Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [inbox] Re: Supporters urge halt to hacker's, extradition to US
From: rholgstad <rholgstad () gmail com>
Date: Mon, 29 Sep 2008 00:15:19 -0500

thanks for this amazing insight. you must be a 5 time cissp

James Matthews wrote:
When you break into a system using an exploit there is a chance that 
the shellcode will crash the system.

On Sun, Sep 28, 2008 at 11:03 AM, Exibar <exibar () thelair com 
<mailto:exibar () thelair com>> wrote:

     McKinnon did cause damage:

    "The charges include one incident - shortly after the attacks on
    September
    11 2001 - which brought down a network of 300 computers at the
    Earle naval
    weapons station. Another raid apparently left 2,000 government
    machines in
    Washington inoperable."
    http://www.guardian.co.uk/technology/2006/apr/28/hacking.security

     A message left by him on a system:

    "As part of his quest he left this message on an Army computer in
    2002:
    "U.S. foreign policy is akin to government-sponsored terrorism these
    days.... It was not a mistake that there was a huge security stand
    down on
    September 11 last year ... I am SOLO. I will continue to disrupt
    at the
    highest levels."
    http://blog.wired.com/27bstroke6/2008/08/uk-hacker-gary.html  (and
    many
    other sources with the same message)

     Sure sounds like a criminal that knows what he's doing, and is
    doing it
    willfully, doesn't it?

     Oh yah, and he's really only facing a fine and up to 10 years of
    prison
    time in the US...  I guess things really are different translating
    to the
    metric system in the UK...
     http://www.fortlewismwr.com/Computer_Fraud_Abuse_Act.htm

     Wondering what the maximum term in the UK is for the same crime?
     Hold on
    to your seat...
    LIFE IN PRISON (see next paragraph)

    "As the Divisional Court itself pointed out (at para 34), the
    gravity of the
    offences alleged against the appellant should not be understated: the
    equivalent domestic offences include an offence under section 12
    of the
    Aviation and Maritime Security Act 1990 for which the maximum
    sentence is
    life imprisonment."
    http://www.publications.parliament.uk/pa/ld200708/ldjudgmt/jd080730/mckinn-1
    .htm
    <http://www.publications.parliament.uk/pa/ld200708/ldjudgmt/jd080730/mckinn-1.htm>
      That link is a link to the very court brief itself on McKinnin's
    appeal
    in the UK...

      McKinnon should face the charges of computer crime that he's
    facing.  He
    should, and will, be tried, either in the US or in the UK.  But,
    keep in
    mind that it is the UK that will extradite him, and it is the UK
    that has
    ruled that he *should* be extradited for his crimes....


    Ok, I'm done now :-)

     Exibar


    -----Original Message-----
    From: full-disclosure-bounces () lists grok org uk
    <mailto:full-disclosure-bounces () lists grok org uk>
    [mailto:full-disclosure-bounces () lists grok org uk
    <mailto:full-disclosure-bounces () lists grok org uk>] On Behalf Of
    Kyrian
    Sent: Sunday, September 28, 2008 7:31 AM
    To: full-disclosure () lists grok org uk
    <mailto:full-disclosure () lists grok org uk>
    Subject: [inbox] Re: [Full-disclosure] Supporters urge halt to
    hacker's,extradition to US

    full-disclosure-request () lists grok org uk
    <mailto:full-disclosure-request () lists grok org uk> wrote:
    >> "American officials involved in this case have stated that they
    want
    >> to see him 'fry'."-- BBC.
    >>
    [IANAL, correct me if I'm wrong, etc, but...]

    Yes, that's a large part of the problem.

    That courts *can* be bought (usually indirectly via already-bought
    officials, or more nasty methods), and that government officials have
    said the above makes it worse still.

    The thought that US law was apparently changed from requiring
    damage to
    systems to get a conviction to not requiring such damage, very
    recently,
    is another problem.

    The fact that neither the US or the UK (as far as I'm aware) actually
    has a sane enough legal framework for this sort of thing, or enough
    police (anyonewho's dealt with the UK's former "High Tech Crime Unit"
    will know this), judges (there are many examples of judges being
    "out of
    touch" in their rulings), etc. who are actually aware enough of the
    underlying technology to deal with it sensibly is another.

    I agree with whoever said that people should be extradited to the
    country in which they caused damage, but not under circumstances like
    these, and not when there is no agreed standard of law between the
    country the person would be extradited from, and the one they
    would go to.

    In the UK it still requires damage to be done for it to be a criminal
    offense, and that does not seem set to change.

    That it is possible to cause damage to (badly managed) systems by
    doing
    absolutely nothing in a lot of circumstances (as I am finding right
    now), that logs can be faked, and that the dividing line between
    probes
    versus actual hacking attempts is at times a very narrow one, there is
    plenty of reason not to agree extradite Gary.

    That he's "autistic" is probably neither here nor there, I'm
    afraid, as
    it seems to be very common for people involved in computing the be
    somewhere high on the autistic spectrum (even if they are not
    'officially' autistic). I have taken the test. I'm not telling, but I
    know what I'm talking about.

    So, I shall be there, I won't be shouting or chanting, but I will be
    there. I hope that the event is not hijacked by another purpose, and
    that I do not get shot by the armed police at the US Embassy there (it
    is a scarey looking place, which puts me on edge whenever I'm near).
    Strangely I also find myself wondering if the staff there are
    paying the
    London congestion charge yet, rather than ignoring it...?

    Just my 2c, or so.

    K.

    --
    Kev Green, aka Kyrian. E: kyrian&#64;ore.org <http://ore.org> WWW:
    http://kyrian.ore.org/
    Linux/Security <http://kyrian.ore.org/Linux/Security>
    Contractor/LAMP Coder/ISP, via http://www.orenet.co.uk/
                    DJ via http://www.hellnoise.co.uk/

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/




-- 
http://www.goldwatches.com/

http://www.jewelerslounge.com/
------------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault