Exposing Government Security Holes Costs Guy $US700,000
Gary McKinnon hacked into 97 military computers searching for UFO secrets and now he’s liable for $US700,000 in security checks that were done afterward. As some say, why should he pay for a lock if the door was open?
Yes, McKinnon should pay for his crime somehow, he did break the law after all, but to pay to close security gaps he exposed while omitting the crime is a bit unreasonable. I’m happy that the ridiculous damages bill is being challenged by experts, because as Peter Sommer, professor of security at the London School of Economics, put it:
Damage assessments of computer security breaches should consider “whether the victims have taken reasonable steps to limit the damage”.
According to what we’re seeing about this series of intrusions, they would’ve been preventable, had Uncle Sam’s security experts been on the ball. So really, they should be paying McKinnon a consultation fee for pointing out the security gaps in the first place. [Computer Weekly via Slashdot]
- Next Post: Ti’s $18 Calculator iPhone App No Threat To Real Calculators »
- « Previous Post: NETGEAR Pimps Stora NAS With Easy Web Sharing
Comments (AU Comments | US Comments)
He should not pay for any crime! He is from the UK and was in the UK at the time the “crimes” took place.
The only crime that took place was treson by the UK gov in allowing people in the UK to be sent to the US for things that they did in the UK that are not crimes in the UK!
Nice logic: “he was in the UK” + “crime was in the US” = “no case to answer!”
So, some skillful little hacker in Elbonia hacks yours, and several hundred other peoples accounts, and cleans you out, that’s just fine. After all, “he’s from Elbonia and was in Elbonia when the *crime* took place”.
Gee…maybe Gary should have taken the plea deal…he would have served 3 years, probably the last 2 in the UK and he would have been out over a year ago.
Let him go. he was doing a risky task of exposing security holes, not only to the company but more importantly to other which may be influenced to try hacking into secured information. But hay he’s already paid the price of doind such boring tasks.
I think it makes sense. As Rosa said, he is liable for “security checks”.
After someone has ‘hacked’ into a network, the system must be assessed to determine damage e.g. which files did they view? did they modify any data? did they place any viruses or ‘back doors’?
Reinstalling operating systems and/or other software, as well as the replacement of hardware may be required. All this can cost a lot of money (and time). More importantly, this may not include the costs incurred in fixing an exploit used in an attack.
Taking this approach, the decision to charge McKinnon for his attack seems entirely reasonable. Maybe they’re not making him pay for the costs associated with fixing an exploit, but rather the costs associated with recovering from the attack. Pretty logical argument.
As for the “why should he pay for a lock if the door was open?”. Well maybe because the door fell off it’s hinges when he entered
Murnut.
He said he would accept the plea bargain and asked where did he have to sign but was told that nothing woul be written down or guaranteed …
He absolutely should be liable for any costs incurred in forensic investigation of the compromised hosts to ensure the integrity of these systems, but not for any remediation and implementation of security measures that were not in place before the compromise. That’s just ridiculous.