A British hacker who has been fighting extradition to the U.S. for the past seven years is getting support from some well-known musical backers.
David Gilmour, singer and guitarist for the iconic English rock bank Pink Floyd, has already recorded a song for an upcoming CD that’s now being put together to support Gary McKinnon, 43, according to Janis Sharp, McKinnon’s mother. McKinnon is an admitted hacker who in 2001 broke into computer systems in the U.S. Department of Defense, NASA and the U.S. Army.
McKinnon, who was an unemployed system administrator in the U.K. at the time of the 2001 hack, has been using a series of legal maneuvers and appeals over the past seven years to fight extradition to the United States.
McKinnon was indicted in November 2002 in the U.S. District Court for the Eastern District of Virginia on eight counts of computer fraud related to hacking incidents that allegedly damaged 105 U.S. government, military and corporate networks.
McKinnon, known by his hacker handle “Solo,” is charged with seven counts of computer fraud and related activity in Virginia and one count in New Jersey stemming from a year-long hacking spree.
The indictment alleges that between March 2001 and March 2002 he broke into and damaged 92 computers belonging to the Pentagon, Army, Navy, Air Force and NASA, as well as six systems owned and operated by private U.S. companies.
Once inside a network, McKinnon is alleged to have installed remote administration and hacker tools, copied password files and other sensitive but unclassified files and deleted user accounts and other critical system files. In at least one instance, McKinnon’s hacking activity allegedly caused a major military network in Washington to shut down for three days in February 2002.
Losses stemming from his hacking are estimated to be $900,000, according to the indictment.
“The significance of this case is that [with] his access to these records, he was able to impair the integrity of the data on these systems,” according to Paul J. McNulty, who was U.S. attorney for the Eastern District of Virginia at the time of McKinnon’s indictment. (Later appointed as Deputy Attorney General of the U.S. McNulty is now a partner at the law firm of Baker & McKenzie LLP in their Washington, D.C. office).
McKinnon allegedly “scanned tens of thousands of systems” before taking advantage of known vulnerabilities in Microsoft Corp.’s Windows operating system installed on the targeted computers.
London mayor backs McKinnon
As McKinnon continues to fight extradition, his vocal supporters have been waging their own battle.
Late in January, Boris Johnson, the mayor of London, wrote a newspaper column calling on President Barack Obama to call off U.S. efforts to extradite and prosecute the British hacker. Johnson called the U.S. extradition efforts a “legal nightmare” and a “comment on American bullying.”
In an e-mail, Sharp said McKinnon’s supporters are putting together the compilation CD to raise awareness about his case and to hopefully get Obama’s attention.
The CD, which is slated to be released next month, will include Gilmour’s recording, along with songs from other artists, whose identities have yet to be disclosed, she added.
Sharp noted that the CD will be available for download, and that her son’s supporters are looking to distribute in retail stores as well.
Earlier this month, McKinnon’s supporters held a musical protest outside the U.S. embassy in London. The protest was timed to correspond with Obama’s arrival at the G20 summit of world leaders held in London.
At computer security conferences in London. McKinnon has described in detail how he hacked into the U.S. military computers.
Faces 60-year sentence
The U.S. government alleges that McKinnon caused $900,000 in damages to computers in 14 states, and that he caused the shutdown of critical military networks shortly after the Sept. 11, 2001, terrorist attacks.
He faces a sentence of 60 years or more in the U.S.
The indictment filed by the U.S. attorney’s office in New Jersey charges McKinnon with one count of intentional damage to a protected computer. The charge stems from his alleged hacking of a computer used by Naval Weapons Station Earle in Colts Neck, N.J.
That computer was used by the Navy to monitor the identity, location, physical condition, staffing, battle readiness and re-supply of Navy ships in the area of the complex.
Between April and June 2001 McKinnon allegedly stole 950 passwords stored on seven servers connected to the NWS Earle network and used that access to damage and force the shutdown of the NWS system on Sept. 23, two weeks after the Sept. 11 terrorist attacks.
In addition to the military and NASA systems compromised by McKinnon, the indictment filed in Virginia also alleges that the hacker penetrated networks owned by Tobin International Ltd. in Houston; the University of Tennessee in Knoxville; Frontline Solutions Inc. in Wayne, Pa.; Louisiana Technical College in LaFourche, La.; and public libraries in Illinois and Pennsylvania.
“It was a very difficult thing to identify,” said McNulty, referring to the hacker’s careful use of tools that erased his tracks.
When asked if McKinnon could have been working on behalf of a foreign group or government, McNulty had said there was no evidence to suggest that. However, he acknowledged the suspect’s motivation in this case had been difficult to determine.
The lack of widespread damage led to talk about the possible involvement of a foreign government in the hacking spree.
“The big concern is that this guy is a professional hacker or information broker being paid by somebody to specifically go after U.S. military information networks,” said Mark Rasch, the former head of the Computer Crime Unit at the U.S. Department of Justice.