lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <48E13E26.5000206@ore.org>
Date: Mon, 29 Sep 2008 21:44:22 +0100
From: Kyrian <kyrian@....org>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Supporters urge halt to, hacker's,
	extradition to US

Further to Exibar's previous email, now I've been through the links that 
worked (one seemed to have been 8.3 truncated)...

There does seem to be a substantial lets say "pro-american-hacker" bias 
in the text of the pages you provided links for.
>  McKinnon did cause damage:
>   
"The charges" say he did, yes.

And thanks to our dear old blind (some say to Justice as well as 
"visible" light) former Home Secretary, David Blunkett, that's now 
enough to gain an extradition, no evidence required, just an allegation, 
which can (and seems to be in this case) treated as fact(Australian 
newspaper, which should be reasonably neutral):

http://www.dailyreckoning.com.au/us-extradition-laws/2007/12/07/


>   A message left by him on a system:
>   
Changing the /etc/motd file or equivalent is hardly costly, and hardly 
massive damage, no? Hypothetically speaking, if I wanted to do as little 
damage as possible and make someone get the message I'd been in there, 
that's probably what I'd do.
>   Sure sounds like a criminal that knows what he's doing, and is doing it
> willfully, doesn't it?  
>   
Agreed, the use of the hardly-unique-sounding handle 'Solo' stands up to 
analysis. Although it's been used by someone else before, who did worse 
things:

http://www.wired.com/science/discoveries/news/2002/11/56392

Obviously I'm not privy to all the evidence, but...

In my opinion, installing remote admin software to poke around systems 
is inconsistent with "deleting critical system files" as it would be 
self-defeating, possibly causing that system to fall over, and for you 
to lose control of it. Indeed, the fact that it's off-the-shelf is 
inconsistent with trying to evade detection, which leads down the same 
self-defeating path.

Additionally, downloading 'the same version' of software that was used 
in an attack is surely not sufficient to establish use of it in an 
attack, especially as someone else had used the same name in other attacks.
>   Oh yah, and he's really only facing a fine and up to 10 years of prison
> time in the US...  I guess things really are different translating to the
> metric system in the UK...
Heh. I've caught up with the joke now.

However 7 counts at 10 years a piece surely does add up to 70 years?:

http://cryptome.org/ips-bared.htm
>    McKinnon should face the charges of computer crime that he's facing.  He
> should, and will, be tried, either in the US or in the UK.  But, keep in
> mind that it is the UK that will extradite him, and it is the UK that has
> ruled that he *should* be extradited for his crimes....
>   
Yes, he should be punished in some way for it, but I see no due process 
in the extradition, and the comments that have been aired leave 
considerable cause for doubt about the fairness of any due process in 
the USA.

I have insufficient knowledge of the US judicial system to be sure that 
there are checks and balances against due process being derailed, and 
I'm open to being persuaded.

If it were me, I would tell you to go f**k yourself if you wanted me to 
plead guilty to something I didn't do (so perhaps this is a uniquely 
British trait?), and I would certainly get quite upset and explore all 
avenues to avoid being 'fried', or imprisoned for a substantial length 
of time, if I thought that was what were to happen.

I think this has gone on-list long enough, so I'll try and drop it now, 
unless anyone says anything really bloody aggravating. ;-)

K.

-- 
Kev Green, aka Kyrian. E: kyrian&#64;ore.org WWW: http://kyrian.ore.org/
Linux/Security Contractor/LAMP Coder/ISP, via http://www.orenet.co.uk/
                 DJ via http://www.hellnoise.co.uk/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