Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [inbox] Re: Supporters urge halt to hacker's, extradition to US
From: "James Matthews" <nytrokiss () gmail com>
Date: Sun, 28 Sep 2008 22:19:55 -0700

7 :p

On Sun, Sep 28, 2008 at 10:15 PM, rholgstad <rholgstad () gmail com> wrote:

thanks for this amazing insight. you must be a 5 time cissp

James Matthews wrote:

When you break into a system using an exploit there is a chance that the
shellcode will crash the system.

On Sun, Sep 28, 2008 at 11:03 AM, Exibar <exibar () thelair com <mailto:
exibar () thelair com>> wrote:

    McKinnon did cause damage:

   "The charges include one incident - shortly after the attacks on
   September
   11 2001 - which brought down a network of 300 computers at the
   Earle naval
   weapons station. Another raid apparently left 2,000 government
   machines in
   Washington inoperable."
   http://www.guardian.co.uk/technology/2006/apr/28/hacking.security

    A message left by him on a system:

   "As part of his quest he left this message on an Army computer in
   2002:
   "U.S. foreign policy is akin to government-sponsored terrorism these
   days.... It was not a mistake that there was a huge security stand
   down on
   September 11 last year ... I am SOLO. I will continue to disrupt
   at the
   highest levels."
   http://blog.wired.com/27bstroke6/2008/08/uk-hacker-gary.html  (and
   many
   other sources with the same message)

    Sure sounds like a criminal that knows what he's doing, and is
   doing it
   willfully, doesn't it?

    Oh yah, and he's really only facing a fine and up to 10 years of
   prison
   time in the US...  I guess things really are different translating
   to the
   metric system in the UK...
    http://www.fortlewismwr.com/Computer_Fraud_Abuse_Act.htm

    Wondering what the maximum term in the UK is for the same crime?
    Hold on
   to your seat...
   LIFE IN PRISON (see next paragraph)

   "As the Divisional Court itself pointed out (at para 34), the
   gravity of the
   offences alleged against the appellant should not be understated: the
   equivalent domestic offences include an offence under section 12
   of the
   Aviation and Maritime Security Act 1990 for which the maximum
   sentence is
   life imprisonment."

http://www.publications.parliament.uk/pa/ld200708/ldjudgmt/jd080730/mckinn-1
   .htm
   <
http://www.publications.parliament.uk/pa/ld200708/ldjudgmt/jd080730/mckinn-1.htm

     That link is a link to the very court brief itself on McKinnin's
   appeal
   in the UK...

     McKinnon should face the charges of computer crime that he's
   facing.  He
   should, and will, be tried, either in the US or in the UK.  But,
   keep in
   mind that it is the UK that will extradite him, and it is the UK
   that has
   ruled that he *should* be extradited for his crimes....


   Ok, I'm done now :-)

    Exibar


   -----Original Message-----
   From: full-disclosure-bounces () lists grok org uk
   <mailto:full-disclosure-bounces () lists grok org uk>
   [mailto:full-disclosure-bounces () lists grok org uk
   <mailto:full-disclosure-bounces () lists grok org uk>] On Behalf Of
   Kyrian
   Sent: Sunday, September 28, 2008 7:31 AM
   To: full-disclosure () lists grok org uk
   <mailto:full-disclosure () lists grok org uk>
   Subject: [inbox] Re: [Full-disclosure] Supporters urge halt to
   hacker's,extradition to US

   full-disclosure-request () lists grok org uk
   <mailto:full-disclosure-request () lists grok org uk> wrote:
   >> "American officials involved in this case have stated that they
   want
   >> to see him 'fry'."-- BBC.
   >>
   [IANAL, correct me if I'm wrong, etc, but...]

   Yes, that's a large part of the problem.

   That courts *can* be bought (usually indirectly via already-bought
   officials, or more nasty methods), and that government officials have
   said the above makes it worse still.

   The thought that US law was apparently changed from requiring
   damage to
   systems to get a conviction to not requiring such damage, very
   recently,
   is another problem.

   The fact that neither the US or the UK (as far as I'm aware) actually
   has a sane enough legal framework for this sort of thing, or enough
   police (anyonewho's dealt with the UK's former "High Tech Crime Unit"
   will know this), judges (there are many examples of judges being
   "out of
   touch" in their rulings), etc. who are actually aware enough of the
   underlying technology to deal with it sensibly is another.

   I agree with whoever said that people should be extradited to the
   country in which they caused damage, but not under circumstances like
   these, and not when there is no agreed standard of law between the
   country the person would be extradited from, and the one they
   would go to.

   In the UK it still requires damage to be done for it to be a criminal
   offense, and that does not seem set to change.

   That it is possible to cause damage to (badly managed) systems by
   doing
   absolutely nothing in a lot of circumstances (as I am finding right
   now), that logs can be faked, and that the dividing line between
   probes
   versus actual hacking attempts is at times a very narrow one, there is
   plenty of reason not to agree extradite Gary.

   That he's "autistic" is probably neither here nor there, I'm
   afraid, as
   it seems to be very common for people involved in computing the be
   somewhere high on the autistic spectrum (even if they are not
   'officially' autistic). I have taken the test. I'm not telling, but I
   know what I'm talking about.

   So, I shall be there, I won't be shouting or chanting, but I will be
   there. I hope that the event is not hijacked by another purpose, and
   that I do not get shot by the armed police at the US Embassy there (it
   is a scarey looking place, which puts me on edge whenever I'm near).
   Strangely I also find myself wondering if the staff there are
   paying the
   London congestion charge yet, rather than ignoring it...?

   Just my 2c, or so.

   K.

   --
   Kev Green, aka Kyrian. E: kyrian&#64;ore.org <http://ore.org> WWW:
   http://kyrian.ore.org/
   Linux/Security <http://kyrian.ore.org/Linux/Security>
   Contractor/LAMP Coder/ISP, via http://www.orenet.co.uk/
                   DJ via http://www.hellnoise.co.uk/

   _______________________________________________
   Full-Disclosure - We believe in it.
   Charter: http://lists.grok.org.uk/full-disclosure-charter.html
   Hosted and sponsored by Secunia - http://secunia.com/

   _______________________________________________
   Full-Disclosure - We believe in it.
   Charter: http://lists.grok.org.uk/full-disclosure-charter.html
   Hosted and sponsored by Secunia - http://secunia.com/




--
http://www.goldwatches.com/

http://www.jewelerslounge.com/
------------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





-- 
http://www.goldwatches.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault