Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

Hacker TinKode arrested for NASA and Pentagon attacks

Romanian Razvan Manole Cernaianu, 20, accused of revealing security holes and publishing information about SQL injection vulnerabilities

By Taylor Armerding | CSO | Published: 10:37, 16 February 2012

Hacker TinKode has been arrested by the Romanian police after the 20-year-old bragged about hacking into Pentagon and NASA computer systems.

Razvan Manole Cernaianu, 20, is the second Romanian to be arrested following that of 26-year-old Robert Butyka, who received a three-year suspended sentence for hacking multiple NASA servers. TinKode has previously claimed credit for hacking the MySQL website with an SQL injection attack last year and the Royal Navy website in 2010.

TinKode is now accused of revealing security holes and publishing information about SQL injection vulnerabilities in NASA and the Pentagon.

'Advanced hacking tools'

The FBI and NASA assisted in the investigation. The US Embassy in Bucharest said that Cernaianu used, "advanced hacking tools to gain unauthorised access to government and commercial systems".

Cernaianu allegedly hacked into a computer server at NASA's Goddard Space Flight Center last April, and posted a screen grab that showed files connected to confidential satellite data.

Anthony M. Freed, managing editor of Infosec Island, said that TinKode is known to have taken advantage of several well-known vulnerabilities that many of his targets should have resolved before he exploited them through SQL injections - a technique many security experts now derisively call 'Hacking 101'.

"His targets tend to be large entities that undoubtedly have complex network deployments and multiple interfaces for third parties like contractors or client bases," said Freed, "which provide a higher product probability of his finding unprotected points of entry."

Hacking 101

Freed said that penetration by a determined hacker is almost guaranteed in networks of this size.

"They should focus on detection and data protection within the networks," he says, "while working under the assumption that they will not be able to prevent all breach attempts.

"Advanced monitoring systems, appropriate data classification, and secondary authentication protocols for access to the most sensitive information is critical both for detecting an intrusion and slowing hackers progress. This can buy the needed time to lock down the compromised system and prevent data theft."

Gary McGraw, CTO of Cigital, says if TinKode didn't want to get caught, he should not have been bragging so publicly. "If you go looking for attention, you're probably going to get it," he said.

McGraw says the damage caused was probably minor. "But, to get past all of these silly problems, agencies like these should build systems with security in mind in the first place. Right now they are trying to fix broken systems."

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.