Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
A message this poor misunderstood fellow left on a machine: "US foreign policy is akin to government-sponsored terrorism these days? It was not a mistake that there was a huge security stand-down on September 11 last year...I am SOLO. I will continue to disrupt at the highest levels.
He accessed 93 computers over two years.
He rejected a plea bargain.
He has conveniently been diagnosed with Asperger's after his extradition order was issued and confirmed, allowing him to challenge his extradition on medical/humanitarian grounds.
If you piss off the Federal government while breaking laws AND refuse to cooperate once you've been caught red-handed, you pretty much deserve whatever you get.
I believe what the guy is saying is that if you leave your door wide open, then somebody comes in, walks around, then leaves without breaking or removing anything, can you claim damages of $300,000 because now you feel unsafe so you have to buy a new house and move? Then add on another $50,000 in damages for an ultrasecure new security system at your new home.
The first guy in the article is saying that it is unfair to claim damages when the only damage is that you had to install security. That somebody who breaks down your door and ransacks your home shouldn't be on equal footing with somebody who walks in your unlocked and open door and doesn't break anything.
He isn't going to get anywhere with his argument though. Europeans think the above sounds unfair. Here in America we believe more like the 2nd guy in the article who said:
'Professor Eugene Spafford, founder of the Center for Education and Research in Information Assurance and Security at Indiana's Purdue University, said the victim of a cybercrime should not take the blame. If someone broke a door to rob a store, he said, it was usual to charge them the cost of the door.'
Unless I passed over something while reading the article the damages they want paid are the cost of the audit. Not any upgrades, or cleanup, but just the audit.
Actually no. Am I missing something? The network was poorly secured before this guy showed up. That was already a problem, correct?
I doubt society is going to be able to have an intelligent discussion anytime soon on this topic...but I'll try anyways. The problem is making the analogies as tight as possible.
There certainly is such a thing as criminal trespassing, whether it is property (land) or a computer. When you use someone else's property in a manor they do not wish you too or without reasonable expectation that you have permission to use it, you're trespassing in the general sense. When you do it intentionally or with the intent of harming or promoting damage in some manor, it is now criminal trespassing.
Let's look at a land example. If you have ever been out hunting or hiking you should realize how difficult it can be to know exactly who's property you are on at times. GPS doesn't always work in the thickest of forests and property lines are not always clearly marked. In general, when these cases occur, society has determined that as long as you don't have criminal intent, it is unreasonable for the owner to chase you off with a shotgun or for the police to arrest you. You will be asked to leave the property ASAP and if you don't comply, then you are criminally trespassing. Also, when the property lines are clearly marked every 100ft or so with no trespassing signs (different states have different legal requirements) you are criminally trespassing. It was reasonable for you to know that you did not have permission to use the property, even if you only wanted to pass through or observe; i.e. no intention of causing harm.
Society hasn't really settled this question when it pertains to computers. In some cases it is clear, others it isn't. It is reasonable to assume that when I send a HTTP request to hardocp.com that I am allowed access to the information returned. What about an unsecured Wi-Fi access point? Unsecured FTP server? In some situations, it is obvious that the owner of the Wi-Fi didn't intend for me to access it, but there also those who leave access points open with the intention of sharing them. The problem is we don't have a universal, clear and agreed upon means of communicating to every passerby the intentions of the owner. If you look back at the land example, my state requires no trespassing signs and/or clear property boundaries (such as a fence). In the physical world, those things communicate the intentions of the owner to anyone who passes by. Some computer systems display the electronic equivalent of a no trespassing sign, others do not.
If the government can prove he had reasonable knowledge that this was a computer system he shouldn't have accessed (shouldn't be too hard) then he is guilty of criminal trespassing. If the hackers lawyer can prove that he didnt know he wasnt suppose to have access (should be near impossible) then he is guilty of trespassing, but not criminally so.
Another issue is that he installed(?) a remote application onto their servers. If you think through the land example, clearly he was criminally trespassing when he did this. You wouldn't like it if anyone made a copy of your house key to let themselves in while you aren't paying attention; regardless of their intentions. Adding your own application to access a server is clearly acknowledgement that you know you aren't suppose to be here.
