McKinnon vs UK.gov Spot the party with the mental health issues…

So, another week passes, and the seemingly inevitable extradition of Gary McKinnon moves ever closer.

For those who have been following the case, you have to believe that this is nothing to do with hacking US military networks, and everything to do with being a showcase trial.

Over the past 7 years, McKinnon has consistently admitted the unauthorised entry into US government and military networks to search for evidence of alien technology that could solve the energy crisis.

Hardly the work of a hardcore spy. In fact, more like something that might be done by a 40 year old sysadmin with Aspergers Syndrome, an over-active imagination and a fan of the X-Files. All of which, funnily enough, describe McKinnon perfectly.

Let’s be perfectly clear here. This is described by the US authorities as “the biggest military hack of all time.” Well if that really IS the case, if I were in a position of securing the US IT military infrastructure, I’d be bloody terrified, to put it mildly. Are you seriously suggesting that a single 40 year old man in a bedroom in the UK (the US closest ally), armed with a couple of Perl scripts could steal the keys to the kingdom? So what about the Chinese?

To give you an example of the kind of dangerous misunderstanding that pervades politicians minds, let’s not forget about the huge DoS attack that took place about a month or so ago, which took out large parts of South Korea’s systems. Most readers of this blog will know that DDoS attacks simply cannot be put down to a single point of origin – that’s why they’re called “distributed”. Unfortunately, a combination of ignorance and over-excitability led one US Congressman to the conclusion that because the attack was directed against South Korea, it MUST have originated in North Korea, and that the US should immediately take steps to defend themselves, because they could well be the next target and have vital infrastructure disabled.

It’s this kind of dangerous, woolly-thinking ignorance that simply HAS to be behind McKinnon’s predicament. How else can there be any other justification for extradition to the US?

Let’s also make one other thing clear – the cost of this attack. The US are claiming that $800,000 (£487,000)worth of damage was done. I’m sorry, but I simply can’t see how this can possibly be true. Sure, there’s the cost of auditing what was compromised and fixing it, but if you’d spent  that money in the first place and didn’t have such shoddy security arrangements, the whole sorry tale could have easily been avoided. Equally, I fail to understand how simply reading some files from a network can cause the levels of damage that the US are claiming.

I’m sorry if I sound like I’m condoning what McKinnon did; I’m not. As a computer security professional, it’s my job to stop attacks like this happening. It is quite clear that what McKinnon did, breached acceptable computer usage laws, both here in the UK and in the US. McKinnon himself freely admits as much.  In a recent survey for computer security firm Sophos, 71% of IT professionals believe that the treatment of McKinnon is way out of proportion to what he did. And these are the very same people tasked with keeping people like McKinnon out of the systems they are responsible for.

I don’t want to get into a political debate about the current credit crisis, but I notice no charges have been brought against reckless actions by banks ,nor against individual traders. Even the Natwest Three, when extradited to the US, were granted bail to return to the UK. McKinnon faces a potential 70 years in a US jail – condemning him to the rest of his life behind bars.

I’m worried, but not shocked, that the UK government has decided to press ahead with this. Despite the support of nearly the entire UK IT industry, high profile celebrities such as Pink Floyd’s David Gilmour, and even the Daily Mail, the Home Office are clearly determined to press ahead with this case.  After all, nearly a million people protested against the war in Iraq – in person – for all the good it did them.

The UK government does itself no favours in this case. It is quite willing to hand over a UK citizen with a diagnosed mental illness to the US authorities, but refuses to deport the convicted murderer of the headmaster Philip Lawrence back to Italy.  Can you imagine the US authorities hanging its own citizens out to dry like that?

The UK Home Secretary who started the whole sorry affair, David Blunkett, now says he wishes he hadn’t started it. And his successor, “Wacky” Jacqui Smith, who continued to allow the extradition procedure, recently said she felt she was out of her depth in the job.

And yet, despite all of the public anger over the proposed UK ID card scheme, the present holder of the post of Home Secretary, Alan Johnson,  yesterday described the actions carried out by himself and his two predecessors as a “No brainer.”

And for the first time ever, I completely agree with them.

August 2, 2009 - Posted by paulg1973 | Uncategorized