Clifford Stohl’s book 'The Cuckoo’s Egg' was an enthralling account of the hunt for German hacker Markus Hess. The best known of the early US hackers was Kevin Mitnick who was caught 20 years ago.
After his capture and subsequent jail time Mitnick these days is a poacher turned gamekeeper, working as a security consultant. (There’s an interview with Mitnick in the August issue of 'CIO New Zealand'.)
Back then Mitnick and other hackers were in it for the fun and bragging rights. However, many hackers now are somewhat more malicious and criminal in their efforts. And, of course, computer security is a multi-million dollar business, from the software and firewalls protecting individual PCs through to enterprise systems, along with the numerous specialist consultants.
Hacking by governments - state-sponsored cybercrime - is also on the rise with claims of China and Germany having been involved in recent hacking attempts on foreign government computer systems. If they are hacking you can bet your motherboard other countries are at it in some way shape or form.
This makes the looming extradition of British hacker Gary McKinnon such a surprise, following the British House of Lords sanctioning his removal to the United States to face criminal charges.
Six years ago McKinnon successfully broke into US military computers and NASA computers to try and find suppressed evidence of UFOs.
Clearly McKinnon is a bright guy who knows how to work a computer, though his belief in UFOs is rather worrying.
He could well be the first person set to be extradited to the US for computer-related crimes where he faces up to 60 years in prison.
Yet, computer hacking has been going on for 25-plus years and would anyone dare say that there have been no serious attempts in the past to hack into US military computers. I’m sure a few governments and fanatical religious organisations hostile to the US would have certainly had a go recently.
So why McKinnon? To me he’s just the fall guy and, crucially, a ‘soft’ target.
His real misfortune is to be a British hacker. I don’t think the US government would dare try this ‘stunt’ if he had been an European. Just imagine if the US went after a German, Italian, Russian etc. hacker, demanding that they be turned over to the US justice system.
His last appeal to prevent extradition is to the European Court of Human Rights. I’d suggest a different tack to his lawyers.
Get him Russian citizenship.
McKinnon is looking at some hard-time in prison for causing US$700,000 damage - and more particularly showing how weak US Department of Defence IT security was at the time of the offence. Given the rise of state-sponsored cybercrime since his hacking, you would think the US Government would be grateful that a person with such benign intentions alerted them to their not-very-good security.
His possible sentence on conviction differs markedly from the recent case of the hacker Owen Walker here in New Zealand, who wrote software that created his own advanced bot programming code. Although not considered cutting edge by security experts, it was on the whole effective.
Walker was ordered to pay NZ$9526 in reparations for damage caused to the University of Pennsylvania in the US and $5000 in costs. He certainly got off lightly by US standards.
But come on - a possible 60 years in prison for McKinnon showing up the US Department of Defence and NASA as being dim bulbs when it comes to IT security six years ago!
The House of Lords should have considered the issue of fair play in regards to allowing his extradition. Sixty years is a maximum, let’s say 20, 10, maybe five years. Really, five years in a US prison because you embarrassed NASA and the Department of Defence?
If McKinnon ends up before a US court, I don’t think the sentence handed down to him will in any way fit the severity of the crime. The House of Lords, and other British judicial institutions that have ‘fitted up’ McKinnon, should have considered whether justice will truly be served by handing him over to the US.
