Extradition petition - McKinnon

[xmasdale]

From Gary's mum: Re- Gary McKinnon Threat of Extradition.



Feds' Own Hacker Cracks Homeland Security Network





After a heated congressional hearing on cybersecurity Wednesday, two major security players say there may be many more breaches than reported.

By Sharon Gaudin
InformationWeek
Jun 21, 2007 02:41 PM


Within the past year, a hacker secretly broke into the Department of Homeland Security network and deleted, updated, and captured information -- all without anyone knowing he was even in there.

Luckily, the hacker was Keith A. Rhodes, chief technologist at the U.S. Government Accountability Office. Rhodes, considered to be the federal government's top hacker, has a congressional mandate to test the network security at 24 government agencies and departments. He performs 10 penetration tests a year on agencies such as the IRS and the Department of Agriculture. And for the past year, he's been testing the network at DHS.

"I would label them [DHS] as being at high risk," Rhodes told InformationWeek the day after a congressional hearing into the security of the government agency tasked with being the leader of the nation's cybersecurity. "There was no system we tested that didn't have problems. There was nothing we touched that didn't have weaknesses, ranging from WAN to desktops. ... If we had continued the audit we would have found more. We curtailed the audit because we just kept finding problems. At a certain point, we just ran out of room in our basket."

Rhodes was one of the people who testified before the congressional hearing that took the Department of Homeland Security and its CIO, Scott Charbo, to task for weaknesses in the department's computer network.

Jim Langevin, D-R.I., chairman of the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology, said at the hearing Wednesday afternoon that the 844 incidents came during fiscal 2005 and 2006. He also said the infiltration of federal government networks and the possible theft or exploitation of information on them is one of the most critical issues confronting the country, noting that the Chinese have been "coordinating attacks against the Department of Defense for years."

However, Alan Paller, director of research at the SANS Institute, said 844 is most likely only a piece of the security breaches that the department suffered in that two-year span.

"The reality is that the federal agencies don't report all of them," he said in an interview after the hearing. "Eight hundred and forty-four is a big number, but it's a sample of the reality, not the total reality."

Paller said the 844 incidents reported to executives at DHS could be as much as 80% of the real total or as little as 10%. He estimates it's closer to half. "You don't know about all of them. That I can guarantee," he said. "And in particular, you're not knowing about the worst ones."

According to Langevin's testimony, the incidents included workstations infected with Trojans and viruses, a compromised department Web site, classified e-mails being sent over unclassified networks, and unauthorized users attaching their personal computers to DHS networks and gaining access to government equipment and data. He also said the incidents included "numerous classified data spillages."

There also was a report of a password dumping utility found on two DHS systems. Paller explained that it's malware that steals entire password files from the server and sends them back to a remote hacker. "This would give [a hacker] the ability to crack the system," he noted. "Most people use the same user name and passwords on lots of systems, so that hacker now has access to lots and lots of machines and systems."

Paller, though, said it's highly likely that the worst breaches are the ones that are not being reported.

"If you have a really embarrassing event, you don't want it leaking out," he added. "Many agencies feel it's less of a problem to not tell, than to tell and be beaten up about it."

Both Paller and Rhodes said part of the problem is with the contractors' systems where they say a great deal of sensitive information is stored. "Government systems are about [as secure] as most commercial systems but not as secure as banks," said Paller. "But a lot of government data is less than average because it's stored at contractor sites."

Rhodes said when he went to DHS to look into its security systems, IT workers there had to defer to the contractors to understand what the system was doing.

"Having contractors run the system is not a bad thing," added Rhodes. "But outsourcing is not an abdication of responsibility. Just because you bring the contractors in does not mean you should have an environment where the only person looking in the system is a contractor. To understand how the system was set up and what it was doing, we had to talk to contractors."

"There is a threat and there's also an impact," he said. "They hold personally identifying information. They've got a lot of information about a lot of people, and some of those people are good people and some are bad people. Is this information important to you? Yes, it's important to everybody in the United States. ... Any government agency that has weak security has an impact on the national security mission."









