Attacks/Breaches
12/17/2012
11:52 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Britain Declines To Prosecute Alleged NASA Hacker

After 10-year legal battle for allegedly hacking U.S. government computers in search of information on UFOs, British hacker Gary McKinnon is free.

The British government has declined to prosecute Gary McKinnon, 46, who had been accused of perpetrating "the biggest military computer hack of all time." As a result, more than a decade after the alleged crimes occurred, McKinnon is now a free man.

"I feel the 10 years have been grueling, it's been life-destroying. It's difficult to explain how bad it's been," McKinnon's mother, Janis Sharp, told The Guardian.

"To have this over is amazing. Gary's gone through enough," she said. "Other people have been accused of more serious hacking in this country and they've been given a 1,000-pound fine and a very short community sentence. Gary regrets what he's done. He wishes he hadn't done it. He wishes he hadn't upset the Americans. We all regret it. But I'm grateful to Theresa May that this is all over now."

Sharp said McKinnon's next step will be to seek a pardon from President Obama.

[ Operation Payback case highlights how U.S. and British hacker investigations differ. Read more at How U.K. Police Busted Anonymous Suspect. ]

McKinnon, who's been diagnosed with Asperger's syndrome and depression, was first arrested by U.K. police a decade ago for allegedly gaining unauthorized access to computers owned by the U.S. government, reportedly in search of evidence about UFOs. In 2004, the United States first sought his extradition, and in recent years, after McKinnon lost multiple appeals, it looked like he'd finally be extradited.

In October, however, British home secretary Theresa May, citing medical reports that McKinnon would be a suicide risk if he was extradited, said that Britain would not honor the extradition request. May also said that it would be up to the director of public prosecutions (DPP) to determine if a case against the alleged hacker should proceed in England and Wales.

Keir Starmer, the director of public prosecutions for the Crown Prosecution Service, and Mark Rowley, the assistant commissioner of the Metropolitan Police Service, in a joint statement released Friday, noted that it was unlikely that any prosecution of McKinnon in Britain would now succeed, especially because there's been no live investigation into his alleged crimes for many years. Notably, the U.S. Department of Justice, Metropolitan Police Service, and Crown Prosecution Service in 2002 jointly agreed that McKinnon should be tried not in Britain, but the United States, given that the required witnesses, and the vast majority of evidence, was located there.

"None of the reasons for the original decision in 2002 that the appropriate place for Mr. McKinnon to be tried was the United States have altered," said Starmer and Rowley. "So far as the evidence is concerned, the position in 2012 is the same as it was in 2002. Most of the witnesses are in the U.S., as is nearly all the physical evidence and the bulk of the unused material, some of which is sensitive."

Starmer and Rowley noted that the U.S. Department of Justice said it would cooperate with any U.K. investigation, but said that the related evidence-handling would be especially challenging. In addition, U.S. authorities said that they would only share some of the evidence, and not make every witness -- many are, or were, U.S. government employees -- available for a British trial.

McKinnon is far from the first hacker who's been indicted by U.S. authorities. Earlier this year, for example, alleged Anonymous and LulzSec participant Ryan Cleary was indicted by a Los Angeles federal grand jury on hacking charges. Unofficially, however, U.S. authorities have said they won't seek Cleary's extradition, most likely because he's already being prosecuted by authorities in Britain on charges of launching botnet-driven distributed denial-of-service (DDoS) attacks against the British Phonographic Industry website, as well as the United Kingdom's Serious Organized Crime Agency (SOCA) website.

More than half of federal agencies are saving money with cloud computing, but security, compatibility, and skills present huge problems, according to our survey. Also in the Cloud Business Case issue of InformationWeek Government: President Obama's record on IT strategy is long on vision but short on results. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Apprentice
12/23/2012 | 11:02:49 PM
re: Britain Declines To Prosecute Alleged NASA Hacker
This is kind of a kick on the face I would think. Oh poor Gary has gone through so much, then Gary shouldnGÇÖt have got caught trying to hack the US Government. I wonder how the British Government would feel if the shoe was on the other foot? Regardless of his intentions, meaning UFO information, does not make what he did a crime. By that rational a armed robber who is only committing the robbery because he/she needs to feed their family is ok because their intentions were good? Yeah ship him over here and let at the very least go through our court system at least out of common courtesy.
Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2008-3277
Published: 2014-04-15
Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse p...

CVE-2010-2236
Published: 2014-04-15
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, rela...

CVE-2011-3628
Published: 2014-04-15
Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.0...

CVE-2012-0214
Published: 2014-04-15
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user fro...

CVE-2013-4768
Published: 2014-04-15
The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC), (2) Walrus, (3) Storage Controller (SC), and (4) VMware Broker (VB).

Best of the Web