Feeds

McKinnon a 'scapegoat for Pentagon insecurity'

US mil still wide open to attack, says reformed hacker

5 things you didn’t know about cloud backup

Fast-track extradition is a one-way street

The US Congress has not ratified the fast-track extradition treaty between the UK and the US. UK prosecutors would need to present a compelling case before a US court before securing an extradition, whereas US authorities, as in the McKinnon case, have far fewer hurdles to clear.

"If it was an American hacker who had breached our computers - would we be fighting for extradition? I doubt it. In fact, we would most likely have to issue a public apology for our lapse in security and the media would be up-in-arms about how weak our defences are."

He added that the human factor is often ignored in the debate over McKinnon's fate, which is split between the 'burn him' camp and the 'deal with him here or let him go' lobby.

"People seem to forget that Gary is not just a meme or a 'hacker' - he is a real person. This guy has been waiting for six and a half years already. Now the chances are that if it had been dealt with over here he would have long served his time and be free to carry on his life.

"Due to political wranglings, all we are going to see is more time lumped on top of what has already been spent waiting in the wings and as many expect that time could be way in excess of the sentences for murder here."

According to papers submitted to his failed House of Lords appeal, McKinnon was offered a plea bargaining deal featuring a sentence of between three and four years in jail, if he cooperated with the US authorities and dropped his opposition to extradition against eight to ten years behind bars in a high-security prison after a US trial. Lawyers acting for McKinnon said that this deal might not be binding, and expressed concerns that McKinnon might be prosecuted by a US military rather than civilian court.

McKinnon (AKA Solo) has always admitted that he broke into US government computer systems but denies causing any damage. Bevan said McKinnon has not had enough credit in admitting responsibility for his misdeeds.

"Under UK law we are supposed to be more lenient on criminals who admit their crimes and accept the consequences. In this case, the effect appears to be the opposite - plead guilty then wait for the consequences. In the meantime have your charges upgraded as new laws are introduced and applied retrospectively."

Supporters of McKinnon argue that the prosecution may yet blow up in their faces by placing the security shortcomings of US government systems under the microscope, especially if the case goes to trial. Sysadmins may be faced with awkward questions about why their systems were so easy to infiltrate. Even if such questions fail to arise at trial, they might spark unwelcome Congressional scrutiny.

Stars and prison stripes

Bevan said McKinnon can expect to be treated harshly by a US court, especially if (as expected) he is tried in Virginia.

"Virginia is not exactly the most friendly state to foreigners and somehow I do not think that someone who 'attacked the United States' is going to be treated that well," Bevan said, adding there was a "high chances of abuse, torture, rape and drug abuse" in US prisons.

McKinnon's supporters argue the case has wider political implications involving the UK's willingness to deport suspects to the US and Europe without requiring evidence to be presented. Bevan is also critical of the fast-track deportation system.

"Is this the new way forward for the UK justice system, to allow citizens to be removed from the country without any evidence having to be presented? To allow them to go to a penal system which allows torture and brutality of its inmates is a clear violation of his human rights."

McKinnon has shown clear signs of remorse, according to Bevan, yet this has not counted in his favour. Bevan predicts that the case sets a pattern for how the prosecution of other UK hackers accused of committing offences in the US will be treated - marking a permanent move away from local prosecution to extradition as the preferred route.

"It saddens me that the USA can remove our citizens without any prima facie evidence, yet we cannot do the same when we wish to prosecute one of their citizens. This always felt like one of the main test cases and I am sure that we will see more people being treated in this way - guilty or not makes no difference," Bevan told El Reg. "If you do not have to argue your case or can justify closed hearings based on 'national security', we are clearly moving deeper into a system of control and away from any kind of democracy."

"People talk about 'Don't do the crime if you can't do the time', but what if the crime did not have the consequences at the time that it has now? When he was doing what he was doing, the extradition laws were not made and hacking was not a terrorist offence."

McKinnon was recently diagnosed with Asperger syndrome. Bevan is sceptical whether this, and more especially his heavy use of marijuana while hacking, will be counted as mitigating by the US court system.

"People clearly forget to consider that Gary has Aspergers, was using huge quantities of skunk. Is this a person that was thinking clearly?"

"Do you think that he had any real comprehension of what he was doing? The internet is 'not real' to many people, it's just stuff that happens somewhere else. It is here that people can do things they would never normally do in the real world and do not see the correlation between online activities and real world consequences. Someone who is wasted on weed can suffer many mental effects of doing so. Here, this would be taken into consideration, but in the States, he could be looking at ten years on top of his sentence for committing a crime under the influence of drugs." ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
JLaw, Kate Upton exposed in celeb nude pics hack
100 women victimised as Apple iCloud accounts reportedly popped
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.