Sophos Cloud Optix
Police in Romania believe that they may have apprehended the notorious hacker TinKode, who in the past has hacked into government and military websites, exposing their poor security.
The 20-year-old man, named as Razvan Manole Cernaianu, allegedly attacked Pentagon and NASA computer systems, revealed security holes, and published information about SQL injection vulnerabilities he had discovered.
The Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) has said in a statement that the alleged hacker also offered a computer program to hack into websites on his blog, and published a video showing internet attacks he had orchestrated against the US authorities.
TinKode’s targets were not just based in the United States, however. For instance, in November 2010, the British Royal Navy’s official website was compromised by the Romanian hacker, who claimed to have exposed the site’s passwords.
And last year, MySQL’s website was hit by – oh, the irony.. – an SQL injection attack.
Associated Press reports that the US Embassy in Bucharest claimed that Cernaianu, who is reportedly an IT student, “used sophisticated hacking tools to gain unauthorized access to government and commercial systems.”
That may be so, but in my estimation over the last few years TinKode’s motivation has been more about mischief-making than the more malicious attacks we often see, fueled by a desire for publicity via his active Twitter and Facebook accounts.
Perhaps now is a good time to remind everyone who thinks it’s cool or amusing to expose an organisation’s weak security that hacking into a site is still a crime, regardless of what your incentive may be.
DIICOT is said to have worked with the FBI and NASA on the investigation.
the security services should hunt them down, then use there skills them selves.
I think he should of stayed 'underground'.
should have.
This relationship between Romania and the US is producing quite a lot of action.
In the last 6 months they have detained and/or prosecuted Adrian-Tiberiu Oprea,Iulian Dolan, Cezar Iulian Butu, Florin Radu, Robert Butyka, and Victor Faur.
I don't think anyone has seen any prison time. Som e large fines were handed out though.
the incentive would be that they get jobs from major companies like google. These malicious people never get punished the way they really would if they were actually taken seriously as criminals.
"Perhaps now is a good time to remind everyone…"
Perhaps not. If you leave your door open and a guy enters your house and tells you – "hey, your door is open", is this a crime ?
If he steals or does some serious damage, than I guess it's a crime. But if he only did this to expose security flaws, than I think he should be released with a warning and given a proper job.
Either way you put it – it is a cool thing. It's even cooler because it's illegal.
There are countless movies and books in which 'hackers' are shown as god-like geniuses who either help save or destroy the world.
Any teenager would love to play that role in real life.
How about if the guy walks in, looks around, then goes back onto the street and shouts, 'Hey, everyone, there's nothing stopping anyone from robbing *this* place!'
How would you like someone walking in your house and getting your bank account information? They don't have to do anything with it. However, it causes you a lot of grief, time, money, and action to make sure that information is not accurate anymore.
Are you sure NASA worked on this investigation? It's a bit outside their brief. Perhaps you meant the NSA?
I think the implication is that NASA (who were one of the alleged victims of a hack, as we have previously reported) provided information which assisted with the investigation.
Sounds plausible to me.
As Mr.Cluley said its still a crime. Apparently some people still believe the whole "doing bad is easy". How about these computer intrusion experts use their talents for improvement in the industry rather than tainting their their profession. in my eyes they're noobs.
The technique used by him is very simple. He used automated scanners, like some from Backtrack and WebCruiser and Acunetix. Then he used tools like sqlmap, Havij, SQL Helper, sqlfuzzer.py and m4x. After this he tried to extract information.
In this same way millions and millions of credit card are stolen every year in all the world. He is a good boy, he could steal much and sell many information. He is a good guy.
Automatic scanners only superficially scans and not for specific information. backtrack and webcruiser basically only allow one to revisit a web site source. sqlmap and SQL Helper, comon, are you kidding? One would need to rewrite some of the SQL and have knowledge of the MySQL server on which they want to introduce the material. It would require quite a bit more than simple technique to introduce oneself into even a simple server security system.
I've chased and hunted down many Romanian "hackers". Many are not sophisticated, but think Romania is shielded from the authorities. The last guy I hunted down had 100% legit info on the WHOIS for his .in domain until finally after taking his domains, C&C servers down I started going after individual IP addresses who put pressure on his C&C hosting provider until the guy finally pulled the plug.
His name is "Poko" and all he does is remote file inclusions.
Romanians are geniuses ! TinKode free !