By silicon.com, 3 February 2004 11:30
Yesterday a teenage hacker was up in court for sentencing having been found guilty of serious cybercrimes - including a breach of US defence security.
Joseph James McElroy, 18, had hacked into a US nuclear facility which contained classified atomic weapons and research data. McElroy even sectioned off areas of the breached network and password protected them for his own use.
Given the already heightened levels of security and paranoia stateside, the US government, perhaps understandably, assumed this to be an act of terrorism.
This reaction was one which the presiding judge at Southwark Crown Court understood and one which he said he considered to be "very serious". He also stated that it was now time to send out a message that hacking and related criminal activities are not "a joke" or a "hobby". It was time, he said, to make it clear that such actions are criminal and, as such, the criminals perpetrating them should expect to face harsh custodial sentences.
At this point McElroy must have been fearing the worst. The judge was certainly talking the talk - and with that talk involving terrorism, nuclear weapons and custodial sentences this didn't look good for the teenager.
So what was the sentence handed down by Judge Goymer? A staggering 200 hours community service.
McElroy was probably not the only one taken aback by the leniency of the sentence. But the benevolent Judge Goymer hadn't finished there. He even waived claims for compensation from the US government, claiming McElroy was a poor student, who had already amassed debts of £3,000 at university in Exeter and wouldn't be able to afford it.
So McElroy escapes with his community service order and nothing more by way of punishment - not even any order limiting his use of computers.
This past week we have seen the fastest spreading computer virus of all time in the form of MyDoom. Often such incidents originate from an anonymous hacker or virus writer who is never unearthed and escapes unpunished.
The fact therefore that when caught these individuals are escaping with sentences that amount to little more than a welcome way to fill up a few otherwise wasted hours at Uni is laughable.
This latest instance shows how behind the times the UK courts are, with judges who know little of what they are dealing with and a system ill-equipped to punish individuals when they are caught.
Comments
There are 152 comments. Join the discussion
1. anonymous
If the US government cannot make there safety critical computers secure, they should be using them and they certainly should not physically allow them to connect to the internet, or any public network.
2. anonymous
Yes there is case for stiffer sentences, and his sentence maybe increased on appeal, but I think your leader missed an important point. Surely computers that "contained classified atomic weapons and research data" should better protected.
If a teenager at Exeter University can access this then maybe Osama bin Laden and his cohorts can to.
Is this another case of Department of Enenegy Security being a laughing stock?
3. michael shakespeare
How right you are, the sentence is totally inadequate in relation to the crime committed, the Judge an obvios incompetant, the accused...a bright guy who even in the light of the US's heightened security levels has managed to breach the US nuclear facility security. Will any of the security people/software programmers be doing any community service? I don't think so. Still nice to know that the US is there again blaming someone else for their own ineptitude. Nice one, no wonder you have so few friends around the world.
4. Nick Roberts
Sorry, but I can't believe what you're saying here ! Are you suggesting the boy was in fact a terrorist hell bent on obtaining nuclear secrets, and not just a bored student ? Or by analogy - are you suggesting that housebreakers should be punished the same regardless of whether they simply steal the T.V. or murder the homeowner in his sleep ?
5. Dave Reilly
Wise up!
It seems to me that the problem lies with woefully inadequate firewalls and poor security management. Where is all the multi-million $ spent on the military budget go?
Blaming an individual 18 y/old student's efforts in hacking into the only Superpower's system is obviously an 'eye-opener' and scary to me in the public at large.
How can we trust those in power? More draconian laws taking away our civil liberties and human-rights abuses?
Who is responsible for the system integrity/security?
Regards
Dave Reilly
6. anonymous
The kid was just storing his data somewhere and had no intention of causing harm as that would mean his data would be found. He wasn't a terrorist or virus writer. The sentence was fair.
If a site is storing data that a terrorist would want to get hold of they have a responsibility to make that data secure, this site didn't so they have to take some of the blame.
7. Jonathon Ralfe
"How behind the times the UK courts are", would you rather we carpet bombed Exeter? Wake up America. This was not a terrorist hell-bent on the destruction of the facility, nor was his intention to kill. He is a teenage student who thwarted your best attempts at security. Ever heard of "Proportionate response"? what would have happened had the 21K damages been demended, he would have had to drop out of college in an attempt to fund them, which I dont see as being to anybodies advantage. I suggest you hire him immediately, it would seem he has a great deal to teach you. Only make sure he remains resident in the UK so we can spend his tax on your defence products.
8. Ben Wild
Why not report the real story that someone was able to hack a security threat containing 'classified atomic weapons and research data'. Instead of attacking our sensible staggered Computer Misuse Act.
9. Richard Mullens
I can imagine that it is annoying to find that one's site has been hacked, but spare us the moral outrage though.
That a teenage student can penetrate the Fermi National Accelerator Laboratory shows the laughable state of US Defence procedures. If this really was a serious breach of security - which I doubt, the guy should be rewarded for exposing glaring flaws in security.
10. Dominic Tristram
I wouldn't worry - thanks to Blunkett and his quasi-fascist ideas, students like this will soon be subject to secret trials using evidence they're not allowed to see. I can assure you that there will be less of a fuss in the media when none of us are allowed to know about who is prosecuted and what for.
This law in this country is going to the dogs, and our rights with it. Articles like this that inflame the paranoid don't help one bit. This is the sort of thing I'd expect to read in the Daily Mail, not a real news source.
11. James Noonan
If no real damage was done then I don't think a custodial sentence is appropriate if the defendant has no income then a fine will translate into a custodial sentence.
If someone is that nifty with computer then it's a waste to tell him that is the one interest he can't pursue.
He's not an anonymous hacker anymore and will always be under suspicion, I've not seen any figures but I'd guess his chance of re-offending is low. Despite what anyone says a system based on deterrence and sending out messages is patently unjust and has never been demonstrated as successful.
12. Tom Frame
They should lock this little good for nothing scrot up - are we just waiting for something catastrophic to happen before we wake up!
13. Roger Charles
It seems to me that anyone who hacks into anothers computer network could be argued to be as much guilty of breaking and entering as someone whose does so by being physically present. Therefore similar penalties should apply.
14. Andrew Strathdee
I agree it is really horrifying that a major security system should be breached by a hacker. On the other hand, I am sure that he is old enough and wise enough to know what he was doing and deserved any penalty, which lets's face it, will probably mean in addition that he will never be allowed to enter the USA. But the whole of the internet is now under threat from people with serious and damaging agendas - let's hope that our judges do understand the potential economic damage which can and will be caused and not treat them all as silly pranks.
15. Josephine Bacon
"This latest instance shows how behind the times the UK courts are, with judges who know little of what they are dealing with and a system ill-equipped to punish individuals when they are caught. "
As a court interpreter for 30 years in this country and the United States, I can assure you that this level of judicial competence extends to every court in the land.
16. anonymous
Just when we'd lost faith in the judiciary along comes Judge Goymer with a considered decision and appropriate punishment. I hope this benign event will result in Fermi Lab - who are the real laughing stock - getting their own house in order.
17. anonymous
The outrage is pretty laughable. He broke nothing and stole nothing, so I guess technically all he was doing was trespassing.
As suggested elsewhere, maybe the US facility implicated should give him a job? Could be worth more than the compensation claim in the long term?
18. anonymous
silicon.com joins Indignant Majority?!
never thought I would see a silicon.com article taking the "indignant" route. The might of an over-reacting, paranoid, teflon coated, incompetant US government organisation against a young student with too much skill for his own good. Need I say more
19. anonymous
So you're saying we should send him to jail where he'll learn to be a proper criminal and start ripping off the banks etc. I say he was doing them a service exposing defiicient security.
20. Paul Willis
Yes,,all the letters I've read seem to make sence but HE KNEW he was in the wrong to do it! anybody heard of
GOOD and BAD??, you know you should have been taught it when you were a toddler. If people stopped trying to hack into computer systems it would give the professionals more time to catch the real thieves.
