Bringing McKinnon to Justice
I wanted to talk a bit about the ethics behind what happened to and how the US government responded to one of the largest millitary computer hacks of all time. Gary McKinnon, a systems administrator from Scotland, for several years before during and after the September 11th attacks was hacking into hundreds of computers at different millitary bases and NASA. After being caught in 2002 at his girlfriends aunts house, the charges brought against him looked like that of a carefully planned and well implemented attack against the US Millitary. Some interviews with McKinnon and evidence showed by his lawyers argued that this was not the case. McKinnon’s attack was simply running a perl script which tied together several scripts that checked for blank administrator passwords. In computers that did not have their passwords set he would remote into and take over the users screen. He would snoop around and try to find files that related to free energy or UFO cover ups. The crazy thing about it was how open he was about all of it. Although he said in several interviews he was very quiet about how he acted, his methods were not very discrete at all. They involved taking control of the computers somtimes at night, but often times while they were in use. He even discussed that one time he had a conversation in word pad and pretended to be a security person for the institution the computer was located at in this youtube interview.
So after all of this lets discuss what exactly did McKinnon do wrong? Remoting into a computer with unauthorized access is against the law. He never denied this in any of his interviews. Beyond this what did he do? The charges brought against him say he did upwards of 5000 dollars damage on every machine he got into. The US authorities said the grand total of damges he did was around 700,000 dollars.
Whether or not this is true there is another problem that I believe is a bigger issue here. There were high level security computers here that did not have an administrative password set. This was an institution wide problem that was an enormous security problem at the time. Granted it was 2002 and computer security has changed drastically since then, but I would argue it is practices like these in government that is the bigger problem. Think about what someone who really knew what they were doing could have done with free access to thousands of computers like that. Instead of spending the money and getting the resources to fix these problems, people like McKinnon are on trial as an example. No one wants to believe someone with his credentials was able to remote into high level security computers for years going unnoticed. Changing this arguement into what should be done as his criminal penalty is avoiding the issue of extremely poor security measures used for such high levels of government.
This case has many other issues in it such as where McKinnon should have his court hearing. Since he was in England should he be on trial there or in the US where the crime took place? I think that all of these questions should not be the focus of this case. High level government institutions need to be responsible for the protection of their own information. It is not considered justice to send one person to prison for years of his life if all the doors to the house were left open.