TinKode arrested for suspected hack of NASA and Pentagon servers

Filed Under: Data loss, Featured, Law & order, Vulnerability

TinKodePolice in Romania believe that they may have apprehended the notorious hacker TinKode, who in the past has hacked into government and military websites, exposing their poor security.

The 20-year-old man, named as Razvan Manole Cernaianu, allegedly attacked Pentagon and NASA computer systems, revealed security holes, and published information about SQL injection vulnerabilities he had discovered.

The Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) has said in a statement that the alleged hacker also offered a computer program to hack into websites on his blog, and published a video showing internet attacks he had orchestrated against the US authorities.

TinKode's targets were not just based in the United States, however. For instance, in November 2010, the British Royal Navy's official website was compromised by the Romanian hacker, who claimed to have exposed the site's passwords.

Royal Navy website

And last year, MySQL's website was hit by - oh, the irony.. - an SQL injection attack.

Associated Press reports that the US Embassy in Bucharest claimed that Cernaianu, who is reportedly an IT student, "used sophisticated hacking tools to gain unauthorized access to government and commercial systems."

That may be so, but in my estimation over the last few years TinKode's motivation has been more about mischief-making than the more malicious attacks we often see, fueled by a desire for publicity via his active Twitter and Facebook accounts.

Perhaps now is a good time to remind everyone who thinks it's cool or amusing to expose an organisation's weak security that hacking into a site is still a crime, regardless of what your incentive may be.

DIICOT is said to have worked with the FBI and NASA on the investigation.

, , , , ,

You might like

15 Responses to TinKode arrested for suspected hack of NASA and Pentagon servers

  1. Burvan · 910 days ago

    the security services should hunt them down, then use there skills them selves.

  2. Snuggy · 910 days ago

    I think he should of stayed 'underground'.

  3. VFAC · 910 days ago

    This relationship between Romania and the US is producing quite a lot of action.

    In the last 6 months they have detained and/or prosecuted Adrian-Tiberiu Oprea,Iulian Dolan, Cezar Iulian Butu, Florin Radu, Robert Butyka, and Victor Faur.

    I don't think anyone has seen any prison time. Som e large fines were handed out though.

  4. steph · 910 days ago

    the incentive would be that they get jobs from major companies like google. These malicious people never get punished the way they really would if they were actually taken seriously as criminals.

  5. Florin · 910 days ago

    "Perhaps now is a good time to remind everyone..."

    Perhaps not. If you leave your door open and a guy enters your house and tells you - "hey, your door is open", is this a crime ?

    If he steals or does some serious damage, than I guess it's a crime. But if he only did this to expose security flaws, than I think he should be released with a warning and given a proper job.

    Either way you put it - it is a cool thing. It's even cooler because it's illegal.
    There are countless movies and books in which 'hackers' are shown as god-like geniuses who either help save or destroy the world.
    Any teenager would love to play that role in real life.

    • SEB · 909 days ago

      How about if the guy walks in, looks around, then goes back onto the street and shouts, 'Hey, everyone, there's nothing stopping anyone from robbing *this* place!'

    • Ronnie · 909 days ago

      How would you like someone walking in your house and getting your bank account information? They don't have to do anything with it. However, it causes you a lot of grief, time, money, and action to make sure that information is not accurate anymore.

  6. Simon · 910 days ago

    Are you sure NASA worked on this investigation? It's a bit outside their brief. Perhaps you meant the NSA?

    • I think the implication is that NASA (who were one of the alleged victims of a hack, as we have previously reported) provided information which assisted with the investigation.

      Sounds plausible to me.

  7. roy jones jr · 909 days ago

    As Mr.Cluley said its still a crime. Apparently some people still believe the whole "doing bad is easy". How about these computer intrusion experts use their talents for improvement in the industry rather than tainting their their profession. in my eyes they're noobs.

  8. Paulo Santos · 909 days ago

    The technique used by him is very simple. He used automated scanners, like some from Backtrack and WebCruiser and Acunetix. Then he used tools like sqlmap, Havij, SQL Helper, sqlfuzzer.py and m4x. After this he tried to extract information.

    In this same way millions and millions of credit card are stolen every year in all the world. He is a good boy, he could steal much and sell many information. He is a good guy.

    • Donald · 907 days ago

      Automatic scanners only superficially scans and not for specific information. backtrack and webcruiser basically only allow one to revisit a web site source. sqlmap and SQL Helper, comon, are you kidding? One would need to rewrite some of the SQL and have knowledge of the MySQL server on which they want to introduce the material. It would require quite a bit more than simple technique to introduce oneself into even a simple server security system.

  9. Beard CEO · 908 days ago

    I've chased and hunted down many Romanian "hackers". Many are not sophisticated, but think Romania is shielded from the authorities. The last guy I hunted down had 100% legit info on the WHOIS for his .in domain until finally after taking his domains, C&C servers down I started going after individual IP addresses who put pressure on his C&C hosting provider until the guy finally pulled the plug.

    His name is "Poko" and all he does is remote file inclusions.

  10. Ruo · 905 days ago

    Romanians are geniuses ! TinKode free !

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.