21. Simon Perry
You are so wrong. Let us not believe the hype. Yes he entered a computer system without authorisation, but as I understand it, he did no damage there, simple deposited some files. The sentence for his actions is more than adequate.
With headlines like that it is more likely that Silicon will become a laughing stock.
22. anonymous
The issue here was that the hacker was only a criminal and cyber terrorist, and therefore entitled to all the leniency possible by the "bleeding hearts" brigade.
Had he been a mere British citizen defending his home against burglars, driving at 38 miles an hour, or a pensioner unable to pay his over inflated council tax, he would have been put away for months.
Let's not forget! British justice is only there for the normally law-abiding citizens. Not criminals, terrorists or illegal imigrants.
23. Bob Duncan
I agree with those on McElroy's side. The onus is on the site managers to make it secure - they can't depend on stiff sentences to deter those with seriously malicious intent. McElroy did them a favour by showing how useless their security is. I'd compare his actions to someone breaking into a nuclear base - and then pitching a small tent. Osama Bin Laden he ain't.
24. anonymous
I dont agree, the boy showed incredible skill and knowledge to hack into 'high security' systems such as those used in Nuclear facilities. It is just an indication that the security of networks the US government consider sensitive should be regulated and homogenised by a government body.
The sentence may have seemed lenient but the kid was 18 and merely demonstrated the potential vulnerability, its posssible he deserves a reward.
25. David Lee
The law in the UK needs a major overhaul and with Judges and Jury not really understanding the evidence put before them, how can anyone expect a sentence fitting to the crime?
When all probably the Judge or the 12 people use computers for is reading a bit of email?
If the US defense computers are lacking in security, what hope is there for anyone of us from stopping Osama Bin Laden's followers from holding the world at ransom with nuclear weapons?
If all it takes is a poor, bored student from hacking into US defence computers - anyone can.
Wake up America
26. anonymous
What everyone fails to mention is that the security flaws that allows 'hobbiests' to so seriously compromise critical computers systems exist because of the utter deglect of the companies who own the site or write the software.
Take the recent myDoom virus issue. Viruses will always exists, they are programs like anything else. The problem here is that Microsoft has written and proliferated software (i.e: outlook) with additional 'features' that introduce these huge security flaws allowing anyone to infect your computer by sending you an email!
I assure you that MOST mail programs out there are not susceptable to anything like this. Companies who would never dream of leavin their doors unlocked allows their employees to run this kind of software.
27. Bernard Gray
I do not often praise British Justice but I think they got it about right this time. Several of your readers have commented on the fact that sensitive US Dept of Defense material is so readily hacked.
After all the nonsense about WMD, can we be sure that it was such a sensitive area, as claimed, or does the US Govt cry "Wolf" once again!
28. anonymous
Given the pile of hacker crap email in my Inbox this week, let's hope the US government get him extradited, so he can write programmes while sitting on a rubber ring in Guantamo Bay.
29. anonymous
Allowing the victim to determine the penalty for a crime is never a good idea. Justice must be blind.
It sounds to like this chap was merely loitering where he shouldn't have been, in a virtual sense. He's no more sinister to me than a child playing in a walled garden where he's not meant to be.
There's a difference between malice and mischief, and I for one find it heartening to see that the judge realised this.
30. Richard Norman
I assume that a US citizen wrote this? Unfortunately you, whoever you are, have been taken in by your nation's own paranoia, which appears to have prevented any rational thought! Whilst I might agree with you that the British Judicial system might be open to some criticism – I doubt that it is in this case. The judge (or rather Magistrate) maybe but NOT the system!!! By the way I would advise you – in this instance living in a substantially amusing glasshouse (the subject of many TV dramas of both documentary and live nature) to NOT throw a stone - get my drift? I will not dwell on this case but pick up on the many rather stupid un thought out, badly communicated, actions that your otherwise great, albeit youthful, state has been taking over the last few weeks and months.
Please THINK before you write and even more think before you DO!
31. Martin
1. Community service is not necessarily lenient
2. This was a first offence, so far as we know.
3. There was no malicious intent claimed, just risk, for which one would hope the authorities adopt greater security.
4. Do you not think this will deter him?
5. The height of the fence has been set - others coming after must now know to expect custodial sentences.
I don't condone soft sentences, but this seems to have been a stupid, dangerous prank, and to have been seen by the Judge as that. Would prison have helped in this case? Would an order for restitution have been practical? I think not. I do believe that the message sent by the Judge is what matters most. He also saw the witnesses, heard the evidence, and concluded that a heavy penalty was neither helpful nor realistic, especially against a young man whose whole future life could be destroyed. On balance, I am minded to side with the Judge, who was stong enough to be independent of what must have been a blistering attack from the establishment. They probably believe that their stance was right too. The miscreant probably feels hard done by. If all are near equally unhappy the Judge got the best balance possible.
Judges have to start somewhere - complain if the next hacker is sentenced as leniently!
32. anonymous
Is it just me, or does anyone else remember when US aircraft were launched with atom bombs on board, after another talented student thought it would be a jolly jape to hack in? We roared. It really is the victim's fault if his computer gets hacked, because they are well known to be 100% proofable. He really should get a medal, and all his student loan paid off. After he's fixed every email system his friends have stuffed this week.
33. Alan Roberts
A poorly written article. Firstly the kid was only 16 when the offence took place not 18 as the article suggests. Secondly, he accessed no restricted documents, simply used the network as a file store for his music and video downloads. Perhaps that is a hanging offence in the "modern" USA but for most of the world it is just a kid who has steped over the line a little and needs a clip around the ear. Get a grip!
34. anonymous
Too laughable for words - hell no one was hurt or injured and he's only a poor student.
You want to know what REAL justice is?
You drive an overloaded and untaxed van that doesn't belong to you while you have no insurance and run a res light while breaking the speed limit. You kill one person; put another in intensive care for 2 months with a further 4 months on a general ward; two other people recieve hospital treatment for crushed kidneys and various broken bones.
Then they really throw the book at you - you get 240 hours community service - and your sentence is complete before your victims regain consciousness - NOW THATS BRITISH JUSTICE!
I know it - was my Mom that got killed and my Dad in intensive care - the other victims were friends of the accused!
35. Barry Mattacott
Hang 'em high. I didn't bother to read all the other comments i guess they are the usual "he only exposed a security hole" "they deserved it for being so insecure" etc. We'll all be repeating these to you when your home has been burgled. You should have made it secure, he was only exposing your weak security. I hope that makes you feel better about the intrusion and loss.
Grow up; we don't need hackers in security anymore than we need burglars and rapists in the police force.
What we need is sentencing that reflects the amount of money that these people are costing ME and YOU, the consumers. Because if you think that all this security and AV is coming for free or the cost isn't being passed on, then you're even more naive than i thought.
I hate to hide behind anonymity, so my name’s Barry Mattacott and the opinions expressed here are mine and mine alone and are not necessarily shared by my employers (or anybody else).
36. anonymous
Bringing back hanging for theft from supermarkets seems to be the next thing that Silicon.com might be suggesting. Is this a case of over-reactive journalism?
37. anonymous
I can't think of a single excuse for having nuclear secrets plugged in anywhere near machines that are on the internet. If the US Govt wants people out of thier network, they should build a new network.
This is not to excuse the acts of an 18 year old adult. This person should be held accountable for his actions. The real problem lies not with him but with the ineptitude of the network admins that administer the compromised facilities.
Do employees at nuclear power facilities really need to recieve "joke of the day" at the same desk they work on the worlds most dangerous secrets with?
38. anonymous
Hi! All,
Agree wid all who are on the hacker's side, the thing is, US just put the thing wid one big spot light saying "We have advance technologies and we are totally secured" look at their www.sco.com website! MyDoom doomed them! come on get a grip, if someone is pointing the flaw / loop holes in your system, then praise them and hire them and let them work for u to make the system secure.
