The verdict in the Gary Mckinnon extradition trial was really no shock to me considering the political climate. Lets face it, this is not about hacking or security this is about politics and money. Cynical? You bet I am, having been through an almost identical situation, very similar computer intrusions and similar motives – the only difference was I was pre-terrorism mania where everything and everyone is a suspect.

Think about this, almost a decade ago machines belonging to the military, navy, army etc were broken into and this was the proof Congress needed to show that cyber terrorism existed. An unknown spy running rings of computer hackers to steal secrets for foreign governments. The fact that I was not a spy, and certainly not “possibly the single biggest threat to world peace since Adolf Hitler” didn’t really make much of a difference to the fear machine that was put in place selling the idea that cyber terrorism was a real threat.

Millions of dollars in budget increases, that is where the difference occurred. If you take the threat to be real (which it certainly wasn’t back then and highly unlikely to exist today) then this raises questions, namely;

1. Where have the mega budgetary increases actually been spent?

Education cannot be one of them, as if machines are left in a state of ‘unpatched since install’, with unpassworded points of entry – I cannot see that the money has gone to the improvement of sysadmin skills or awareness of the problems of being online.

If you compare the awareness by consumers of security threats, people have seriously woken up to the fact that unprotected they are just sitting ducks to the onslaught of manual and automated attacks.

Phishing, hacking, spam, bots, virii, worms – the majority of home users now have firewalls, anti virus software, spyware checkers etc – all of which have a much lower budget than the military. I suspect that as governments, unlike corporate entities do not have shareholders to answer to. They do not have to explain why their machines were offline and money was lost, that in fact they can just blame budget instead of actually being proactive and moving with the times.

2. If in this case as in mine, there were clearly many other hackers

with access to the same systems at the same time, why have they not been prosecuted or even mentioned?

This seems to me to be more proof of my theory that so-called super hackers are hauled in front of the courts when it is convenient for their cases to be used for ore proof of computer insecurity and the need for greater budgetary increases..

3. Where are the administrators and their bosses in this case?

In this political climate, one of the dark looming threat from the bad men all around us (as we are constantly reminded), to not secure machines properly they have committed federal offences. It is surely not good practice to have machines, sitting on the Internet, unfirewalled, unpassworded containing alleged sensitive information – and most likely a direct violation of their contract and training.

This is a sysadmins first job, to change any default passwords or to set ones where they are not needed – and certainly ensure that those machines are sitting behind a firewall. I am not trying to say that Gary was attempting to test their security, but if this was a corporate environment the sysadmin would have some major explaining to do.

4. Is the fact that the USA are fighting so hard for extradition a dig at our legal system?

Gary has admitted his guilt and wants his trial to be in the UK, so why can’t he be tried here? Could this be to do with the fact that most computer crime here (financial gain notwithstanding) is dealt with by means of fines. Do the USA see us as a soft touch? This brings the idea of two scenarios;

– Gary being tried by a jury of his peers. They hear the evidence and consider the fact that the machines were badly administrated and this is taken into consideration when sentencing.

– Gary being tried in a foreign country by a jury that hears he has ‘attacked their country’ this is bound to have a bearing on the sentencing.

A possible 70 years in prison, for what exactly? showing that in a decade the USA military have not learned, or at worst, blatantly ignored the security threats around them when it is they who tell us every day that we should be afraid.

In my case I was never debriefed by any of the authorities that I hacked, never asking how I did what I did – never asking me to comment on my peers or related community. Gary says he is guilty, why are we going to punish this man further by sending him to a foreign jail which are known for brutality against inmates: [http://www.hrw.org/reports/2001/prison/report.html]

– where is the leniency for admission of guilt? Let this guy talk to kids about how this trial has affected his life. Let this guy talk to governments.. Let this guy talk and discuss and explain.. don’t send him to a punishment likely to be worse than he would receive in this country for murder.

The extradition bill is being tested right in front of your eyes, it is a blatant decline in our civil liberties and a worrying step forward for our so-called democratic society.

Mathew Bevan
www.kujimedia.com