11:52 AM

Britain Declines To Prosecute Alleged NASA Hacker

After 10-year legal battle for allegedly hacking U.S. government computers in search of information on UFOs, British hacker Gary McKinnon is free.

The British government has declined to prosecute Gary McKinnon, 46, who had been accused of perpetrating "the biggest military computer hack of all time." As a result, more than a decade after the alleged crimes occurred, McKinnon is now a free man.

"I feel the 10 years have been grueling, it's been life-destroying. It's difficult to explain how bad it's been," McKinnon's mother, Janis Sharp, told The Guardian.

"To have this over is amazing. Gary's gone through enough," she said. "Other people have been accused of more serious hacking in this country and they've been given a 1,000-pound fine and a very short community sentence. Gary regrets what he's done. He wishes he hadn't done it. He wishes he hadn't upset the Americans. We all regret it. But I'm grateful to Theresa May that this is all over now."

Sharp said McKinnon's next step will be to seek a pardon from President Obama.

[ Operation Payback case highlights how U.S. and British hacker investigations differ. Read more at How U.K. Police Busted Anonymous Suspect. ]

McKinnon, who's been diagnosed with Asperger's syndrome and depression, was first arrested by U.K. police a decade ago for allegedly gaining unauthorized access to computers owned by the U.S. government, reportedly in search of evidence about UFOs. In 2004, the United States first sought his extradition, and in recent years, after McKinnon lost multiple appeals, it looked like he'd finally be extradited.

In October, however, British home secretary Theresa May, citing medical reports that McKinnon would be a suicide risk if he was extradited, said that Britain would not honor the extradition request. May also said that it would be up to the director of public prosecutions (DPP) to determine if a case against the alleged hacker should proceed in England and Wales.

Keir Starmer, the director of public prosecutions for the Crown Prosecution Service, and Mark Rowley, the assistant commissioner of the Metropolitan Police Service, in a joint statement released Friday, noted that it was unlikely that any prosecution of McKinnon in Britain would now succeed, especially because there's been no live investigation into his alleged crimes for many years. Notably, the U.S. Department of Justice, Metropolitan Police Service, and Crown Prosecution Service in 2002 jointly agreed that McKinnon should be tried not in Britain, but the United States, given that the required witnesses, and the vast majority of evidence, was located there.

"None of the reasons for the original decision in 2002 that the appropriate place for Mr. McKinnon to be tried was the United States have altered," said Starmer and Rowley. "So far as the evidence is concerned, the position in 2012 is the same as it was in 2002. Most of the witnesses are in the U.S., as is nearly all the physical evidence and the bulk of the unused material, some of which is sensitive."

Starmer and Rowley noted that the U.S. Department of Justice said it would cooperate with any U.K. investigation, but said that the related evidence-handling would be especially challenging. In addition, U.S. authorities said that they would only share some of the evidence, and not make every witness -- many are, or were, U.S. government employees -- available for a British trial.

McKinnon is far from the first hacker who's been indicted by U.S. authorities. Earlier this year, for example, alleged Anonymous and LulzSec participant Ryan Cleary was indicted by a Los Angeles federal grand jury on hacking charges. Unofficially, however, U.S. authorities have said they won't seek Cleary's extradition, most likely because he's already being prosecuted by authorities in Britain on charges of launching botnet-driven distributed denial-of-service (DDoS) attacks against the British Phonographic Industry website, as well as the United Kingdom's Serious Organized Crime Agency (SOCA) website.

More than half of federal agencies are saving money with cloud computing, but security, compatibility, and skills present huge problems, according to our survey. Also in the Cloud Business Case issue of InformationWeek Government: President Obama's record on IT strategy is long on vision but short on results. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
12/23/2012 | 11:02:49 PM
re: Britain Declines To Prosecute Alleged NASA Hacker
This is kind of a kick on the face I would think. Oh poor Gary has gone through so much, then Gary shouldnGÇÖt have got caught trying to hack the US Government. I wonder how the British Government would feel if the shoe was on the other foot? Regardless of his intentions, meaning UFO information, does not make what he did a crime. By that rational a armed robber who is only committing the robbery because he/she needs to feed their family is ok because their intentions were good? Yeah ship him over here and let at the very least go through our court system at least out of common courtesy.
Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-09
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.

Published: 2015-10-09
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.

Published: 2015-10-09
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

Published: 2015-10-09
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

Published: 2015-10-09
The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.