He did best and find the glitches in the "Super Power's Nuclear System", must be laughable that how pitty their systems are, and then they are blaming the Terrorist! or a boy who hacked system, who merely 18.
Regards,
Mudassir
39. Brian Walsh
I suspect that Judge Gaynor has not only never had a systems attack, he probably doesn't own a PC.
The Court transcript might illustrate how much tech jargon His Lordship was obliged to listen-to.
But "lighten-up" Silicon. I look fwd to the Round-Up's reminder that many of us were once 18 yr-old students occasionaly prone to mischief making.
40. Arthur Daily
This sums up the US and their views. They strut around woefully unaware of what anyone actually thinks of them, claim they are the best at everything, believe they are the best at everything, and when something doesn't go their way they throw the toys out of the cot.
If I was the US I would be embarrased to anounce that a specy kid half way around the world was using it's defence system as an MP3 file share.
Hire him.
41. Vladimir
If kids can hack computer,
it's time to hire new IT! Period!
Kids always will be Kids,
by Definition! not by law!
Shame on IT!
Shame on Goverment, who can't get it!
Shame on Law, who put Kids in Jail!
42. alan rae
let's have some proportion here. The Americans bring so much of this stuff on themselves by their humourless arrogance. Is this kid a terrorist. No. Should they sort out their own security problems. Yes. Should we take lessons in justice from a country that incarcerates over a million of its own citizens, executes mental defectives and holds 15 year old boys in the human rights outrage that is Guantanamo Bay - I don't think so.
43. Christian Smith
Act of terrorism? What a joke! This was no more an act of terrorism than breaking into buckingham palace gardens is a plot to assassinate the queen.
An act of terrorism must have some intent. A skiddy compromising some non-essential machines shows no more intent that any other ramdom crack.
If this was a serious (dangerous) security breach, then I think we should be looking more at the administration of the computers being breached.
Any safety critical machine should not, ever, be connected to the internet. Period.
I think the lack of intent showed that the young man is not a danger, though somewhat stupid. Breaches like this force admins to constantly evaluate and protect against more molevolent crackers, so some good does come out of cases like these.
44. H B
Who exactly is laughing? This is obviously an opinion piece, since the article reports nobody criticising the judge except the author himself in the final paragraphs.
So who's the author? "silicon.com"? I'm afraid that doesn't cut it, if you expect the blatantly subjective and unargued criticism of the judge to have any value at all.
45. anonymous
Visualize a standard B & E case: A kid with a modicum of knowledge wants to break in to a house, to hide away some illegal paraphernalia. Assuming the house appears like any other house, and the locks on the door & windows are your standard household fare, and there were no signs of other security, would you feel the need for a harsher than normal punishment, if that house happened to contain high security material? Material that the kid never touches. Likely, you would dole out the standard punishment for B&E. However, wouldn't you also be demanding that such sensitive material be better protected?
Likely he had no idea where he was storing his data, I'm sure there wasn't a big flashing sign saying "Warning! High Security Area! Enter at Your Own Risk!" -- No security, No Guards, No Police Tape, Nothing.
If you can't keep an 18 year old kid from storing files on your High Security box, you're not doing your freaking job. Or more likely, someone is not letting you do your job.
While I will agree that the kid should be punished, I also believe it should be the same punishment that he would get breaking into any other system.
Punishing kids with 50k in fines or treating the crime as an act of terrorism, for being intelligent, curious, and a little mischievousness is ridiculous and smacks of egalitarianism akin to Vonnegut's Harrison Bergeron.
46. Geoff Belson
It's popular to think that anything less than the lash or life imprisonment is a soft sentence. 200 hours of communuity service is a serious punishment that will last on the hacker's record for seven years, will probably prevent him getting any kind of decent job for years after and will certainly bar him from joining many organisations and professional bodies. It is true that people in the USA where a huge proportion of the population is in prison and revenge through the death sentence is considered a Christian act, there may be some misunderstanding of this punishment. But then perhaps your brief is not to inform but to produce an IT version of the tabloids? - Geoff Belson
47. Horse
So what exactly is 'sensitive' information regarding nuclear research doing in a computer system accessible from anywhere in the world and who'll be the next person to take what they want? Osama Bin Laden?
From Microsoft on down the idea of security in the U.S.A. is a complete joke.
If security was even vaguely reasonable then this kid wouldn't have been able to get anywhere near the data.
The U.S. and other countries should sort out their security before some *real* damage is done and not try and make a scapegoat out of others who illustrate their own shortcomings.
At least British Justice seems to have gotten it right this time - a fair punishment which fits the crime.
Sack the sysadmin who failed to secure the system and give his job to the hacker - at least he seems to know what he's doing.
48. anonymous
I'm surprised at some of the comments posted already. I believe in proportionate response just like the rest of you and I also think that the US should ensure that their systems are more secure, but lets face it, it's NOT their fault that he broke in to their system. Just like it's not your fault if someone breaks in to your house if you don't put adequate locks on all your windows. It's the fault of the criminal who breaks in.
Whatever happened to justice and honesty????
what if this "poor" student was being secretly bankrolled by some fundamentalist bunch of nutcases to gather intelligence for them. The "real" cost of allowing someone to get in escape unpunished could be incalculable.
49. damien hilton
Please separate fact from opinion. This was a "hang 'em and flog 'em" rant disguised as a news item. Mr McElroy shouldbe congratulated for exposing the weakness of the security without causing any real damage.
50. anonymous
So whats's new?
British Judges & British Justice System seems more concerned with the rights & sensitivities of the offender than those of the victim (or surviving relatives).
51. anonymous
Another swiss cheese UNIX system gets hacked. The person who should be arrested is the uh, "...aDministrator..." who failed to protect the safety of US secrets. It appears the kid damaged nothing but pride, the sentence was just.
52. Ted Sobien
American security is a laughing stock and yeah I'm an American. You have companies with $30K invested in firewalls and some jackleg CFO behind it with a "personal use" DSL modem or Sprint card straight into his PC. Gimme a break..., why is the government any different? It ain't. How did this kid get into a "secure" US Govt network in the first place? Let's not mention the porous US borders through which every manner of man and animal crosses without challenge. What good will locking this kid up? Fair is fair. They don't prosecute or lock up people who violate immigration laws, they shouldn't lock him up either.
53. anonymous
The premise of this article is clearly a matter of perspective.
In THIS instance , you have a schoolkid getting into areas where he clearly doesn't belong.
A slap on the wrist for mischief of this type is clearly not totally out of line. For instance, Had he instead slipped onto the physical plant, he would be charged with a misdemeanor and possibly treaspassing on federal property and I'm sure they'd scare the hell out of him while they're at it.
On the other hand, if Al-Queda terrorist had broken in to the same plant, the INTENT is clearly different.
If someone who accessorizes with C4 is driving into or towards the physical plant, a shoot to kill policy might not be out of line.
If someone is coming for you with strong urge to grafiti your face, it's high time to break out the pepperspray.
I think criminalizing youthful curiosity which may have saved a plant from a future compromise should not misinterpreted. It seems that a reactionary security policy is the same as none at all. Furthermore, this incedent might serve a greater purpose in that the failure of the department of engergy or whomever, should be thanking their lucky stars as they now know they've been hacked and there but for the Grace of Allah goes Al-Queda.
54. MARTIN KINGSLEY
Lets get a sense of proportion here... He broke in to use a bit of extra data storage, not to commit some form of terrorism.
Lets take a simile - suppose he had broken into his local bank, not to steal money, but to camp out over the weekend, as he had no roof over his head. Further suppose he opened the front door lock with a bent hairpin. what should be the bank's reaction be ? Sack the pillock in charge of the building security, and thank the young man for showing them just how lousy their security was.
55. Steve Berry
The article is b******t. If IT teaches you anything, it's the definition between right and wrong only exists in the minds of people who are tring to gain something from it by crappy little mind-games. Look at how incredibly ruthless the nature of the software business is and you then start to understand the bigger picture.
What would I have done with this guy?
Sent him on IT security courses to allow him to learn even more than he already does - he has potential talent - don't alienate him particularly at that age by giving him poxy Community Service dished out by a System where the individuals in it don't know the difference between TCP-IP and a Mars bar. Sure he did wrong, but it's a well known fact that some of the currently highest paid security consultants, particularly in the US started out as this guy did. What do ya' wanna' do give them the equiv of Community Service too ? Oh no we can't do that seeing as how they're earning megabucks and are now "respected citizens".
If his intent was malicious give him what he deserves.
If his intent was that he's just fascinated by it and he would rather do that than push drugs or whatever,
more power to his braincells and up the judge's hosepipe with a banana.
56. {PROGRAMOUS} = ROOT
One question not awnsered in this, what did he do? He got in to the system and gave himeselt acess to hard drive space, right? So what damage did he do? What he did dose not deserve jail time or fines. New idea, give him a job. If he was able to break into the network, the he knows that what he could have sold that information for. The juge seemed to make a good choice.
57. Lionel A Smith
The fact that a student could break in to such networks and then fence off and password an area demonstrates only too clearly how poor the security was. This does not bode well for the security of our data on offshored accounts.
Perhaps those affected by this episode should consider employing this youngster. Once he has finished his community service that is.
58. anonymous
Oh good, another chance to blame the US for everything.
If you whiny readers would check out the whole story instead of rushing to the "submit" button like a bunch of slashdot readers trying to make first post, you would see that the US Government *thought* (past tense) that it was a terrorist attack when they first noticed that somebody was transferring large amounts of data from Fermilab.
They are well aware that this kid is not a terrorist. The article never said otherwise.
But you don't care, once you get your negative slant going, so I'm sure you'll never read this anyway.
59. Alex Dunn
It's really not a question of "whether he did any damage" - that has nothing to do with it. He had the ability to do damage. Compare it to walking around a mall or a school with a gun in your hand. Wouldn't you agree that is wrong, even if you don't intend on using the gun? It's the same thing.
He had access to and probably read classified documents. If he has access to these things, what's to keep him from sharing it? Some one with more malicious intents than him could do whatever they wanted.
The author obviously felt that the kid should have been sentenced to a few thousand years of solitary confinement. It's great that he has opinions, but that doesn't not give him the right to bash on the UK court system.
60. Anon
Dave Reilly - Are you a complete imbecile ?
If someone breaks into your house, rape your mother, wife and daughter, are you going to say, 'Wise up', I should have had better security ?? Do you bleeding hearts not understand that 95% of people are not criminals and those that do break into high security complexes or commit crimes (just because they are intelligent enough to do it - Hitler, Pol Pot, Mau Tse Tsung, Lenin etc. were all very bright boys) should be encourage by people like you ? 200 hours of community service seems a bit inappropriate for showing Osama et al that breaking into secure government installations is possible.
Do you honestly believe this poor 18 y/o student are as innocent/bored as you think ?
61. anonymous
Let me guess - the site & all its servers were running MicroTrash. If you're not going to dedicate at least one person to continually installing patches for the junk software you're running, you should either live with the consequences or get real software!
62. Anon
Alan Rae
Before you get on your high horse about the supposedly inhuman US govt-who was the last western government to allow citizens of their own country to vote for their own government (Hong Kong 1997?) What is the greatest deterrent of violent crimes ? If you don't know, look at stats - but then, people like you live in a dream world. This 18 year 'bored' student is bright enough to break into a security complex, but not bright enough to realise this is a crime ??.
63. Anon
If supermarket theft was a hanging offence, how many people would steal from supermarkets ?
64. anonymous
Did the boy do wrong? Yes
Did he know he did wrong? Yes
Was his intent to damage or disrupt? No
Was his punishment fair? Probably
Was the idiot in charge of securing a critical server punished? Probably not
65. Webster Ranger
I have to agree with the kid's defenders here. SURELY there must be better security features available on critical mission computer systems - or else keep them off-line. Even though breaking and entering is illegal, only a fool will leave valuables lying around in an unlocked house. Fools should not be at the controls where nuclear weapons are involved.
66. T.Tarascio
Why ruin the life of a young man who did no serious damage or harm to the compromised system? If you left your home wide open to intruders and someone stole an ashtray off your coffee table, wouldn't you at least partially blame yourself? And wouldn't you be glad that more wasn't taken?
Of course, someone who destroys your entire home under the same circumstances deserves a much stiffer penalty.
U.S. overreaction and hysteria in so-called "cybe crime" cases is out of control. Too often in the U.S., penalties are based on "what might have happened" rather than "what actually happened." The Kevin Mitnick case is a particulary vivid example of the kind of scapegoating tactics employed by the U.S. justice system.
This U.K. judge did his job; he applied human judgement to reach a reasonable verdict.
67. Esteban Lorenzo
This proves British Justice is indeed just. No one was hurt, no harm done and an appropriate sentence was given. Alright, someone had to work extra hours to remove what the kid did but hey, they should've done a better job in the first place!!
68. anonymous
To be quite honest this story is a bit biased. You cannot apply US laws to other countries,, sorry but no,,,can you tell me what actual damage this person actually did, none. This person probably got in through a system admin not patching his/ her machine to a known vulnerability so it is that person's fault. Also the fact that a nuclear plant is connected to the internet in some form for the hacker to get in is pure stupidity. The plant should be isolated so that a hacker from another country would find it impossible to get in and control the plant. Also are you telling me that once you hack into the computer network in the plant you can launch a missile? How dumb are the authorities over in america to let this happen? I think that the person that got in should be aplauded to show what a farce this nuclear facility is and the idiots that are running it...
69. Abhi
If guns were outlawed only outlaws will have guns...
Agreed that the kid did something illegal. And he got punished for it. But ultimately, it is the responcibility of the US govt. to secure data that is so critical to public safety.
If the kid got categorised as a terrorist, what about the admins of the site who compromised sensitive data and this the security of common americans, through their incompetence ? How do we know the admins were not in cahoots with the terrorists and left the network vulnerable on purpose ?
70. anonymous
This has to be very close to the worst-written article I've seen on Silicon.com!
There is more information about the case in the comments than there is in the article, yet without giving the reader any information to make their own judgement the author gets all "Rambo'd up" and seems to think we should all get similarly outraged and call for the kid's extradition to Texas for execution or something.
a/ Yes British Justice is an oxymoron and it's likely that the more-or-less sensible outcome was more by luck than judgement, but at least it's *slightly* less purchasable then the US equivalent and *slightly* less likely to follow the whims of politics.
b/ It seems pretty clear that even the "injured party" admit he did nothing actually malicious so basically this was a crime of tresspass. We do not execute for tresspassing, even if our, um... allies in the US think we should.
c/ As has been said the deterrence value of custodial sentences is questionable at best and it's more likely he'd be more criminal rather than less afterwards. Also, if this *were* a terrorist act the deterrence value of, for example, 3 years in prison is going to be even less for someone presumably planning to use the "nuclear information" for mass murder and who is likely to be willing to strap the resultant bomb to themselves anyway.
d/ Yes it could be said to be reasonable for the facility to assume a terrorist act when it happened (those MP3's might have exploded after all....), just as it is reasonable to assume that a guy pointing a gun at you is attempting to kill you. However, after the fact when the guy has shot you and it turns out to be a water pistol it is not reasonable to call for him to be tried for murder.
e/ If you're going to start locking up people for doing really dumb things in a devious, underhanded and cunning way then you're going to loose most of both the british and US gorvernments! Hey! On second thoughts, that's not such a bad idea.....
71. Chas Newport
I'm glad we don't (yet) live in a police state where they prosecute you with the full force of the law for victimless crimes like poking around a computer (which by your own admision he then protected with a passwrod anyway). How about saying the word "bomb" at an airport - death sentence for that?
72. Chris Whitehead
If the US government cannot secure its most important data from 18 yr old hackers, whose only wish is to store pirate films, i think there are more pressing things to worry about.
Like how to ensure a safer world and a US election system where the candidate with the most votes wins! ;-)
73. anonymous
I once I was sold a set of unbreakable wine glasses. At a dinner party one glass was broken. Should I sue the breaker of the glass or the supplier of the unbreakable glass. Should the goverment hunt down and convict the creator of the rumour that the glasses were unbreakable. mmm If the site was secure then all this would be a non event. If it was not secure what the hell was it doing on the net. Some salesman that sold this shit to a real dumbass. Both the purchaser and the seller of the security software should never be allowed to act in the interest of the tax paying public again. All this is about laying smoke over the fact that someone made them look like they realy should...inept.
74. Keith Williams
The sentence was sensible. This is not a case of theft or serious abuse. It's analagous to using spare space in an otherwise unused warehouse. It is a bit naughty but I don't consider it serious.
75. anonymous
2 comments
- some American(s) should be prosecuted for not protecting such delicate information
- the student is lucky he was not using a laptop in a car. He then would probably have been jailed for life!
76. editorial staff
I think you'll find this article is clearly marked as a "Leader" and is in the comment and opinion section of the site - it is not therefore "dressed up" as news
77. Brian
You should clearly mark the article "Devil's Advocate:"
78. anonymous
The young man has broken the law. He knew he was breaking the law. It was premeditated to break in and steal. It is not his property. This is an imoral act and shows no respect for the property of others, never mind the whole range of other moral and ethical issues brought up by this act. I agree that in this situation the system should have been better protected but no system, virtual or real can be perfectly protected. if people behaved with good common sense and stopped this kind of mindless ( or maybe minded?) vandalism, then maybe the limited tax funded resources could be focussed on hard core crimes and terrorism.
79. anonymous
In fact, from the article it seems that it is the "US defence security" which has been made the laughing stock.
Although cyberterrorism and malevolent hacking are indeed serious crimes, don't tell me a student which uses US defense computers for downloading p0rn, should be taken as a serious hacker and dealt so accordingly.
While I confess that I have no other knowledge of the case except what is written in this article, I must say that the situation as described in article seems to show blatant lack of repsonsibility and counter-measures in the said US facility.
There are tons of freely available hacking material out in the Internet, and "script kiddies" while a menace are certainly not the threat to a well cared-for system.
80. Pete
Yes, McElroy deserved a harsher sentence, but I find your reporting of this story a little biased. Nowhere in the article, do you mention what this section of "passowrd protected" disk was used for by McElroy - leaving readers to drawn the conclusion that he intruded into these systems with more serious intent than using the systems disk to store his own collection of downloaded movies on! It was a stupid thing to do, and I think his sentence was too light, but I don't believe (given ALL the facts) that a custodial sentence would have been the right one either. He should have been made to pay the compensation, and I believe his computer usage should have been restricted (without unfairly disadvantaging him in following his studies at Exeter).
81. John Smith
I would suggest USA to judge the developers and programmers and MANAGERS of the software used in those Nuclear laboratories to count as terrorists as they leave doors for their foes Al-Quaed dudes to enter and make terrorism. Thanks god that some dude found and showed this USA goverment crime. This is proof of USA goverment WANTING to be terrorised and then claim rights to attack innocent people around the world.
82. Harry Bradley
Listen up silicon.com (sign your name to your garbage critique next time)! Before you go slamming a judicial system, try to know anything about which you speak. A major criteria in sentencing is culpability, another is intent. There is a big difference between a security breach for recreational intent and a security breach for terroristic intent (or intent to use this breach to cause further terror or kill people). Thank God Judge Goymer knows the difference, because you obviously don't.
The defense counsel probably showed that the defendant had no ties to violent groups, is interested in computers and networking as a hobby, and has no interest in hurting anyone with his newfound defense-net knowledge. The judge ruled accordingly. There is no reason to send a productive citizen to the slammer, except to prove what a tough, poiny-headed ***** you are. 200 hours in no joke for an otherwiselaw-abiding citizen. How would you like to work a full-time job for 5 weeks for free. Oh yeah, silicon.com ... I guess you already do. (Ed note. We've no idea what you're talking about with that last remark Harry... but thanks for posting the comment anyway.)
83. Code Writer
I just spoked with my coworkers and I sayed that I am able to code such a system if they pay me that money they spend on the national security. Let's say one billion. Then my coworkers laughed and sayed that 10 india students will write the sistem more fast and more cheeper than me. So I conceded. I can't compete with 10 students in speed of coding. So if students write software do'nt be surprised that students break them!
84. John
Alex Dunn!
I suggest to put into prison everybody, coz everybody has potential for killing people. That's the problem in USA that preventiv strike!
85. Gian Mario Moggio
I do not know enough about the use the youngster made of his hacking. Possibly the judge had more lements to judge, tham the ones given to us readers by the article. certainly I would agree with the judge to be leniant if he saw in the fact a small misuse of the youngster capabilities, and did not whant to create yet another misfit, by handing down a big dtention and damage compensation sentence.
The author of the artcle could have given more attention to the fact that nuclear secrets are not very well kept, and that all of us should hand down a very strong sentence to whom is responsible of this secrecy. But i think they are all of the ame band that is responsible for the intelligengence on WMD in Iraq, that send so easily to death hundreds of people.
86. Werner
Seems to me some people are missing the bigger picture. Hackers/virus writers are not doing the world economy any favours. Companies and normal citizens are spending billions of their hard earned cash to protect themselves against these criminals. The next time Bush as a few dollars to spend, will it be appropriated to the homeless/medical care etc. or will he use this act to increase security spending ?. So some people still think this 18 yo should get a medal ?
87. anonymous
Time for a little reality check here...
First off, Mr. McElroy wasn't trying to hack into our nation's nuclear network. He was a kid looking to share some files with his buddies. He thought he'd gotten into an academic network and had no idea that he'd hit upon a nuclear facility. In fact (yes, facts are important in British courts, unlike this website aparently), the network he broke into was NOT classified, and contained no sensitive data or systems.
I'd say the a much larger share of the blame lies with the security folks at Fermilab who administered a network that an 18 year old, using off the shelf hacking tools, could hack into with ease.
What the kid did was illegal and wrong, no doubt. Sniping a Snickers bar from the corner 7-Eleven is illegal and wrong too. Do either warrant years of jail time? I, and thankfully at least one court on this planet, don't think so. Instead of screaming about how behind the times the British courts may (or may not) be, perhaps you should turn an introspective eye and examine your definition of punishment befitting a crime.
88. Chris Clark
The judges sentence was right, the guy is 18 now and so must have been about 17 at the time, I did some pretty stupid things at 17 and I'm sure most other people did. No justice is served by sending an 18 year old kid with a good future ahead of him to jail for hijacking bandwidth and storage space.
Perhaps we should instead be thankful that he highlighted a significant security flaw before some guy wanting to obtain some of those classified documents...But, let's face it, maybe someone already has....who knows how long that servers been open?
89. John D P Gundry
I believe you have a biassed view of British justice.
Little good would have been served by handing the young offender a jail sentence.
This young fellow will no doubt have learned his lesson by the time his sentence has been served.
He already has a criminal record and, should he re-offend, he is in deep trouble.
I believe that the judge had a good grasp of the facts and the extenuating circumstances.
You dishonour the very name of Justice.
