Forgot your password?
typodupeerror
United Kingdom News

No Charges In UK For Gary McKinnon 148

Posted by Soulskill
from the end-of-a-long-road dept.
clickclickdrone sends this news from the BBC: "Computer hacker Gary McKinnon, who is wanted in the U.S., will not face charges in the U.K., the Crown Prosecution Service has said. Director of Public Prosecutions Keir Starmer QC said the chances of a successful conviction were 'not high.' He announced the decision some three months after Home Secretary Theresa May stopped the extradition. Mr. McKinnon, 46, admits accessing U.S. government computers but says he was looking for evidence of UFOs. The U.S. authorities tried to extradite him to face charges of causing $800,000 (£487,000) to military computer systems and he would have faced up to 60 years in prison if convicted."
This discussion has been archived. No new comments can be posted.

No Charges In UK For Gary McKinnon

Comments Filter:
  • this: (Score:5, Informative)

    by samjam (256347) on Friday December 14, 2012 @11:35AM (#42287861) Homepage Journal

    The UK CPS declined to prosecute him originally and further decline to do so now.

    This trumps all other arguments.

    • Re:this: (Score:5, Interesting)

      by Grumbleduke (789126) on Friday December 14, 2012 @12:16PM (#42288351) Journal

      McKinnon even sued the CPS over their decision not to prosecute him, and lost (judgment here [bailii.org]). The CPS really don't want to prosecute him.

    • Re:this: (Score:5, Informative)

      by stephanruby (542433) on Friday December 14, 2012 @01:59PM (#42289683)

      The UK CPS declined to prosecute him originally and further decline to do so now.

      And yet, McKinnon said he'd be willing to plead guilty if he was prosecuted in the UK.

      By letter dated 5 June 2009, the Claimant made further representations and indicated that he would be willing to plead guilty to an offence under section 3 of the 1990 Act. Accordingly, the Director was invited to reconsider the decision not to prosecute, since the evidential test was now satisfied, having regard to the wider public interest which, it was asserted, pointed to a prosecution in the United Kingdom. The Director was further invited to "have full regard to Article 3 and Article 8 of the Convention".

      Perhaps, it would have been too much of an embarrassment to the US if the guy had only received 6 months probation and a 1000 fine when what they really wanted was to set an example and have this autistic guy up-rooted from his own country/family, bullied and raped, and locked up in a Federal prison for the next 60 years.

  • by Hagaric (2591241) on Friday December 14, 2012 @11:36AM (#42287877)

    Could he come & cause $800,000 to my computer system too? I could use the upgrade...

    • by Anonymous Coward

      Only if you have evidence of UFOs

    • by serviscope_minor (664417) on Friday December 14, 2012 @12:05PM (#42288215) Journal

      He didn't of course.

      It's an outright lie by the US prosecutors, since they appear to lack any kind of moral fiber.

      It's equivalent to having a burglar walking in the front door then the homeowner claiming costs for upgrading all the locks are due to the burglar.

      Sure, they needed to trash and reinstall all of the machines. But they would have needed to do exactly that anyway when an internal audit showed they were insecure.

      • by Grumbleduke (789126) on Friday December 14, 2012 @12:24PM (#42288477) Journal

        For the record, according to one of the court rulings [bailii.org] he was accused of the following:

        "Between February 2001 and March 2002 he gained unauthorised access to 97 computers belonging to and used by the US Government... From those computers, he extracted the identities of certain administrative accounts and associated passwords. Having gained access to those administrative accounts, he installed unauthorised remote access and administrative software called "remotely anywhere" that enabled him to access and alter data upon the American computers at any time and without detection by virtue of the programme masquerading as a Windows operating system.

        Once "remotely anywhere" was installed, Mr McKinnon proceeded to install his "suite of hacking tools" – software that he used to facilitate further compromises to the computers which also facilitated the concealment of his activities. Using this software, he was able to scan over 73,000 US Government computers for other computers and networks susceptible to compromise in a similar fashion. He was thus able to lever himself from network to network and into a number of significant Government computers in different parts of the USA. The relevant ones were:

        1. 53 Army computers, including computers based in Virginia and Washington that controlled the Army's Military District of Washington network and are used in furtherance of national defence and security [charges 1 to 2]
        2. 26 Navy computers, including US Naval Weapons Station Earle, New Jersey. This was responsible for replenishing munitions and supplies for the deployed Atlantic Fleet [charges 6 to 8]
        3. 16 NASA computers [charges 12 to 15]
        4. 1 Department of Defense computer [charges 17 to 18].

