11:52 AM

Britain Declines To Prosecute Alleged NASA Hacker

After 10-year legal battle for allegedly hacking U.S. government computers in search of information on UFOs, British hacker Gary McKinnon is free.

The British government has declined to prosecute Gary McKinnon, 46, who had been accused of perpetrating "the biggest military computer hack of all time." As a result, more than a decade after the alleged crimes occurred, McKinnon is now a free man.

"I feel the 10 years have been grueling, it's been life-destroying. It's difficult to explain how bad it's been," McKinnon's mother, Janis Sharp, told The Guardian.

"To have this over is amazing. Gary's gone through enough," she said. "Other people have been accused of more serious hacking in this country and they've been given a 1,000-pound fine and a very short community sentence. Gary regrets what he's done. He wishes he hadn't done it. He wishes he hadn't upset the Americans. We all regret it. But I'm grateful to Theresa May that this is all over now."

Sharp said McKinnon's next step will be to seek a pardon from President Obama.

[ Operation Payback case highlights how U.S. and British hacker investigations differ. Read more at How U.K. Police Busted Anonymous Suspect. ]

McKinnon, who's been diagnosed with Asperger's syndrome and depression, was first arrested by U.K. police a decade ago for allegedly gaining unauthorized access to computers owned by the U.S. government, reportedly in search of evidence about UFOs. In 2004, the United States first sought his extradition, and in recent years, after McKinnon lost multiple appeals, it looked like he'd finally be extradited.

In October, however, British home secretary Theresa May, citing medical reports that McKinnon would be a suicide risk if he was extradited, said that Britain would not honor the extradition request. May also said that it would be up to the director of public prosecutions (DPP) to determine if a case against the alleged hacker should proceed in England and Wales.

Keir Starmer, the director of public prosecutions for the Crown Prosecution Service, and Mark Rowley, the assistant commissioner of the Metropolitan Police Service, in a joint statement released Friday, noted that it was unlikely that any prosecution of McKinnon in Britain would now succeed, especially because there's been no live investigation into his alleged crimes for many years. Notably, the U.S. Department of Justice, Metropolitan Police Service, and Crown Prosecution Service in 2002 jointly agreed that McKinnon should be tried not in Britain, but the United States, given that the required witnesses, and the vast majority of evidence, was located there.

"None of the reasons for the original decision in 2002 that the appropriate place for Mr. McKinnon to be tried was the United States have altered," said Starmer and Rowley. "So far as the evidence is concerned, the position in 2012 is the same as it was in 2002. Most of the witnesses are in the U.S., as is nearly all the physical evidence and the bulk of the unused material, some of which is sensitive."

Starmer and Rowley noted that the U.S. Department of Justice said it would cooperate with any U.K. investigation, but said that the related evidence-handling would be especially challenging. In addition, U.S. authorities said that they would only share some of the evidence, and not make every witness -- many are, or were, U.S. government employees -- available for a British trial.

McKinnon is far from the first hacker who's been indicted by U.S. authorities. Earlier this year, for example, alleged Anonymous and LulzSec participant Ryan Cleary was indicted by a Los Angeles federal grand jury on hacking charges. Unofficially, however, U.S. authorities have said they won't seek Cleary's extradition, most likely because he's already being prosecuted by authorities in Britain on charges of launching botnet-driven distributed denial-of-service (DDoS) attacks against the British Phonographic Industry website, as well as the United Kingdom's Serious Organized Crime Agency (SOCA) website.

More than half of federal agencies are saving money with cloud computing, but security, compatibility, and skills present huge problems, according to our survey. Also in the Cloud Business Case issue of InformationWeek Government: President Obama's record on IT strategy is long on vision but short on results. (Free registration required.)

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
User Rank: Ninja
12/23/2012 | 11:02:49 PM
re: Britain Declines To Prosecute Alleged NASA Hacker
This is kind of a kick on the face I would think. Oh poor Gary has gone through so much, then Gary shouldnGÇÖt have got caught trying to hack the US Government. I wonder how the British Government would feel if the shoe was on the other foot? Regardless of his intentions, meaning UFO information, does not make what he did a crime. By that rational a armed robber who is only committing the robbery because he/she needs to feed their family is ok because their intentions were good? Yeah ship him over here and let at the very least go through our court system at least out of common courtesy.
Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio