Victims of hacking attacks are routinely overstating the damage costs and, in the case of Gary McKinnon, may be using them for other purposes, according to experts.
Speaking at the Infosecurity conference, McKinnon stated that the damages being claimed by the US government have been overstated and are being used as an extradition tool.
His comments came during the Hacking panel that closed the security event in London yesterday.
"The US government overestimates damages. To extradite someone they have to prove the crime has cost at least US$5,000 or would result in at least one year in prison," he said.
"I was charged with causing US$5,000 worth of damage to each computer I accessed. I do not know where they got that figure from but they are not shopping at PC World."
McKinnon is not alone in this assumption. Another hacker, known only as 'Mark', detailed a case in which a legal firm had been hacked in an attempt to find information about an ongoing case.
When the perpetrators were caught the firm tried to claim £10,000 (A$24,120) per server, an amount thrown out by the judge.
"It does not work like that in crime. You get only the damages done. That was done in Gary McKinnon's case as well," said 'Mark'.
"The US included the cost of investigation of the case, which was paid for by the taxpayer in the form of police funding anyway."
Hacking damages 'routinely' overstated
By Iain Thomson on Apr 30, 2007 11:21AM