Evidence supplied by the US authorities to the UK to support legal proceedings against Pentagon Hacker, Gary McKinnon, relies on hearsay and may be impossible to prove in court, according to an internal Crown Prosecution Service document.
The document obtained by Computer Weekly calls into question the forensic evidence supplied by the US to link McKinnon to hacked US military systems. It casts doubt on claims that McKinnon's activities damaged thousands of US military computers.
The document, Review Note 3 - 26 February 2009, was complied by Russell Tyner, lawyer for the CPS's Organised Crime division for the Department of Public Prosectutions.
The DPP used the review to support its decision of 26 February not to prosecute McKinnon in the UK. It concluded that there was not enough evidence.
The document highlights a series of gaps in the evidence supplied by the US to the UK, to support McKinnon's prosecution.
The gaps include:
- Proof identifying each of the computers hacked
- An image of each computer
- A forensic report of each computer, linking access and file modifications to McKinnon
- Evidence to prove that accusations made against McKinnon were not merely hearsay,
- Evidence that McKinnon's activities caused impairment of US systems
- Evidence that his activities left computers vulnerable to intrusion.
When considering "McKinnon's alleged criminality", the DPP reported a "disparity" between "that which it would be possible to prove" and the allegations against him.
There was also a disparity between the allegations against Mckinnon and that which "the American authorities would appear to be able [to] adduce in evidence in the United States."
Edward Fitzgerald QC told the High Court yesterday that the DPP document demonstrated that the US allegations were "inflated", "extravagant" and "not justified".
A US Navy special agent had supplied a statement to support an allegation that McKinnon had "rendered some 300 computers inoperable immediately following September 11th" in a cyber attack on US Weapons Station Earle.
McKinnon's actions "prevented access to some 2000+ computers belonging to the US Army for 24 hours causing significant disruption," it was claimed.
The DPP said of the US evidence: "All of this is hearsay with insufficient information to seek to adduce it evidentially".
Of this and other witness statements supplied by US special agents in 2002, shortly after McKinnon's arrest, the DPP said: "They all tend to refer to reports concerning the examination of machines by others and their statements contain a lot of hearsay… it is not necessarily possible to ascertain how much of this material may be admissible."
These statements were the basis on which the US had justified its allegations that McKinnon's hacking "amounted to an attack on the critical infrastructure of the USA" which was "intentional and calculated to influence the US government by intimidation and coercion."
The DPP provided a long list of areas where the US evidence was inadequate. Computer forensics would be required to link McKinnon to the computers he is said to have hacked, and to the damage he is accused of causing, it said.
The DPP said US evidence also lacked: "some evidence of compliance with ACPO standards concerning the examination of digital material or sufficient to prove the integrity of the forensic image."
There was no evidence that the computers McKinnon hacked were high security military systems housing sensitive information and not merely low-security administrative PC nodes on the edge of the vast US military-industrial network, the report said.
McKinnon's application in the High Court for a judicial review of the DPP's decision not to prosecute him in the UK continues.