Romanian NASA hacker gets suspended three-year sentence

Romanian NASA hacker gets suspended three-year sentence

Apollo astronautA 26-year-old Romanian man who admitted to hacking into NASA servers has received a three-year suspended prison sentence, while his legal team is challenging NASA’s damage claims of $580,000, according to a media reports.

The convicted hacker, Robert Butyka, was arrested by prosecutors from the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) on November 15th, in his home city of Cluj-Napoca, Romania.

According to news reports, Butyka was charged with breaking into a computer system; possessing hacking tools; and modifying, damaging and restricting access to data without authorization.

During the first trial hearing on January 10th, Butyka admitted hacking several NASA servers starting on December 12, 2010.

The court in Cluj-Napoca on January 17th sentenced Butyka to three years of suspended prison time with a probation period of seven years. He can appeal the sentence within 10 days.

The Romanian court has formed a separate case to determine damages. That will be tried in a civil court on March 13th, giving NASA time to prepare evidence.

Would the hacker have received a weightier sentence were he to be tried in the United States?

Nah. According to Kelly Law Firm, current sentences for first-time offenders for a number of provisions relating to damaging computer systems max out at one year of jail time.

However, US penalties for criminal hackers would be turned into more meaningful punishment if the Obama administration gets its way.

Back in May 2011, the White House presented a legislative proposal to Congress in which it requested that the mandatory prison sentence for those who breach and cause substantial harm to critical infrastructure systems (those systems that manage or control national defense, national security, economic security, public health or safety) be increased to a minimum of three years.

Law enforcement provisions related to computer security

The list of requested changes [PDF] to laws governing hacking includes the seizure of the equipment used to commit the cyber crimes – i.e., get ready to lose your gear, crooks – as well as anything the crooks got from their schemes by way of profits or goods.

Mandatory imprisonment of three years and loss of equipment: Is even that enough penalty to deter hackers? Surely not.

But as signals go, it beats the hell out of a suspended sentence.

It sends a much stronger message than we get from the image of a confessed NASA hacker who has the unmitigated gall to challenge an injunction to pay for damages he himself inflicted on US infrastructure.

Is $580,000 too high a claim for damages? Maybe, maybe not. That’s up to NASA to prove.

But the mere idea of challenging the damages after walking away, scott-free, without prison time?

Maybe it makes sense, but given the lenient sentence, it just smells like a bit of nerve.