An alchemists view from the bar

Network Security Alchemy

Archive for April 2007

Theft by finding vs armed robbery

leave a comment »

The whole McKinnion thing.

The more I think about this situation the less sense it makes. I have an opinion about it somewhere but I cant work out what it is.Assuming that McKinnon is guilty of these crimes, there should be some type of punishment. Hearing US prosecutors saying he “would fry” is concerning, especially when compared to probable non-prosecution or community service in the UK. There must be an appropriate level of punishment somewhere and this is what has got my head spinning.

Reported as the “biggest military hack of all time” systems in 92 networks were 0wned across 14 different states controlled by various Army, Air force, and Pentagon types. In my mind I don’t understand why location makes any difference at all, Be it 1 or 10 states, they are all addressable via the new world we all call the Internet.

If he used one method to gain access to 1 system or 10 systems is that one or ten crimes?
If he released a 0day worm that p0wnes 10,000 systems should he have be punished harder than if it only p0wned 5?
What caused the most damage in $ value, McKinnion or the various worms of previous years?

IANAL but surely the punishment of theft by finding is less than armed robbery. Should the punishment of accessing an unauthorized system via a blank password be less than via some 0day buffer overflow?


Written by leonward

April 9, 2007 at 5:44 pm

Posted in Security