90. anonymous
I came to this site after reading about this case at www.theregister.co.uk
I am extremelty disapointed at the standard of journalism diplayed at silicon.com regarding this incident, perhaps the author should be looking for work at the National Inquirer - a 16 year-old kid uses a site to store his mp3s - shock, horror. Shows just how far down the pan the US has gone - unless it's just a troll, of course
91. anonymous
After all the problems with 9/11, one would have hoped that the US defence security systems would have been secure. Seems the kid used "readily available" ie known tools to break into the network.
Would be nice to think that the US security people have plugged the holes, until the next time some kid happens across them.
Justice was served as he helped UK security and US "security" services from the outset...
92. Vancouverite
Appears that the U.S government DoE IT department is a laughing stock. After all an eighteen year old "script kiddie" owned the network and only used it file storage. In typical American style the finger is pointed somewhere else with righteous indignation even though the emperor has no clothes... *again*
93. Shane C. Mason
You guys republicans or something? Kick any puppies on your way to the slaughterhouse today?
94. Chris McKay
You've got a lot of nerve calling British justice a laughing stock when OJ gets off and you fry people to death. Barbarians.
(Ed note. silicon.com is based in London, England, where we neither "fry people", nor had any say in the OJ Simpson case.)
95. Roberto
Your comments about the quality of the British system are an absolute load of rubbish. America's origins are after all British, and it is America that has distorted a sense of fairness into a paranoid and pathetic parody of commensense. It should rather be the administrators of the system that was hacked who should be locked up behind bars! Imagine: all it took was a 16 year old kid to penetrate a system that is supposedly managed by professionals. It's about time America lost its arrogance.
96. Reg Phenna
Not really telling all here are we?
Did he hack in to cause a disaster or to steal nuclear secrets?
Nope, he hacked in for some storage space. Now come on give the guy a break, he got 200 hours and helped to point out some severe security weaknesses for the company.
97. anonymous
http://www.silicon.com/hardware/storage/0,39024649,39118133,00.htm
The original story on which this ranting "leader" seems to be based. Rather more factual and not *quite* as biased.
I could be wrong but I thought it was traditional for article writers to put in links to related stories - especially in comment. If I am wrong, wouldn't it be a good idea?
98. Michael Mounteney
Ha ha ha. The usual sanctimonious, hysterical, hypocritical ravings of a country caught with its pants down yet again.
99. Tom Welsh
If this system was significantly involved with nuclear, defense or suchlike activities surely its security should have been strong enough to keep out casual amateurs looking for a place to store their music?
Which is guiltier, the kid who finds an open door, walks in and stashes his music collection - or the highly-paid, highly respected government officials who let him do that?
It is now getting on for 15 years since Clifford Stoll revealed, in his book "The Cuckoo's Egg", that a high proportion of US federal government and military Internet sites had disgracefully bad security. (For instance, over half of VMS systems still had the default password "Manager" for the root "System" account).
The security level of a site should be appropriate to its sensitivity. If a break-in might cause really serious harm, it should not be physically connected to the Internet at all.
100. R Speight
At least the British Justice system can be bothered to take people to trial. No doubt the US system would decide that this was a terrorist related incident, and that McElroy was an 'unlawful combatant'.
101. anonymous
Lighten up - hysterical reactions like yours are the laughing stock.
Let the punishment fit the crime.
With security like this who needs enemies? He's done them a backhanded favour - if anything they owe HIM - they would have payed as a bona fide Security Consultant thousands to discover these weaknesses.
He was 16 when he cracked the 'security' system and began to store films and music on some disk space he carved out for himself.
Let's hope Al Quaeda hasn't recruited a small army of schoolboy hackers or
we've really got problems.
102. dreadful scathe
"Similar penalties should be applied to someone breaking and entering"? errr.. no on lives inside a computer so there are no emotions involved, its traumatic to be face with a burglary of your house - a commercial computer system is hardly the same thing. Also, in this case he passworded areas and uploaded files - would you liken that to a burglary where the intruder stores objects in one room of your house but doesnt take anything?....it doesn't really match on a like for like basis does it? IMO The sentance was perfect for the crime. "laughing stock"? the article author seems to be the only one who thinks so.
103. Steve Truss
Typical! As usual an American dishing out insults and rubbish about the English. If it were YOU in McElroy's shoes, I wonder if you'd still be saying the same things!?!? I think not.
104. StOo
American computer security a laughing stock
If computer systems at the DoE are easily crackable with "readily available hacking tools" (which is what McElroy used, he's no master hacker) then surely the only thing that is a laughing stock is the DoE's competence regarding their ability to secure their network.
Rather than being too lenient I think this is one of the few cases where the punishment actually fits the crime. He wasn't out to commit terrorism or willfully disrupt a US government network. He had no intent to cause harm.
If this doesn't shake up US government departments to properly secure their critical networks then they deserve every hack they get.
105. anonymous
I agree. They were attackable, so were attacked. Don't complain, fix it! And be happy this guy wasn't a terrorist... Hire him!
106. Jake Waldo Smith
girl: "I have a Bomb"
US Judge: "your free to go"
Who's the laughing stock??????
107. anonymous
Has the author of this article actualy read the judgement? This is an example of fair, unbiased British justice.
108. anonymous
At last, a judge with a sense of perspective, which is more than can be said for your rabid article. I’m frankly surprised that you fail to appreciate the difference between a hacker and someone who writes a highly destructive virus.
And as for British justice being a laughing stock – better that than an international disgrace, like US ‘justice’.
109. Chris Cormack
He was being put on trial, not the entire hacking community. The idea of the sentence is to stop him doing the crime again, not to put off other hackers. I think that the sentence is right based on what he actually did. I don't think he'll do something like this again...
110. Anoniempje
Image this:
I leave my front door open when I leave.
At the end of the day I come home to find my place completely cleaned out.
I call the police and the blame me for leaving the front door open.
My point is this.
If something like this happens on computer systems, the people who use the opportunity are suddenly to blame?
Better improve security, or disconnect the systems from a public network!!!
111. anonymous
This is a typical comment from a country which has redefined paranoia, you guys have really lost the plot! The real issue is how a 16 yr old managed to break into a supposedly secure environment. UK justice rules!!!
112. anonymous
We really ought to look at the facts before demanding blood.
1) He was only 16 when it happened.
2) He *did* sanction off a section of the network although he used it for warez, etc and didn't go through looking for 'classified' (that could mean anything coming from a government that has taken it upon itself to protect the entire world from itself) data
3) He admitted what he'd done from the off and helped the investigation of the incident
4) see 3
113. dreadful scathe
"Similar penalties should be applied to someone breaking and entering"? errr.. no on lives inside a computer so there are no emotions involved, its traumatic to be face with a burglary of your house - a commercial computer system is hardly the same thing. Also, in this case he passworded areas and uploaded files - would you liken that to a burglary where the intruder stores objects in one room of your house but doesnt take anything?....it doesn't really match on a like for like basis does it? IMO The sentance was perfect for the crime. "laughing stock"? the article author seems to be the only one who thinks so.
114. Ged
The British justics system can be seen to be a laughing stock at time, but McElroy is not a criminal in the way that drunk drivers, wife-beaters, drug pushers and kiddie rapits are. Any more of a sentence in his case would have been pointless, fining him what he would not be able to pay for a number of years, sending him to jail where he could network with real crims and come out more connected and ready to do real cyber crime would be stupid.
Then there is the real criminal behaviour of the people who did not adequately protect the network in the first place, so McElroy was able to hack it with readily downloadable hacking tools. Especially as this is a Department of Energy facility. When shall we start seeing sys.admins prosecuted for negligence? There is a shocking variability of skills in the IT sector in adminstration, project management and programming that is responsible for millions of pound of criminal negligence every year. There is no point bitching about script kiddies and IT outsourcing when we can't even clean our own house.
115. Craig
Away you go. I bet you'd rather have seen him frying in the chair after receiving some good ol' fashioned US-justice. Or maybe just held him without trial on Guantanamo bay for years.
