To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39166916,00.htm

Gary McKinnon: Hacker 'damages' are exaggerated
But he would say that, right?

By Will Sturgeon

Published: Friday 27 April 2007

Businesses are exaggerating the amount of damage done by hackers according to a man with more than a little vested interest in the issue – the so-called 'Nasa hacker' Gary McKinnon.

McKinnon is currently awaiting extradition to the US for allegedly hacking into 97 US government computers, including military and Nasa systems.

In total it is claimed McKinnon did around $700,000 worth of damage but McKinnon said that figure is in line with a tendency on the part of organisations to exaggerate damages.

Speaking at the InfoSecurity show in London McKinnon said of his own case: "In order for it to be an extraditable offence I was told you have to have done $5,000 worth of damage to a PC. I found out I had apparently done at least $5,000 worth of damage to every computer."

Commenting on the high figures, he added: "Now they're obviously not shopping in PC World, are they?"

Although McKinnon has a clear interest in claiming those damages have been exaggerated, Peter Wood, an 'ethical hacker' and penetration tester from First Base Technologies who took part in the InfoSecurity show's hacker panel, supported the argument that businesses are prone to exaggerating the costs they incur and suffer around a cyber attack.

He said in part this is due to ignorance and a lack of understanding of the issues.