However, the question needs answered as to what the limits of liability for criminal trespassing are. In the physical world, the fines/jail time are fairly limited so long as you don't cause damage or have the intent of causing damage. Ignoring no trespassing signs to take a hike through someones land, while illegal, doesn't open you up to the same liability as burning down their forest. Clearly the hacker didn't want to harm the governments computers (he may have inadvertently, just like hiking though someone's land might), but it wasn't his intent to cause harm. His intent was to misuse the governments property, but not necessarily to cause it harm. His legal liability should be less than the hacker who wants to get secrets for financial gain or to harm the government. Very different from being curious what is over there (probably the reason our hiker took the hike and ignored the signs...). Notice that regardless if you knew or not, whether your intentions were criminal or not, you are still liable for damages, but they are fairly limited.
Someone is sure to argue that accessing information you aren't intended to have is less like misuse and more like stealing and to a certain degree they are correct. Much in the same way we consider misusing your car as stealing it. There is a big difference between misusing an automobile and misusing land (reference the hiker who ignored the no trespassing signs). The hiker is guilty of criminal trespassing, but not stealing, while the auto-thief is. Why? One of the traditional interpretations of the requirements for something to be considered property is whether or not anothers use of it deprives you of the use. This applies to both land and the car. If someone builds a skyscraper on your land, you can't farm it at the same time. Clearly, if an auto-thief steals your car, you can not use it at the same time. However, the hiker is not guilty of stealing because while he may have misused your land (property), he did not deny your ability to use it too, unlike the auto-thief.
It should be apparent that this is the big problem with information/IP. Surely, misusing information could be construed as trespassing, but is it possible to truly steal something if you are not denied the use of it either? It is possible to create scenarios on both sides that would indicate this as stealing or not stealing. The real discussion is that the computer has created an anomaly in how society views/handles information/IP property because the marginal cost of a copy is now zero (we haven't really settled if IP can even be property yet). To answer this society really need to have a philosophical debate about the requirements of property and make sure we are applying them consistently across the board...good luck with that. This is the reason my state requires owners of land to post no trespassing signs before I can be guilty of criminal trespassing. They recognized that there was a disconnect. Someone could misuse anothers property unintentionally. So, in the absence of clear boundaries, they made it a requirement to post those signs. If there are no signs or clear boundaries, I am still trespassing on anothers land (regardless of intentions), but I am not criminally trespassing until I have reasonable knowledge that I shouldn't be there.
Keeping with the same example, it should be pretty obvious what the trespassers limits of liability are (criminal or otherwise; if it is criminal then they face additional state imposed penalties). If they cut your fence to get in, they are liable for the cost to fix it and any damages due to it being broken (such as your cattle getting out). However, they would not be liable for upgrades to your fence. If you wanted to build a 10ft concrete fence with surveillance capabilities in place of the basic post/wire fence you had, that is your cost, not the trespassers.
I think this hacker is liable for cleaning up his mess by restoring the servers to the governments original state. E.g. no remote access software, but not for them to upgrade their security. We dont have all the information, so perhaps they are only charging him for that. Given the way our government works, $700k isnt out of the question in fact he may be getting off cheap!
[Retaliation];1034657697 said:i shot u,but u were not wearing a bullet proof vest,not my fault u died.
exactly.
Hopefully this guy never leaves his car or house unlocked...
Different scales of importance yet a total lack of security to protect that importance?
I agree with the hacker here sorry.
You broke nothing, stole nothing yet are being fined to pay for something the government should have done anyways?
Should the hacker be punished? Of course.
Should he be forced to pay for the governments mistakes? Not on your life.
Topic covered enough said /\. I know it's long but sometimes valid thought takes more than a sentence so give it a read.
I concur. How many times have you been told that if the police can prove you didn't lock up your car then you can't have the insurance company pay for your negligence.
You are correct.
Ummm, no. (please see above quoted post)
I've never been told this. Hell, I'm not sure how the police could prove that, unless they were, in fact, responsible for the theft of the car or at least witnessed the break-in at close range.
The hacker did find crew names, ship names and manifests of an off world navy that he released on the internet. That part has been lost in the reporting of the story over time.
So I think that is the main damage that he caused.
If you take that info and put it with this info
http://www.examiner.com/examiner/x-...to-Mars-and-meeting-Martian-extraterrestrials
Watch the Robert Dean & Arthur Neumann: September 25, 2009 - European Exopolitics Summit video.
If people would stop arguing and look at the bigger picture, some just might wake up..
I see it as funny how this is 3 pages now and no one even touched on what he really did.
You guys realize he didn't hack anything? He logged into computers with BLANK passwords. BLANK PASSWORDS!!!!!!!!!!!!!!!!!!!
Regardless of him logging into these systems or not they need to be audited. He shouldn't be responsible of them dealing with the huge god damn mess that existed before he touched anything.
If he actually caused any damage make him pay. 'Hacking' into a system is one thing, and he'll get to go to jail for it or whatever. Everything else they're talking about is a huge joke.
I gotta side with the hacker here. Unless his actions directly caused some loss of data or physical damage to hardware this is just stupid. If anything they should be happy they didn't have to pay a security consultant to find out their security blows.
I see it as funny how this is 3 pages now and no one even touched on what he really did.
I concur. How many times have you been told that if the police can prove you didn't lock up your car then you can't have the insurance company pay for your negligence.
Obama needs another tool bag to fuck the country up. I think you should go help.
So your straw man argument is cool, but mine isn't?
Must be part of that whole anti-American bigotry thing going on.
You posted the Team America shit crap, so dont play coy.
Look, had numbnuts NOT broken into government computers...NONE of this would be an issue.
Correct?
Unless I passed over something while reading the article the damages they want paid are the cost of the audit. Not any upgrades, or cleanup, but just the audit.
Gunderwood: a well written post.
You are correct.
Ummm, no. (please see above quoted post)
By the way, please don't let me ever leave my home / condo / apartment / business / vehicle unlocked around all you guys that think this is "okay."
Ironically, we live in a country where someone who breaks into your home (even if they don't take anything) can be legally shot in the head...on the spot. The sad part is, I know for a fact that 98% of the people defending this guy would shit their pants if he broke into their house (but didn't take anything) looking through your stuff for UFOs. Would you want to hang out with, or be friends with, someone that doesn't have a problem with that?
Think about it, even though you had to clean up after the guy that broke into your home, you had to change your locks, take time off of work to go through your entire house checking for missing items, put a lock on your credit and other financial information because he had access to all of it, get new cards issued, go through your family photos, private and intimate belongings....so on and so forth....You'd still defend this guy...even after he says "fuck you, they can't do shit to me" ?
I doubt it.
Couple of ways I can think of, No broken window, no scratches on paint , no punched in lock, no busted steering column or punched out key lock on the column, shall I go on.
Entering a computer system you dont have permission to enter is a crime.
He is trying to get out of serving jail time for the crime he commited. He's using his "medical" condition as an excuse. Right now he is probably scared shitless and will say/do anything to avoid punishment.
So you want him extra ruined with excessive and unacceptable punishments that shouldn't even apply to him, simply because you don't like him? All the while completely ignoring the Governments extreme negligence and responsibility for such despicable levels of security? Good thing you aren't a lawmaker or a judge.The reason people can't stand the guy is because they HAVE been following him for the last 7 years right here on the [H]. What started out as comical (the UFO stuff) is now downright retarded.
The guy has given dozens of interviews with dozens of version of his story, every single time the story changes.
At first he was a 1337 hax0r. Then he used a perl script. Then he was high and accidentally did it. Then he used shareware.
First it was "Fuck the USA, they can't do shit to me." Then it was "The U.S. will send me to Guantanamo." Then it was a human rights violation. Then it was "I have Asperger's"
According to the charges, McKinnon deleted hundreds of users, thousands of files and complete hard drives on machines containing sensitive government projects (which he has admitted to).
This is all old hat, the guy was offered a deal 5 years ago and turned it down. Now he is getting the book thrown at him and has lost every appeal he has filed.
All the people saying "he didn't do any harm" haven't bothered to even read what McKinnon HIMSELF claims to have done.
All this and we didn't even get a picture of the UFO or anything out of this guy.
Does it really matter if he is a lying douche bag? Justice is about punishing people for what they have done, not who they are.
Dont bother aruging with Kristoff. He doesn't make points, hes not interested in discussing facts, only beating you down with sheer volume of verbage.
Kristoff casts *Wall of Text* - crits for 120,938,391,012 points of damage.
The real reason the USA wants to extradite him, is to be able to interrogate him on USA soil, maybe even try some water boarding to get him to cough up some info simple and clear. This guy has knowledge that can help in the security of their systems, and of course where he tripped around. Then put him somewhere and forget about him.
Meh. He is jelous. I would be too if I was not an American. This hacker is getting what he deserves, fuck him. I like what some earlier said about water boarding him. Should be amusing.
Couple of ways I can think of, No broken window, no scratches on paint , no punched in lock, no busted steering column or punched out key lock on the column, shall I go on.