        Once the computers were accessible by Mr McKinnon, he deleted data including:

        1. Critical operating system files from nine computers, the deletion of which shut down the entire US Army's Military District of Washington network of over 2000 computers for 24 hours, significantly disrupting Governmental functions
        2. 2,455 user accounts on a US Army computer that controlled access to an Army computer network, causing those computers to reboot and become inoperable
        3. Critical Operating system files and logs from computers at US Naval Weapons Station Earle, one of which was used for monitoring the identity, location, physical condition, staffing and battle readiness of Navy ships. Deletion of these files rendered the Base's entire network of over 300 computers inoperable at a critical time immediately following 11 September 2001 and thereafter left the network vulnerable to other intruders.

        He also copied data and files onto his own computers, including operating system files containing account names and encrypted passwords from 22 computers. These comprised:

        1. 189 files from US Army computers
        2. 35 files from US Navy computers, including approximately 950 passwords from server computers at Naval Weapons Station Earle
        3. 6 files from NASA computers

        Mr McKinnon's conduct was intentional and calculated to influence and affect the US Government by intimidation and coercion. As a result of his conduct, damage was caused to computers by impairing their integrity, availability and operation of programmes, systems, information and data on the computers, rendering them unreliable. The cost of repair totalled over $700,000."

        Slightly more than a burglar walking in the front door and claiming the costs of upgrading the locks. More like breaking in (maybe through a weak door), completely trashing the place and leaving.

        • Judging from all that, I guess some CISO has a lot of explaining to do. He failed on all three fronts miserably.

          • by citizenr (871508)

            Judging from all that, I guess some CISO has a lot of explaining to do. He failed on all three fronts miserably.

            Awww how cute. You really thing IS in CISO stands for Information Security. I am going to enlighten you - it is just a misspelled JS as in Job Security.
            CISOs main role is delegating responsibility, not securing infrastructure. Everything can be wide open and unsecure as long as you have a piece of paper stating someone else is responsible for it.

            • The sad thing is that you're probably even right. Most CISOs I've met have written more papers to cover their ass than to cover their field of responsibility.

              I know I'm "doing it wrong". But I tend to think that I owe my company the honesty (please refrain from reading further if you're already ROFLing, just trying to keep your sides from splitting) to actually do my WORK instead of just covering my rear end.

              As a reward, we had a LOT of attacks lately, none of which were successful. And in our last external

        • by poetmatt (793785) on Friday December 14, 2012 @12:34PM (#42288637) Journal

          Did he damage all that crap? possibly so, if it ever went to court. Did he do stupid things involving computers? possibly so, if it ever went to court. Was it " intentional and calculated to influence and affect the US Government by intimidation and coercion"?
          That's beyond laughable and imaginary hypothetical rhetoric, to say the least. It actually puts the US prosecutors into question as far as sanity.

          • by Grumbleduke (789126) on Friday December 14, 2012 @12:42PM (#42288757) Journal

            Was it " intentional and calculated to influence and affect the US Government by intimidation and coercion"?

            Well the damage was obviously intentional, and it was calculated to influence the Government (even if it didn't) as evidenced by the note he admitted to leaving behind which read:

            "US foreign policy is akin to Government-sponsored terrorism these days It was not a mistake that there was a huge security stand down on September 11 last year I am SOLO. I will continue to disrupt at the highest levels "

            That sounds rather like an attempt at intimidation and coercion (however pathetic) to me...

          • by Xest (935314)

            Quite possibly no, he didn't. The quote from the CPS:

            "The potential difficulties in bringing a case in England and Wales now should not be underestimated, not least the passage of time, the logistics of transferring sensitive evidence prepared for a court in the US to London for trial, the participation of US government witnesses in the trial and the need fully to comply with the duties of disclosure imposed on the CPS.

            The prospects of a conviction against Mr McKinnon which reflects the full extent of his a

        • And yet, the UK prosecutor isn't charging him with anything. Could all that 'damage' have been made up by the US?

          • by Grumbleduke (789126) on Friday December 14, 2012 @12:47PM (#42288821) Journal

            The UK prosecutor can't be bothered to charge him, because the damage wasn't done in the UK (so there isn't really any public interest in prosecuting) and the US didn't want to hand over all the (sensitive) evidence (of the details of all their military computer networks) to the UK authorities (for them to be made available in open court).

            The CPS not bringing a case doesn't mean they think he's innocent, just that they don't think it's worth the trouble to try to prosecute him.

            • by Shimbo (100005)

              The CPS not bringing a case doesn't mean they think he's innocent, just that they don't think it's worth the trouble to try to prosecute him.

              That's pretty much the default attitude of the CPS; prosecution is really too much of a bother and expense. Police officers always say CPS stands for "Couldn’t Prosecute Satan". You need to keep that it mind when asking "why wasn't X charged?"

        • by serviscope_minor (664417) on Friday December 14, 2012 @12:42PM (#42288747) Journal

          OK, my analogy was flawed, so I'll switch to a non analogy.

          They connected insecure systems to the internet.

          The result is that they needed to inspect and repair all of those systems regardless of whether McKinnon existed or not.

          The only reasonable response to finding the computers were potentially hacked would have been to put the entire lot offline instantly, no questions. What if it had been a much more competent foreign agent?

          How did they know that a Chinese government hacker hadn't subtly altered the readiness logs of the ships [*] at Weapons station Earle? How did they know other logs were not already filled with subtly but much more dangerously flawed data?

          Look, I'm not claiming what McKinnon did was good or right or legal.

          But claiming that he caused those costs is simply not true.

          They caused the costs through the most monumental security fuckup. The fault is entirely on them. McKinnon highlighted that they needed to spend the money RIGHT NOW to fix it.

          [*] for fuck's sake! They had logs about battle readiness on warships on the open internet and editable by almost anyone and they have the temerity to blame their fuckup one lone nutball? Words fail me.

          • Now for the obligatory /. car analogy:

            I leave my laptop on the front seat, get out of the car, lock all the doors, and walk away. Some passerby looks in and sees the 'OH, Shiny!' sitting there and then reaches in the open window and takes it.
            I cry foul!

            Where the major difference between the analogy and the network breaching comes into play:
            Most everyone will agree the theft was wrong, they still consider me an idiot for not rolling up the windows, but the network lack of adequate security seems not to caus

            • In the real, physical, tangible world there are behaviour conventions that are either ingrained or that we learn as children.

              These are largely, at present, absent in cyberspace which, rightly or wrongly, is regarded as different.

              Hence, the "unlocked door/open window == an unsecured server" argument is a pile of poo just like ur mom.

        • by Stalks (802193) *

          It was also aledged that McKinnon wasn't the only person gaining access to these machines. McKinnon said the computers were like an open book and lots of people were in there. Sure, the damage was done, if you say so, but it may not of all been McKinnon.

        • More like breaking in (maybe through a weak door),...

          The quote contains the root of the problem.

          If these compromised networks had adequate security to start with, Gary M. wold not have gotten in.

          As long as the mindset of 'convenience/budget overrules security' this stuff will keep happening frequently.
          There is a good reason banks spend the money to install those expensive, elaborate bank vaults for the money to be kept in.
          We see that here on /. all the time, and have for years....thousands of comments by IT folks on /. complaining that their pointy haired bos

          • But that isn't how (most) crimes work. It is (in many places) a criminal offence maliciously to gain unauthorised access to computer systems, and thus those who do so should get punished. Arguments of proportionality of sentences, precise wordings of the offence and the purpose/merits of a criminal justice system aside, whether other people are also doing shouldn't really be an issue.

            Whether or not other people are to blame (the operators of the system, other people breaking the law) is a separate issue, an

        • Key words: accused of.

          • Well yeah... when you arrest someone or try to prosecute them for a crime, it's all just accusations. In this case, it is unlikely to be proved in court due to there being no trial. The US are alleging he did this and caused this much damage, which is why they want to put him on trial...

            • If someone wanted to extradite somebody from the US, they'd have to come up with a lot more than accusations. Probable cause, which is generally interpreted so strictly as to mean proof of guilt.

              Turnabout's fair play, no?

              • Probable cause is not the same as proof of guilt. Wikipedia quotes a definition of the former as "a reasonable amount of suspicion, supported by circumstances sufficiently strong to justify a prudent and cautious person's belief that certain facts are probably true" - which is a much lower test than proof of guilt.

                And it's pretty much the same test for extradition from the UK, which requires "reasonable grounds to suspect" (or a national equivalent). Whether a US judge is more likely than a UK one to find a

    • Never even read the summary? It seems he accidentally the computer.

  • Is he free? (Score:4, Interesting)

    by Hatta (162192) on Friday December 14, 2012 @11:40AM (#42287929) Journal

    So if he's not getting extradited, and there are no charges in the UK, is McKinnon a free man?

    • by schneidafunk (795759) on Friday December 14, 2012 @11:46AM (#42288007)
      They're having him work for SETI.
    • by xaxa (988988)

      So if he's not getting extradited, and there are no charges in the UK, is McKinnon a free man?

      Yes, I think so. That's what not being charged generally means (if that sounds sarcastic it's not supposed to be -- simply IANAL.)

      "... will not face charges in the UK, bringing to an end a 10-year legal battle."

      "Janis Sharp, Mr McKinnon's mother, said the news was "amazing" and she was grateful the case was "all over now".

    • Re:Is he free? (Score:5, Informative)

      by Baloroth (2370816) on Friday December 14, 2012 @11:52AM (#42288073)

      So long as he stays in the UK, yes. The US still has an extradition warrant against him, so if he travels to another country he could be extradited from there (although it would depend on the judgment of those courts). Traveling to the US would obviously get him arrested.

      • by geekoid (135745) <`moc.oohay' `ta' `dnaltropnidad'> on Friday December 14, 2012 @12:02PM (#42288183) Homepage Journal

        Maybe he will be abducted~

        • by tnk1 (899206)

          It would be a waste of time and money. They already taught him his lesson by putting him through the process.

          He will be watched for the rest of his life, however.

          • Waste of time and money? You're talking about the country that has two rather pointless wars running, you think they care about a waste of time and money?

            • by tnk1 (899206)

              Yes, I do think that. You seem to be of the opinion that the US government is going to extra-judicially abduct a public figure from an allied country for a minor offense. They might do that if he was some faceless terrorist in Yemen who they can't keep tabs on easily, but for a British nutcase? It's not worth the trouble. Do you know how many people they would have to abduct if they did they for every extradition charge that beat their rap?

              You only need to abduct people who you can't use the system to d

    • So if he's not getting extradited, and there are no charges in the UK, is McKinnon a free man?

      Only until he pops up on Seal Team 6's list.

    • So if he's not getting extradited, and there are no charges in the UK, is McKinnon a free man?

      From what the article said as long as he stays in the UK his a free man. If he goes to any other country that the US has an extradition treaty with he could find himself on a plane to the US. So basically his punishment here is that he can basically never leave the UK again.

  • by FrostedWheat (172733) on Friday December 14, 2012 @11:59AM (#42288141)
    Right, so the real people responsible will be charged now? The ones who left seriously insecure military computers connected to the internet? </naive>
    • That's hilarious it really is, I love the idea of the CPS trying to prosecute the Pentegon for running an insecure network :) I know that's not what you meant, but the fact is the Pentagon still think he is 'one of the most dangerous hackers of all time' and would still love to hold him responsible for their own deficiencies. An epic case of deferring responsibility if ever there was one.
    • by tnk1 (899206)

      You don't charge people who made mistakes in their jobs unless they did so with criminal intent, and I encourage you to attempt to prove that in a court of law. They can be fired or demoted or have nothing whatever happen to them at all. Although someone clearly failed in their job, and possibly should be fired, responsibility was probably shared in small parts by dozens of people who were lax at their jobs. Such is the problems with having a huge government bureaucracy: huge problems, and no one person

      • by idontgno (624372)

        You don't charge people who made mistakes in their jobs unless they did so with criminal intent, and I encourage you to attempt to prove that in a court of law.

        Uniformed members of the Armed Forces responsible for managing the DoD assets affected by this were theoretically vulnerable to being charged with, for instance, dereliction of duty. The Uniform Code of Military Justice is funny that way. If command could argue that the systems managers had a duty to secure the systems, the failure to do so would b

  • by edibobb (113989) on Friday December 14, 2012 @12:13PM (#42288315) Homepage
    If anyone should be punished, it's those incompetents who did not secure the computers in the first place. It's like leaving the door to the office building unlocked and unguarded. There's nothing like a foreign scapegoat to distract the news media.
    • My guess is that any investigation into this security SNAFU would end up uncovering a memo stating something like 'We've finished securing the network using the full $10.25 granted by congress. Please dedicate more funds next year.' After that any investigation would suddenly find itself without funds and be quickly shut down.

    • Look, clearly you're new to this whole thing, because the whole "it was unlocked" crap has been trotted around here since 1998 or so. 1)Trespass is still a crime. Further, breaking and entering requires only pushing open a closed door - it doesn't have to be locked. They're still separate crimes. If someone's front door is open but you don't belong in their house, you're still "entering" and committing trespass, which is illegal, and has been since common law times. 2)He didn't just enter the systems, he
  • he also admitted his "hacking" was almost entirely limited to guessing default or super weak (12345) passwords- this is actually farcical. they have to paint him as some Asperger super hacker to stop themselves looking like idiots
  • Hack into a foreign government's computer system and cause $800k worth of damage, violating international laws in the process? Extradition is blocked.

    But if you're Richard O'Dwyer and do something completely legal in the UK and causing no direct monetary damage? Theresa May goes out of her way to bend over and let Uncle Sam do his dirty work.

    The difference? One guy was looking for UFOs, the other had a website that had links to pirated content. Logic, right?

    My feelings could be summed quite well by a lo

    • by Xest (935314)

      To be fair, O'Dwyer largely only has himself to blame though. In accepting the deal with the US to pay them $20,000 and promise not to break any US laws again (which is fucking sick, since when did the US get to hold British citizens to US legal standards?) he ended the situation early, but didn't let enough pressure build on Theresa May to go the same route.

      I think it's almost a certainty that O'Dwyer's extradition would also have been blocked eventually once appeals etc. were exhausted and enough politica

A LISP programmer knows the value of everything, but the cost of nothing. -- Alan Perlis

Working...