The kid, and yes he was 16 at the time of the offences, simply used existing hacking tools to set up a small warez store for him and his friends.
If your strung out government departments thought this was an act of terrorism then that is their fault. In this case the punishment fitted the crime, given the circumstances of the case (and especially because the defendant pleaded guilty, helped with the enquiry, didn't access any confidential information, and was a freaking kid at the time).
Jesus, next you people will be locking up stroppy British teenagers who pretend that they have a bomb in their hand luggage.
GET SOME FREAKING PERSPECTIVE. AMERICA IS A SAFE PLACE. YOU EXPERIENCE ZERO TERRORISM IN A TYPICAL YEAR. THIS HAS NOTHING TO DO WITH 9/11.
116. Greg Striplin
Perhaps you want to send him to 'Gitmo' with no trial at all?
The punishment here fitted the nature of the crime - it's in no way comparable to the damage done by the recent spate of viruses. The British Legal system is not here to carry out US Government or Business policy (that's Tony Blair's job).
117. Gary
What are you rambling on about???
Are you seriously copmaring this guy who basically was just a warez gimp is really a virus writer and cracker!?! - all i can say is apples and oranges.
The security before the incident must have been lax - you would like to think that they would have a good security on such an important system.
All i can say is: "time to unsubscribe"
118. Nobbin
Well that is a rather stupid take on an otherwise very appropriate sentence.
I say the UK is leading the world with *sensible* law enforcement. Not like us who send young kids to prison for computer pranks but lets violent crimials walk free...
119. Jason Shields
"British Justice a laughing stock"
Lmao. Guantanamo Bay anyone?
Typical skewed story from a f***wit. If the US Dept of Energy is incompetent enough to have rootable boxes connected to a public network then they deserve everything they get.
The kid was a script kiddie, he got caught and he no doubt sh*t himself. I very much doubt that he'll try anything like this again.
Now, instead of writing drivel in a pathetic and misguided attack on the British Justice System, why not put your mediocre writing skills to use writing about your cretinous President and his entourage - people who are far more dangerous...
(Ed note. silicon.com is a UK company based in London Jason. In the UK - as you should know, we don't have a president, we have a Prime Minister - as such we're not sure your previous comments are really all that relevant... though thank you for taking the time to write in.)
120. Chris Coenbe
The real problem here is that these computers had poor protection and the government should accept the blame for this instead of seeking revenge for their hurt ego. It worries me that nuclear facilities which, according to the article, control Americas weapons of mass destruction (yes: WMD!) can be so easily taken over. What would have happened if a real terrorist got into these computers?
121. anonymous
Lots of comments, all in defence.
The matter is he inentionally bypassed the existing (although minimal) secuirty which was breaking and entering. He was also Cyber-Squatting. Who knows if data was copied, sold etc. He only says he used space.....could be more to it.The lenient sentence now lets others know they can get away with it......
Watch your spaces.....you systems could now be targets....but that's okay then, you have said so.
122. anonymous
Hacking and inept security aside.. He was storing warez/music? Nothing seems to have been made of this..
123. anonymous
I completely agree. Many crimes of violence also receive pathetic sentances. I always contrast the attitude of US judges to a variety of similar crimes in comparison to the sentances here in the UK, at least a real punishment/deterrent is meted out in the US.
The majority of UK right minded people would like much tougher sentancing and the New York et al 'zero tolerance' and more police on the streets scenario.
124. Osama
Hello,
My name is Bin Laden. Could someone pass me the address of this young boy?
125. anonymous
Can we just clarify something for everyone here - the silicon.com editorial team are all British and we are based in the UK.
126. Werner
Seems to me some people are missing the bigger picture. Hackers/virus writers are not doing the world economy any favours. Companies and normal citizens are spending billions of their hard earned cash to protect themselves against these criminals. The next time Bush as a few dollars to spend, will it be appropriated to the homeless/medical care etc. or will he use this act to increase security spending ?. So some people still think this 18 yo should get a medal ?
127. anonymous
right enough: you americans would probably have hung him or gassed him or lethal injectioned him!!! thats justice???
(Ed note. Which Americans exactly? You should probably know silicon.com is a British publication, based in London - always has been.)
128. Mark Webster
I can't believe what i'm reading, this report is so biased, and plain wrong in some case, it's quite shocking, for a start the kid was only 16 when he did it, not 18, his crimes didn't "include" hacking into the DoE, it was his only crime, he didn't once access and classified documents, he was just looking for somewhere to store some files and stumbled accross an un-secure netowork that he assumed was a college or something, he pleaded guilty and help police with their investigations from the off, i'm not condoning his actions, i am however applauding the judge for seeing he had no mallicious intent and sentencing him accordingly, and the "repair bill" the DoE were claiming for was probably the cost of making their network as secure as it should've been in the first place
129. anonymous
He was 16 wen he commited the offence. And (although the article chooses to ommit this and several facts) he did not access any 'secure' areas, merely used the systems bandwith for file sharing. Do you still think this is a custodial offence. Also the American justice system is a mockery, the poor are helpless and the rich get away with things because they can afford to. The real crime here i how a (and i'll say it again) SIXTEEN year old managed to breech something that should be secure.
130. anonymous
So far as I know there is nothing to stop Fermi lab taking out a civil action for damages. Similarily, the holders of the copyrighted material which he was distributing could take out an action.
131. Michael Renwick
Disagree entirely with the opinion stated. The boy cooperated fully with the police, and did nothing that could be remotely called malicious.
Jailing him, subsequently, would have had no benefit other than to ease the hurt ego's of the DoE.
No hacker will see this as license to hack; the leniency was very clearly linked to a specific set of circumstances that any malicious hacker could not have demonstrated!
132. Dave Beall
Please People! WAKE UP! The only person that should be in court is the Administrator of the site that was hacked for lack of security. This site is a danger to us all and should be taken down if not secure from TEENAGERS ! This kid is no criminal......The crime is lack of security by site administraters. Especially with all the recent awarness on this issue. PUNNISHMENT?
I say the court should force the site off line for __ months, the judge can decide. I also think the judge should require the site to pay for all court costs and a fine. The fine would be for opperating in an insecure server.
Thankyou for publishing this story, if only to exspose the FACT that the us tax dollars are waisted by us government agencies.
133. Joanne Doherty
Silicon, this article is a reactionary piece of c**p.
Has no-one heard about the New Zealand student, Bruce Hubbard, who wrote a email to the local US embassy protesting against the US napalming civilians? (http://www.scoop.co.nz/mason/stories/HL0310/S00262.htm). An female embassy official was upset at the email, the police were contacted and the guy has been charged under the Misuse of the Telecommunications act, with anti-terrorism charges yet to follow.
My point is that the US is becoming increasingly authoritarian as regards international relations. No-one is permitted to disagree with the US, criticize it, or expose any of its flaws in any way. So much for its democratic ideals and enshrined right to free speech.
134. joanne doherty
Dear Werner, with due respect it seems to me that you are missing the bigger picture.
Methods of global terrorism are changing and attacks are expected to increasingly take place on computer systems which may devastate worldwide economies and create major world problems.
Where a major superpower has glaring glitches in its security policies, I'd prefer them to be exposed by an innocent 16 year old schoolboy rather than someone who was intent on doing some real damage.
Given that states and companies don't seem to take security seriously, it is only a matter of time before a someone does some real heavy duty damage.
135. Werner
Joanne, I agree that it is fortunate that this 16 yo was the one to show up the security flaws and not a malicious hacker. But you can hardly call him 'innocent'. Software piracy and hacking are still criminal offences.
A lot of people on this MB seem to think that he should have been acquitted. My concern with the sentence is that it sends out the wrong signal. As you rightly say 'attacks are expected to increasingly take place on computer systems'. Therefore I would like to see this behaviour being strongly discouraged.
