A Pakistani student accused of illegally controlling over 100,000 computers has lost his bid to prevent extradition to America.
Usman Ahzaz, 24, came to the UK to read for a degree in information systems and computing. Having lost his appeal, he will now be surrendered to the US in order to stand trial on charges relating to computer hacking. If found guilty, he could be imprisoned for over 12 months.
Mr. Ahzaz is accused of installing what he believed to be a malicious computer code into certain computers in exchange for $600 US dollars. In truth, the harmless code was given to him by an undercover FBI agent as part of a “sting” to capture computer hackers.
Mr. Ahzaz successfully installed the code, and was reported to have “surreptitiously controlled” over 100,000 protected computers, 800 of which were located in the United States. Protected computers include computers used for interstate trade and communication.
It is thought Mr. Ahzaz used a “botnet” to carry out the installation.
A botnet is an amalgamation of the words ‘robot’ and ‘network’, so called because it creates a network of computers. It does this by infecting them malicious software, or ‘malware’ for short. The malware enables the computer to be controlled remotely, like a robot.
Mr. Ahzaz’s extradition order was given by Home Secretary Teresa May in May 2012, after his arrest by UK authorities on behalf of the US. Mr. Ahzaz appealed against the order in London’s High Court, but his appeal was dismissed.
Mr. Ahzaz’s lawyers argued that the seriousness of the charges was not worthy of extradition. Lord Justice Gross, sitting with Mrs. Justice Gloster, found that though the code Mr. Ahzaz installed was not malicious, he believed it was. Therefore, the request was “focused on attempted [damage] rather than the causing of actual damage.”
The UK and the US have an extradition treaty (the ‘UK-US extradition treaty’), which has been criticised because it allows the United States to extradite those having committed a crime in US law, even if the offence was committed in the UK by a UK citizen. Mr. Ahzaz’s extradition order was made easier by the 2003 Extradition Act, which made the treaty possible in UK law.
Extradition is often the only option to make sure hackers who have committed cyber-crime on an international scale stand trial. It is incredibly hard to prosecute foreign nationals, and often there are legal difficulties in bringing evidence of cyber-crime in one country to another.
This was the case with Gary McKinnon, described by one US prosecutor as having committed the “biggest military computer hack of all time”, who recently avoided extradition on human rights grounds, and then evaded prosecution in the UK because the evidence of his activities was in America. However, it is suspected naive motives played a part in dropping legal proceedings: Mr. McKinnon was looking for evidence the US was suppressing free energy and was in contact with aliens.
Mr. Ahzaz’s extradition means that the seriousness of cybercrime is being acknowledged. This week, the Financial Times reported that according to Government Communications Headquarters (GCHQ), attacks on government departments and companies rose from two a day in 2010 to 500 a day in 2012. One can safely predict that the UK will echo measures the US has put into place to secure itself in the near future.