US Govt Pursue UK hacker

**Rodion Romanovich** · 05-10-2006, 15:49

I don't think you're too ignorant about how computer networking works to be able to understand that the parable with the burglary isn't relevant to this situation. Read my post above, it was probably registered as edited after you posted your response. I explain it again:

In computers it's not the same as doing burglary because the door was left unlocked, because you can end up accessing networks you didn't intend to depending on how you get the reference to them. For instance you might google and find a subpage within a site. On the front page it says "access denied", but on the subpage it doesn't say so. Have you committed a crime then? No. Similarly you might bookmark and often visit that subpage, without ever finding out the main page said "access denied". For purposes of legal security the principle is that anything you can access without being asked for a password is free to visit.

Again, no matter if this guy is considered guilty or not, those responsible for the computer security of the network are guilty of a very serious crime in not hiring proper experts at computer security to protect networks containing research for millions of dollars. It's their responsibility to their nation. I guess they just spent that budget on champagne and russian caviar representation parties. Well, in any case, no matter the guilt of the British guy, they should be tried in court for such behavior, to see if they really did hire any experts, as is their responsibility.

**Joker85** · 05-10-2006, 15:57

Originally Posted by LegioXXXUlpiaVictrix

Well, in any case, no matter the guilt of the British guy, they should be tried in court for such behavior, to see if they really did hire any experts, as is their responsibility.

Well I believe that if the security is found to be as weak as this man claims, then the person who was responsible for ensuring the system and files stayed classified should be at the very least fired and possibly court martialed if there were advanced warnings that the security measures could be exploited and bypassed.

But my issue is with passing off the blame from him to the victim. Regardless of how easy he claims it was for him to hack into the dod system to try and steal someone else's technology, that does not change the fact that he did it. Therefore he should be jailed for it. If someone from the dod's neglegence made that easier than it should have been for this man to commit his crimes, then they should be held accountable for their incompetence as well.

But he is not a scapegoat, or a victim, and his crimes indeed caused damage. That is why he is being brought back to the US to answer for it.

**Rodion Romanovich** · 05-10-2006, 16:03

Well, computer networking works in the way that you request a service, you're given the service via 5 different hosts, and end up being connected to a 6th host you didn't ask the service from. That's how the basic infrastructure works. You can never be assured that you don't accidentally ask for a resource you're not supposed to get, and if it happens to not be password protected, then you've ended up in there. Now the fact that this guy has been doing it for so long is just a matter of him not being discovered earlier. He has never received a formal message that he shouldn't be there, but he might be guessing he isn't allowed to be there. That's a clear distinction. Plus computer security laws are not yet built out to cover all new technology, so you can't really apply any normal laws to it yet, and have to stick to the mildest interpretations until proper laws have been founded. It's like the situation when you play a game with kids, then you discover a flaw in your rules. You don't change the rules to apply also to the instance which made you realize the rules were flawed, but you apply the rule for all future cases from the moment you made the new rule.

Originally Posted by Joker85

Interesting, I don't think we have anything even similar to that in the US. If a woman is wearing provacative clothing and is raped, we don't say "well you shouldn't have dressed like a slut".

No, the rules are thought-through and fair. If you put an unlocked motorbike outside a bar where people get drunk, it's provocation. The drunk people that exit the bar behave less responsibly than a sober person, and the unlocked motorbike wouldn't give any insurance coverage either. If you leave your door to your house open, it's much more clear that it wasn't provocation. Similarly any clothing is allowed (but in some countries it's common that running around entirely naked apart from during special festivals is considered "anger-causing behavior" or something like that...).

Originally Posted by Joker85

So you did dismiss my burglury argument and even though I disagree with you I chose to let it go.

However, now that you have broadened the subject not to computer crimes but to all crimes and claimed that under British law "if you make a crime too easy whoever commits it can't be considered guilty", I think I'll bring it up again.

Under British law, if you leave your door unlocked and someone steals your property, is it your fault?

I dismissed your burglary argument because computers work entirely different. It's not immediately clear what is allowed and what isn't, sometimes you even need to "hack" around some bug which doesn't enable you to immediately show what you wanted to show. It's not immediately clear what is allowed or not until you get a formal request for a password. Just like in other laws, there must be clear definitions of when it's provocation of crime, or when there's a formal message of access denied or traditionally well-known that it's access denied. It's traditionally well-known that you may not enter a house for burglary, there's formal "access denied" when you enter a bank and ask if you can get one million bucks without providing them with either data (password) for your account number which hopefully contains one million, or ask for a loan and they think your income status etc makes you able to pay it back according to their rules.

Originally Posted by Joker85

Unfortunately for this man, he did not commit his crimes against the UK, he commited them against the US, that is why he is being extradited to the US to answer according to our laws.

That's another part of computer related law that isn't completely adapted to modern inventions yet. He was in UK when he committed the crime. His crime, if any, was against the US. So which law applies?

**English assassin** · 05-10-2006, 16:14

Legio means incitement to crime, but I can't go so far as to say that a badly protected computer system is incitement.

I'm afraid I don't have huge sympathy. Its not a case of him logging onto the Org and finding out that unknown to him the Org techheads have hosted it in a secret place behind the pentagon firewall. He did hack computer systems that were obviously in the US and that he really did know he wasn't supposed to be in.

All right, the Americans are now going to go ape and give him some completely ridiculous sentence, but he should have thought of that beforehand shouldn't he.

**Joker85** · 05-10-2006, 16:19

Originally Posted by English assassin

All right, the Americans are now going to go ape and give him some completely ridiculous sentence, but he should have thought of that beforehand shouldn't he.

I hope not and don't think he will. I mean I don't want his life to be over because of this, but I do want a serious enough sentence that it sends a clear message to other people that it's not a game and you can't hack into govt systems to try and steal technology.

As I said earlier I see 5-10 years and a fine. If he gets 15-20+ years it would be too much.

**Haudegen** · 05-10-2006, 16:19

I just wonder why the USA wants revenge here. I mean, it´s not like he has sold some stuff to hostile nations or planned to do this. IMHO the USA should say: Hmm this guy has hinted us towards some security problems, we´ll fix them, and now let´s remain quiet about it.

In the trial that is about to begin, the government will have to talk about details of this affair if they want a conviction. Is that such a good thing for national security?

Or will the prosecutor just say: Mr Judge, I have evidence that he´s guilty but unfortunately I can´t show you. Please convict him now! That would be a true crime, I think.

**English assassin** · 05-10-2006, 17:13

You see, I just am not buying this white hat business. White hat is hacking into the pentagon one night, sending them an email the following day telling them everything wrong with their system, and never doing it again. Its not having a good old rummage for two years.

OK so he says he was looking for suppressed info on UFO FTL drives and not the launch codes for the ICBMs, but its not a rule that you only prosecute the successful criminals.

@joker, 5-10 years in a US jail is more or less what I meant by going ape and giving him a ridiculous sentence, but like I said, he should have thought of that first.

**Haudegen** · 05-10-2006, 17:29

I have little doubts that he has committed computer crimes and I was not trying to apologize him. My point is that I think that the US interests were served better if they had kept it under the carpet.