Hacker forces Pentagon email systems offline 10:58AM, Friday 22nd June 2007



A cyber attack on the US Pentagon caused major disruption to its email system, the US Defense Department has admitted. A hacker forced officials to take up to 1,500 accounts offline as a security precaution.

State officials also denied that the affected emails contained any classified information relating to military operations.

"Elements of the... unclassified email system were taken offline yesterday afternoon due to a detected penetration," <

said US Defence Secretary Robert Gates (pictured, left). However, he expected the system to be back online "very soon".

The Pentagon is an obvious target for hackers - according to Gates, it sees hundreds of attacks a day - but the cost of detection can be high. For example, there is Gary McKinnon, a UK computer expert, accused by Washington of the 'biggest military hack of all time'. He lost his extradition appeal to the States earlier this year and is facing 70 years in jail. Although he has admitted gaining access to US government computers, he denies causing any damage.

As for this latest incident, Gates himself was apparently unaffected, apparently he doesn't "do email". "I'm a low-tech person," he declared.

Alun Williams







The Department of Homeland Security vs hacker attacks
Date: June 21, 2007
Source: blog.washingtonpost.com




The Department of Homeland Security's chief information officer is expected to receive a tongue-lashing from lawmakers on Capitol Hill Wednesday, where an oversight committee will present data showing hundreds of digital break-ins and shoddy security practices at the very agency that is supposed to lead the government's cyber security efforts.

DHS CIO Scott Charbo is scheduled to appear tomorrow before a House Homeland Security subcommittee hearing entitled "Hacking the Homeland." The panel follows a hearing April in which Commerce and State department officials recounted how hackers broke into and gained control over a number of systems in a series of targeted attacks. Since that testimony, committee leaders demanded answers to dozens of questions about DHS's compliance on cyber-security standards, and whether it, too, had suffered similar break-ins.



On behalf of Gary McKinnon currently facing extradition to America and facing sixty years in a US prison.
It seems that the US authorities still have the poorest internet security in the western world.

Even ten years after Matthew Bevan was accused of the same hacking crime as Gary McKinnon and five years after Gary McKinnon was accused of the same crime; the American government still apparently leave the door to their internet security wide open & prefer to prosecute people to the max. rather than to simply employ people capable of tightening their security.

Matthew Bevan now runs his own internet security company and has done for many years.

Gary McKinnon freely gives talks & advice on Internet security to international computer users including those attending the Infosec" computer security show in London.

Re- Gary McKinnons hacking charge....this was a victimless crime as no one suffered and the US government were extremely fortunate that no terrorist had noticed their lax security.
No damage was caused by Gary McKinnon. The only damage incurred was that the US military shut down their own systems as would any self respecting business; when it eventually realised that they had an intruder.

The untrue & exagerrated claims of damage have been levelled at Gary McKinnon as without a certain amount of financial damage the US could not extradite him. Magically the US government have claimed this amount of damage for each machine.

When the civilian establishments Gary was accused of hacking into in America, admitted that Gary had not caused any damage; the US authorities very quietly removed those indictments.

Please stand against this one sided extradition treaty as UK citizens now have fewer rights in this regard than citizens of third world countries and fewer rights in this regard than citizens of countries that use torture and routinely abuse human rights.

Please Free Gary who has been facing this threat every day of his life for over Five Terrifying years.

Yours Sincerely

Janis (Gary's mum) Who has been faced with the prospect of losing her only child, every day for over five terrifying years.

If you are British Please sign this New Free Gary Government Petition: http://petitions.pm.gov.uk/GaryMcKinnon/ If you are an Ex Pat you are still entitled to sign this petition.
All signatures greatly appreciated.

Link to Free Gary Website: http://freegary.org.uk/

Gary is also a musician/singer songwriter and his music has helped him deal with the emotional trauma. You can Download his intimate songs from Napster via this link:

Napster USA

Napster UK

ITunes UK link:

Itunes UK

Many Thanks

Janis