Focus: Is he the most dangerous hacker on earth, or a net nerd who struck unlucky?

It is the key question dividing experts, as US prosecutors seek Gary McKinnon's extradition. Tim Luckhurst reports
Click to follow
The Independent Online

US prosecutors say Gary McKinnon is the biggest military computer hacker of all time, a malicious and highly sophisticated cyber-criminal who committed a grave intrusion into vital systems "when we, as a nation, had to summon all of our defences against further attack".

At Bow Street magistrates' court last Wednesday they sought his extradition on charges that he illegally accessed US army, navy, air force and space agency computers, causing massive disruption to systems that protect "the peace and security of the United States".

Working from his home computer in Hornsey, north London, 39-year-old McKinnon is alleged to have stolen passwords, deleted files and monitored traffic on US military bases from Pearl Harbor to Connecticut.

He is said to have breached two networks at the Pentagon and crippled military networks for days at a time.

He was tracked down and arrested in November 2002 by officers from Britain's National Hi-Tech Crime Unit after an urgent appeal for help from security officials at Nasa. British police describe Mr McKinnon as a "serious hacker" who deliberately targeted "the most high-profile organisations you can think of in the US". Fellow-hackers say he is a victim of xenophobic paranoia in Washington DC who was only looking for evidence of X-Files-type conspiracies. They fear he will be declared an "enemy combatant" and sent to Guantanamo Bay before being handed over to a military tribunal.

Mr McKinnon, who hacked under the soubriquet "Solo", tried to appear relaxed in court. He wore combat trousers instead of a suit, and blew kisses to observers in the public gallery. His solicitor, Karen Todner, says her client is actually terrified.

"He is completely bewildered and stunned. If he had realised what was about to happen he would never have touched a computer."

She says Mr McKinnon's expertise has been exaggerated. He has no formal training and no degree. He left school at 17 and worked as a hairdresser before becoming a systems administrator.

Ms Todner says: "He thinks he is being held up as an example, that the US government is telling the British Government what to do."

That is not an absurd fear because Mr McKinnon's offences are prosecutable under English law. Here he might go to prison for a few years. Under US law, he faces up to 70.

Ms Todner accuses the British of "rolling over" to allow a naive but harmless Briton to face wildly disproportionate charges in a politically charged environment.

Mr McKinnon admits that he infiltrated US computer systems. He told Ms Todner that he was "partly looking for evidence of UFOs and partly looking at the effectiveness of American security systems".

She says: "He is a pacifist and he's very interested in UFOs and conspiracy theories, but he is not political."

British investigators acknowledge that Mr McKinnon is an eccentric who believes the US government is illegally controlling all sorts of things. But, they point out, his hacking took him to highly sensitive places.

Among his alleged offences is an attack on the computers at the Earle naval weapons station in Colts Neck, New Jersey, which controls munitions and supplies for the American Atlantic fleet.

He is accused of stealing 950 passwords immediately after the 11 September attacks on New York and Washington. But British authorities acknowledge that he may have done this to make a point.

A source explains: "A lot of hackers believe they are helping the authorities by exposing weaknesses in security."

British police have no evidence that Mr McKinnon is linked to political or terrorist organisations. The Americans have not alleged that he is. Ms Todner remains emphatic: "He has no terrorist link whatsoever."

The internet security academic Peter Sommer of the London School of Economics has met Mr McKinnon. He considers him more immature than dangerous.

"I question whether he is the worst hacker in the world, or even in the UK," says Mr Sommer. "He fits into the classic mould - a hobbyist who really did not think about what he was doing.

"Hackers tend to think they are cleverer than they are and that the authorities are stupid. They think they are invincible until they get caught. Then they are surprised when the real world bites back.

"In this case it has bitten back viciously."

Mr Sommer, an expert witness in previous hacking trials, says Mr McKinnon would have to plead guilty if charged under Britain's Computer Misuse Act, but he believes the trial would be fairer.

"In this country he could demand full disclosure. It is a characteristic of these trials that the prosecution makes initially extravagant claims of damage that turn out to be unsubstantiated. In the US he will be under heavy pressure to accept a plea bargain. I doubt he will get the expert advice he would here."

Ms Todner says the British Government is "totally wrong" to allow the extradition process. "In the UK he would get a maximum of four years or so. He has not been out of the country for 15 years. I very much doubt his girlfriend or family would be able to afford to go and visit him in America. Guilty, or not guilty, he is British and he should be prosecuted here."

She compares Mr McKinnon's plight to that of the "Enron Three", the British bankers who face extradition to the US under the terms of a new treaty that does not require America to produce prima facie evidence of guilt.

Mr Sommer says there may be cost grounds for prosecuting in the US. "It would be expensive to try him here. All the witnesses would have to come from America."

But he admits: "I feel very sorry for him. There may be a political element in this. A rather more robust British government might have said, 'he's a British citizen, we will deal with it'."

A spokesman for the National Hi-Tech Crime Unit is dismissive. "This was a US-based investigation into offences committed on the US mainland. Ninety-nine per cent of the witnesses are in the US and the technical evidence is also in the US. The most practical approach is to prosecute in the US."

The prosecution says Mr McKinnon used a Hungarian-made commercial computer program called Remotely Anywhere to infiltrate the military systems. He was traced because he gave his girlfriend's email address to the distributor, the Milwaukee-based company Binary Research.

Binary executives have said his "fingerprints" were left all over their network and the military computers he hacked.

That sort of carelessness does not look like the work of a master criminal, and US prosecutors acknowledge that Mr McKinnon failed to gain access to classified files. They say his case is being pursued because of the "potential harm" he could have done.

Ms Todner says "we can only assume the extradition is political", but admits her client has "very little chance of beating the warrant".

She says she will fight a political campaign on his behalf if she is not successful in court. Mr McKinnon is free on bail pending a court appearance on 27 July.

He has been banned from using the internet.

HACKING INTO HISTORY

* Using a whistle from a box of Cap'n Crunch cereal, John Draper, aka "Cap'n Crunch", manipulated telephones in the 1960s to place free calls. He was imprisoned for phone fraud. Draper now writes security software.

* Kevin Poulsen hijacked all phone lines to an LA radio station in 1990, securing his place as the 102nd caller in order to win a Porsche 944 S2.

* Kevin Mitnick was first convicted in 1981 of destroying data. Over the next decade, arrest warrants mysteriously disappeared from records as he eluded police. He was eventually jailed from 1995 to 2002.

* In 2003 "BugBear" broke into Mitnick's company system and added a webpage celebrating the end of Mitnick's probation. "Welcome back to freedom, Mr Kevin", it read. "It was fun and easy to break into your box."