security

  A message left by him on a system:

"As part of his quest he left this message on an Army computer in 2002:
"U.S. foreign policy is akin to government-sponsored terrorism these
days.... It was not a mistake that there was a huge security stand down on
September 11 last year ... I am SOLO. I will continue to disrupt at the
highest levels."
http://blog.wired.com/27bstroke6/2008/08/uk-hacker-gary.html  (and many
other sources with the same message)

  Sure sounds like a criminal that knows what he's doing, and is doing it
willfully, doesn't it?  

  Oh yah, and he's really only facing a fine and up to 10 years of prison
time in the US...  I guess things really are different translating to the
metric system in the UK...
 http://www.fortlewismwr.com/Computer_Fraud_Abuse_Act.htm

  Wondering what the maximum term in the UK is for the same crime?  Hold on
to your seat...  
LIFE IN PRISON (see next paragraph)

"As the Divisional Court itself pointed out (at para 34), the gravity of the
offences alleged against the appellant should not be understated: the
equivalent domestic offences include an offence under section 12 of the
Aviation and Maritime Security Act 1990 for which the maximum sentence is
life imprisonment."
http://www.publications.parliament.uk/pa/ld200708/ldjudgmt/jd080730/mckinn-1
.htm
   That link is a link to the very court brief itself on McKinnin's appeal
in the UK... 

   McKinnon should face the charges of computer crime that he's facing.  He
should, and will, be tried, either in the US or in the UK.  But, keep in
mind that it is the UK that will extradite him, and it is the UK that has
ruled that he *should* be extradited for his crimes....


Ok, I'm done now :-)

  Exibar


-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Kyrian
Sent: Sunday, September 28, 2008 7:31 AM
To: full-disclosure@...ts.grok.org.uk
Subject: [inbox] Re: [Full-disclosure] Supporters urge halt to
hacker's,extradition to US

full-disclosure-request@...ts.grok.org.uk wrote:
>> "American officials involved in this case have stated that they want
>> to see him 'fry'."-- BBC.
>>     
[IANAL, correct me if I'm wrong, etc, but...]

Yes, that's a large part of the problem.

That courts *can* be bought (usually indirectly via already-bought 
officials, or more nasty methods), and that government officials have 
said the above makes it worse still.

The thought that US law was apparently changed from requiring damage to 
systems to get a conviction to not requiring such damage, very recently, 
is another problem.

The fact that neither the US or the UK (as far as I'm aware) actually 
has a sane enough legal framework for this sort of thing, or enough 
police (anyonewho's dealt with the UK's former "High Tech Crime Unit" 
will know this), judges (there are many examples of judges being "out of 
touch" in their rulings), etc. who are actually aware enough of the 
underlying technology to deal with it sensibly is another.

I agree with whoever said that people should be extradited to the 
country in which they caused damage, but not under circumstances like 
these, and not when there is no agreed standard of law between the 
country the person would be extradited from, and the one they would go to.

In the UK it still requires damage to be done for it to be a criminal 
offense, and that does not seem set to change.

That it is possible to cause damage to (badly managed) systems by doing 
absolutely nothing in a lot of circumstances (as I am finding right 
now), that logs can be faked, and that the dividing line between probes 
versus actual hacking attempts is at times a very narrow one, there is 
plenty of reason not to agree extradite Gary.

That he's "autistic" is probably neither here nor there, I'm afraid, as 
it seems to be very common for people involved in computing the be 
somewhere high on the autistic spectrum (even if they are not 
'officially' autistic). I have taken the test. I'm not telling, but I 
know what I'm talking about.

So, I shall be there, I won't be shouting or chanting, but I will be 
there. I hope that the event is not hijacked by another purpose, and 
that I do not get shot by the armed police at the US Embassy there (it 
is a scarey looking place, which puts me on edge whenever I'm near). 
Strangely I also find myself wondering if the staff there are paying the 
London congestion charge yet, rather than ignoring it...?

Just my 2c, or so.

K.

-- 
Kev Green, aka Kyrian. E: kyrian&#64;ore.org WWW: http://kyrian.ore.org/
Linux/Security Contractor/LAMP Coder/ISP, via http://www.orenet.co.uk/
                 DJ via http://www.hellnoise.co.uk/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