How much of a financial burden will the US/UK tax payers have to endure because Bush/Blair went to war because of a perceived threat ? If companies/government’s have to increase their security expenditure, they will eventually pass it on to their customers/tax payers. That is the bigger picture.
136. Orville Gonad
Interesting to note that as usual, the most outraged responses seem to come from Directors & MDs - the same bunch who underfund & underspec any project they then steal any credit (& spare budget) for, while passing the buck like a warm dog turd if it falls down. Don't leave the door unlocked, take the keys home in your company car then blame the night watchman when your stapler's missing in the morning. These are the people who bitch about the losses to British Industry when their employees get colds in January or it rains for 2 days in a row. Spare limbs the lot of them!
137. anonymous
Did any of you realize that the hacker could have targeted our Classified computers? The U.S. officials most likely had many firewalls and many other defences but nomatter how good a computer can get humans will always get better.
138. anonymous
For the many posts I read until I realized how many there were there were some saying the boy should be praized. That's like me burning down a home and saying "Hey, It could happen any day, I just wanted to show you the vulnerabilities. Now that this boy has pointed out this, don't you think just a few terrorists may have heard something about this!? If that boy did have evil intents he could have kill all of us.
139. Frank
To the author: Many sane points have been made here.
My opinion is that the punishment should fit the crime and that extenuating circumstances should always be taken into account when doleing out punishment.
I have some questions that the author might like to reflect on.
Would it be fair for this student to have his life ruined for his mistake?
Of course what he did was illegal and ought to carry some penalty, but to destroy someone's future over it is totally pointless. The suggested punishment might have permanently denied society of his talents and scarred his entire youth. His punishment was determined by his means which seems much fairer.
Do you believe children should be tried as adults? I don't think any reasonable person would hold this view.
Do you think that there is no room for clemency in a justice system - particularly when the offender has cooperated and shown remorse?
How can you possibly draw a fair comparison between the author of MyDoom and McElroy?
One is a malicious virus writer, whose efforts have affected people on a global scale and has caused £/$millions in damage. McElroy on the other hand is a bored hacker who accessed somebody else's server space for personal use.
Some people have argued that the point is not what he *did* but the potential for what he *could* do that is the issue here.
Assuming for a moment (although this hasn't been detailed adequately) that he was in a position to do serious damage or theft; How can you possibly punish someone for what they *could* have done? That is patently absurd.
You go on to say, that this one example demonstrated a failure of the entire legal system. Does this strike you as a gross generalisation in any way?
If anything, I believe this example has shown the wisdom and strength of character of the Judge who was able to decide on a fitting punishment based on the options available under the law and the case evidence before him.
If people of your opinion would revise their thinking, I think we'd be living in a slightly saner world.
140. anonymous
The attackee has pointed out that they are not a US nuclear facility. In any case, it is up to them not to have such a sloppy system that a dumb teenager can hack inro their system to use a bit for file storage. Just because Americans scream like an elephant who's seen a mouse any time anything twitches and might be --ooo--dangerous doesn't mean that other countries need to get hysterical as well. If the kid had stashed CDs in the back of someone's warehouse, he would have got community service. Get a sense of proportion, please.
141. Greg Fearn
If I leave my car unlocked and have a laptop pinched, should I then congratulate the thief on exposing my mistake and hire him to advise me on how to lock the door?
142. joanne doherty
Werner, I don't think the UK and US went to war because of a perceived threat. They went to war for other reasons. It was blatantly obvious all along that the "perceived threat" was merely a PR story to disguise their real reasons and persuade the public that it was worth the human sacrifice and money required to declare war.
To address what you're saying though, think of the economic costs to the taxpayer if a malicious hacker or terrorist was able to wreak havoc on world banks, govt bodies, financial institutions etc. I am sure you can think of several disastrous scenarios.
He may not have been entirely angelic but perhaps this will come as a wake up call to remind people that security is important.
143. joanne doherty
Werner, I don't think the UK and US went to war because of a perceived threat. They went to war for other reasons. It was blatantly obvious all along that the "perceived threat" was merely a PR story to disguise their real reasons and persuade the public that it was worth the human sacrifice and money required to declare war.
To address what you're saying though, think of the economic costs to the taxpayer if a malicious hacker or terrorist was able to wreak havoc on world banks, govt bodies, financial institutions etc. I am sure you can think of several disastrous scenarios.
He may not have been entirely angelic but perhaps this will come as a wake up call to remind people that security is important.
144. BRIAN BURRIDGE
I AGREE WITH REG PHENNA
NEVER MET THE GUY, BUT SEEMS AWFULLY
NICE, GOOD CHAP,SOUNDS LIKE EX RAF...
NICE COMMENT REG....
145. Peter Nelson
How reassuring that most of the comments on this leader article are more balanced and well-thought-out than the article itself. A sensible punishment for a minor offence was handed out: let's not allow Bush's new hysterical America to cloud our sensible British judgement and common sense.
146. Michael Grazebrook
I agree, the comments are more balanced than the article. The judgement seems reasonable to me. Alas the real criminals got away.
IMO the really dangerous (criminal?) negligence is the US Government for allowing secrets of this kind to be accessible on public networks. Thank God it was uncovered by a dumb graduate not a terrorist. As far as we know.
147. Mark
This story and the reaction to it is hilarious on so many levels.
Firstly British justice a laughing stock? NO SH*T SHERLOCK we've known that for donkeys.
Those of you that are shocked and outraged that this kid got into secure military sites shouldnt be. This has merely highlighted something that has been an issue for years.
I'd be willing to bet this kid didn't even know what he'd penetrated till he got nicked!!!
Scary though isnt it!
148. Mark
"I agree with those on McElroy's side. The onus is on the site managers to make it secure - they can't depend on stiff sentences to deter those with seriously malicious intent. McElroy did them a favour by showing how useless their security is. I'd compare his actions to someone breaking into a nuclear base - and then pitching a small tent. Osama Bin Laden he ain't."
Ok he may not be a terrorist and he didnt steal anything but the facts are clear he broke the law. Namby pamby sentancing like this is wrong jail should be a detterent and time inside should be hard time and until it is criminals will be prepared to break the law.
Furthermore the excuse that they should have better defended themselves is pathetic in the extreme.
So if this kid could pick locks and had picked your door lock looked round your house, left something in your house, later you caught him but that was all your fault cos you should have bought a lock he couldnt pick??????
So you would have been happy he got cummunity service under those circumstances would you? I doubt it
149. anonymous
It's the US which is the laughing stock here surely? A 16 year old kid can hack into America's national defence system and access nuclear secrets? I imagine the judge was probably laughing at America, not the other way around. Personally I can't stop laughing about this. "Hey, please stop hacking into our national defence network or we will REALLY get angry"...how can the US keep fooling themselves that they are the world's most powerful nation? I wouldn't let the US government wallpaper my spare room.
150. george dundon
Perhaps the Judge was right.
What need is there or justification for such important information to be in any way connected to a public network.
If the nuclear facility had left its doors open and somebody walked in, there would be immediate outcry and any court would take lax security into account when sentencing.
Its time that we started applying similar security concepts to our sensi
tive data.
I will warrant that >95% of all of the networks in the world are connected by some means or other. No wonder we get hacked. It is time the IT community stopped bleating and started taking responsibility for our own issues.
Security is easy, but a little inconvenient.
151. Genome
Just because 'kids' hack into these computer systems doesnt mean that the IT departments are the ones to blame. Most of the time it it a fault on the Software vendors side that allows for these 'kids' to 'hack' in. Also many of these 'kids' have an extremly high IQ, one that would astound most of the ignorant fools reading this. The average 'kid' is not a hacker at all. The 'kids' that hack into these systems are extreemly intelegent not just for their age either.
152. anonymous
Isn't prevention better than cure?
The servers weren't running Microsoft apps, perchance? May explain why a sad little limey has the ability to get into systems of the superpower.